HLSS645Wk6
INTERMODAL MARITIME CONTAINER SECURITY: A MULTIFACTOR FRAMEWORK FOR ASSESSING ROUTING RISK
GARY A. GORDON, P.E., LT. COL., U.S. ARMY (RET.)
B.S. UNIVERSITY OF MASSACHUSETTS LOWELL (1971) M.S. UNIVERSITY OF MARYLAND (1977)
MBA UNIVERSITY OF MASSACHUSETTS LOWELL (1995)
SUBMITTED IN PARTIAL FULFILMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY
CIVIL AND ENVIRONMENTAL ENGINEERING UNIVERSITY OF MASSACHUSETTS LOWELL
BY
Signature o Author:
Signature of Dissertation Chair:
Name: Dr. Chronis Stamatiadis
Signature of Other Dissertation Committee Members
Committee Member Signature:_____________ O'
Name: Dr. Yuanchang Xie
Signature of Other Dissertation CommittefiJVIe^ib^xP^7
Committee Member Signature:_____ -----------------------------
Name: Dr. James H. Schreiner, Lieutenanx Colonel, U.S. Army
ProQuest Number: 11003890
All rights reserved
INFORMATION TO ALL USERS The quality of this reproduction is dependent upon the quality of the copy submitted.
In the unlikely event that the author did not send a com p le te manuscript and there are missing pages, these will be noted. Also, if material had to be removed,
a note will indicate the deletion.
uest ProQuest 11003890
Published by ProQuest LLC(2018). Copyright of the Dissertation is held by the Author.
All rights reserved. This work is protected against unauthorized copying under Title 17, United States C ode
Microform Edition © ProQuest LLC.
ProQuest LLC. 789 East Eisenhower Parkway
P.O. Box 1346 Ann Arbor, Ml 48106- 1346
INTERMODAL MARITIME CONTAINER SECURITY: A MULTIFACTOR FRAMEWORK FOR ASSESSING ROUTING RISK
BY
GARY A. GORDON, P.E., LT. COL., U.S. ARMY (RET.)
ABSTRACT OF A DISSERTATION SUBMITTED TO THE FACULTY OF THE DEPARTMENT OF CIVIL AND
ENVIRONMENTAL ENGINEERING IN PARTIAL FULFILLMENT OF THE REQUIRMENTS
FOR THE DEGREE OF DOCTOR OF PHILOSOPHY
CIVIL AND ENVIRONMENTAL ENGINEERING UNIVERSITY OF MASSACHUSETTS LOWELL
2018
Dissertation Chair: Chronis Stamatiadis, Ph.D.
Associate Professor, Department of Civil and Environmental Engineering
Committee Member: Yuanchang Xie, Ph.D., P.E.
Associate Professor, Department of Civil and Environmental Engineering
Committee Member: James H. Schreiner, Ph.D., Lieutenant Colonel, U.S. Army,
Academy Professor, Department of Systems Engineering, United States Military
Academy
ABSTRACT
Intermodal container maritime security is layered and is comprised of physical
security measures, vetting programs and processes, and regulations both domestic and
international. Inspecting all of the containers entering the U.S., which is an obvious
physical security measure, is virtually impossible according to the U.S. Customs and
Border Protection of DHS and other sources. Hence, the importance of a layered security
process. Also, and because of the many companies, facilities and countries involved, and
the interrelationships and dependencies of the three security measures and processes,
there are opportunities for smuggling, and error and compromise of what is shipped in the
containers.
Security measures employed are multipurpose focusing on interdicting the
smuggling of weapons of mass destruction (WMD) or components to make them, drugs
or other contraband. The latter two could be associated with funding terrorism in
addition to having other negative impacts on the U.S. and its people. Smuggling a WMD
into the U.S. or WMD components to be assembled in the U.S. could have far-reaching
effects, to include mass casualties and economic disruption. From the research conducted
herein, no one single security measure can prevent the intermodal maritime supply chain
from being compromised, whether by a WMD or other contraband, but a layered
approach could minimize if not eliminate the risk. Protecting the imported products that
may have the potential of being tampered with or perhaps even stolen is important.
To address this, a practitioner-focused, universal and simple risk assessment
framework should be considered that reflects the perspective of the intermodal maritime
container supply chain partners. The target audience is any partner in the supply chain
and government agencies both domestic and international. Research has shown that a
vast majority of the risk assessment models employed in the transportation industry,
regardless of mode, are data and resource intensive, theoretical and analytically driven.
One railroad model, the Federal Railroad Administration (FRA) required Rail Corridor
Risk Assessment Model (RCRMS) for hazardous material transportation, is so complex
and data intensive, the larger railroads are begrudgingly using it. The smaller railroads
can’t easily afford the cost associated with running it although mandated. An aviation
risk assessment model discussed in a RAND Corporation report is data intensive relying
on over 4,000 input variables.
When analysis takes over as the focus of a risk assessment model, it is time to
look for a framework or model that is not as theoretically and analytically focused. The
model should reflect the needs of industry to assess risk in a timely manner. Not using
the models because of their burdensome nature is a vulnerability that could weaken
security. Recognizing this, the framework developed herein is subjective in nature
relying on the intermodal maritime container supply chain and its “players” expertise and
experience using the principles of a U.S. Army CARVER targeting model to generate
route and segment priorities to be used in decision making. The subjective assessments
will generate numeric values to quantitatively present the risk involved so that a
comparative analysis can be made of routes or segments within the routes.
The U.S. Army CARVER model is focused on the target selection factors of
Criticality, Accessibility, Recuperability, Vulnerability, Effect and Recognizability;
hence the acronym CARVER. For each factor, there are conditions that allow the expert
user to subjectively assign values from 1 to 10 to determine target value. For this
research, the principles of CARVER are used to reflect the vulnerability of and risk
associated with the intermodal maritime supply chain. For the Maritime CARVER
framework, the factors were retooled from a targeting to a targeted perspective to reflect
what could compromise the security of the intermodal maritime supply chain. The
factors developed for the Maritime CARVER framework are Chain of custody, Approach
(to targeting), Routing, Vetting, Exposure and Regulatory. Because of the difference in
operations between the land and sea transportation modes, the Approach, Routing and
Exposure factors have separate conditions and tables for each to assess the values.
A test case employing an open source route with synthesized data was used to
develop the framework and look at the security of the supply chain from manufacturer,
through the land transportation to and through the ports, and at sea. From the framework
built in the test case, a case study for a German chemical manufacturer shipping from
Hamburg was developed on a non-attributed basis. From both “runs”, it was determined
that the highest risk was transiting the Panama Canal, but the risk for the segment from
the manufacturer and transportation to the port cannot be ignored. The sea voyage was
found to be comparatively safe, but constricted areas, such as canals and straits, offered
the potential for compromise heightening the risk. Areas of known threat, such as the
Strait of Malacca and off the coast of Somalia, also pose a risk.
It was further learned that shipping out of ports and in countries that employ
security measures in partnership with the U.S. or have measures that are similar to that of
the U.S. enhance the security and reduce the risk. The U.S. government and its many
agencies involved have extensive regulations that are the foundation of the processes and
physical security measures used to reduce risk. When coupled with that of international
maritime organizations, security is enhanced. But there is always the risk of an insider
threat and cyber attacks, especially given today’s events. This could result in the vetting
process being impacted, data being compromised and even vessel operations and tracking
being impacted. All of this contributes to the risk.
The framework developed herein is intended to be used by any party in the
intermodal maritime container supply chain, as well as government agencies, to quickly
assess routes, suppliers, shipping lines, ports, etc. This assessment, which is industry
expert driven, could be used to evaluate a route, route segment or port; respond to
recently developed intelligence, address the failure of a partner or container to be
properly vetted; or respond to a security incident at a port or in a given sea lane. This
would allow a supply chain partner to make appropriate changes. A future for the
framework could be to provide the intermodal maritime container supply chain partners
with a simple dashboard application to be used on PCs, tablets and iPads for easy use in
the field and at sea to provide a “field expedient” assessment and decision.
Key words; Intermodal maritime supply chain security, port and maritime security, practitioner-focused risk assessment, weapons o f mass destruction, contraband smuggling
ACKNQWLDEGEMENTS
I could not have completed this endeavor without the encouragement from,
support of, help from and understanding of many people.
Most importantly, I would like to thank my wife and best friend, Bobbie, for
inspiring and encouraging me to finish my doctorate and understanding my virtual
absences and inattentiveness to family time allowing me to “hole up” in my office to
research and write this dissertation.
I am indebted to my advisor, Professor Chronis Stamatiadis, Ph.D., University of
Massachusetts Lowell, for his understanding, support, guidance and encouragement,
which were instrumental in my completing my dissertation.
I would like to express my sincere gratitude to Professor Yuanchang Xie, Ph.D.,
University of Massachusetts Lowell, and Professor James H. Schreiner, Ph.D., Lieutenant
Colonel, U.S. Army, United States Military Academy, for the comments and guidance
they provided.
I greatly appreciate the support, encouragement and mentorship of my friend and
Distinguished Professor of Supply Chain Management Richard R. Young, Ph.D., The
Pennsylvania University Harrisburg, in all our writing and research collaborations and, in
particular, his encouragement during the preparation of this dissertation .
I would also like to express my appreciation to the following individuals: NCL
Captain Martin Holmqvist for his personal insight and perspective as a ship’s captain,
which helped shape my research focus; and Ms. Diane Luensmann, Senior Director,
v
Government and Strategic Communications, and Captain Barry Compagnoni U.S. Coast
Guard (Retired), Senior Director, Public Safety & Security, Port Canaveral for providing
a port operator’s perspective. Moreover, there were numerous industry executives
representing various facets of containerized maritime shipping, as well as the marine
casualty segment of the insurance industry. They provided me with an extensive
understanding of the relevant variables, as well as the numerous nuances that make the
topic of this research as complex as it is. By prior agreement promising non-attribution,
those individuals cannot be named here, but their contributions are most gratefully
appreciated and their impact clearly profound.
vi
TABLE OF CONTENTS
ABSTRACT..................................................................................................................................... i
ACKNOWLDEGEMENTS..........................................................................................................v
TABLE OF CONTENTS............................................................................................................vii
LIST OF TABLES......................................................................................................................... x
LIST OF FIGURES......................................................................................................................xi
I. INTRODUCTION..................................................................................................................... 1
1.1 RESEARCH OBJECTIVES........................................................................................ 3
1.2 ORGANIZATION OF DISSERTATION.................................................................. 6
II. BACKGROUND.................................................................................................................... 10
2.1 GLOBAL SUPPLY CHAIN SECURITY ............................................................... 11
2.2 THREATS, VULNERABILITES AND RISKS......................................................16
2.3 GLOBAL SUPPLY CHAIN SECURITY M EASURES....................................... 18
2.3.1 100% Screening....................................................................................................18
2.3.2 Physical Security....................................................................................................19
2.3.3 Regulatory and Procedural...................................................................................22
2.3.4 Regulatory and Operational................................................................................ 24
2.3.5 Cyber...................................................................................................................... 25
2.4 APPROACH...........................................................................................................27
III. LITERATURE REVIEW .....................................................................................................29
3.1 GOVERNMENT APPROACH TO RISK ASSESSM ENT................................. 30
3.2 RISK ASSESSMENT APPROACHES................................................................... 32
3.3 MARITIME APPLICATION OF THE CARVER M ODEL................................ 40
IV. INTERMODAL CONTAINER SUPPLY CHAIN......................................................... 43
4.1 FOREIGN LANDS IDE...............................................................................................44
4.2 WATERSIDE............................................................................................................... 46
4.3 U.S. LANDS IDE..........................................................................................................49
4.4 CONTAINER FLOW RISK FACTORS................................................................. 51
V. ASSESSMENT METHODOLOGY...................................................................................55
5.1 CARVER METHOD.........................................................................................................57
5.2 FORMULATION OF MARITIME RISK ASSESSMENT FRAMEWORK.... 59
5.2.1 Discussion of Model Factors...............................................................................59
5.3 MARITIME CARVER FRAMEWORK FACTORS.............................................. 63
5.3.1 Chain of Custody...................................................................................................63
5.3.2 Approach................................................................................................................. 64
5.3.3 Routing.................................................................................................................... 65
5.3.4 Vetting..................................................................................................................... 66
5.3.5 Exposure.................................................................................................................66
5.3.6 Regulatory...............................................................................................................67
5.4 MARITIME CARVER ASSESSMENT PROCESS................................................ 67
5.5 MARITIME CARVER FRAMEWORK SIMULATION.......................................70
5.5.1 Maritime CARVER Analysis Route Segm ents................................................71
5.5.2 Assumptions and Basis of Analysis....................................................................72
5.5.3 Maritime CARVER Analysis Framework “Run” .............................................74
VI. CASE STUDY....................................................................................................................... 81
6.1 INTRODUCTION..........................................................................................................81
6.2 SUPPLY CHAIN CHARACTERISTICS.................................................................. 82
6.3 ROUTE SEGM ENTS................................................................................................... 85
6.4 ASSUMPTIONS AND BASIS OF ANALYSIS......................................................87
6.5 MARITIME CARVER ANALYSIS...........................................................................89
6.5.1 Route Segment 1 - Frankfurt to Hamburg.........................................................89
6.5.2 Route Segment 2 - Hamburg to First U.S. Port (NY/NJ)............................... 90
6.5.3 Route Segment 3 - U.S. East Coast to Panama C anal.....................................91
6.5.4 Route Segment 4 - Transiting the Panama C anal............................................ 94
6.5.5 Route Segment 5 - Panama Canal to O akland.................................................95
6.6 DISCUSSION OF ANALYSIS.................................................................................. 97
VII. APPLICATION OF FRAMEWORK TO INDUSTRY...............................................103
7.1 ROUTE SELECTION................................................................................................. 104
7.2 PORT SELECTION.................................................................................................... 106
7.3 CHOOSING MANUFACTURERS, IMPORTERS/EXPORTERS AND FREIGHT FORWARDERS..................................................................................................107
7.4 POINT OF ORIGIN INLAND AND COASTAL MARITIME TRANSPORTATION........................................................................................................... 108
7.5 GOVENRMENT AND MARITIME COMMUNITY BENEFITS.....................109
7.6 BENEFIT OF “EASE OF USE” ............................................................................... 110
7.7 SECURITY VS. COST FOCUS............................................................................... 111
VIII. SUMMARY AND CONCLUSIONS............................................................................114
8.1 SUMMARY OF FINDINGS.....................................................................................114
8.2 CONCLUSIONS OF THE BENEFITS OF THE FRAM EW ORK.....................117
8.3 RECOMMENDATIONS AND WAY FORW ARD..............................................117
IX. REFERENCES.................................................................................................................... 121
APPENDIX A. GLOSSARY....................................................................................................126
APPENDIX B. INTERVIEW PROTOCOL FO R M ............................................................ 129
APPENDIX C. CASE STUDY INTERVIEW ......................................................................138
BIOGRAPHICAL SKETCH OF THE AUTHOR................................................................ 149
LIST OF TABLES
Table 2.1 Port Security R in g s ............................................................................................20
Table 4.1 Handling of Maritime Intermodal Containers Landside Foreign...............46
Table 4.2 Routing Considerations of Maritime Intermodal Containers at Sea.......... 49
Table 4.3 Handling of Maritime Intermodal Containers Landside Foreign U.S 50
Table 5-1 CARVER Matrix from FM 34-36, Appendix D ............................................58
Table 5-2 Chain of Custody Conditions and V alues.......................................................63
Table 5-3 Approach (to targeting) Conditions and V alues............................................64
Table 5-4 Approach (to targeting and monitoring) Conditions and V alues................ 64
Table 5-5 Routing Conditions and Values (ocean voyage)........................................... 65
Table 5-6 Routing Conditions and Values (surface transportation)............................. 65
Table 5-7 Vetting Conditions and V alues........................................................................ 66
Table 5-8 Exposure Conditions and Values (landside to/from and at p o rts ) ..............66
Table 5-9 Exposure Conditions and Values (at s e a ) .......................................................67
Table 5-10 Regulatory Conditions and V alues................................................................. 67
Table 5-11 CARVER Risk Matrix for Shanghai to H ouston ...........................................80
Table 6-1 Container Routing at O rig in ..............................................................................82
Table 6-2 Distance Tables from Manufacturer to P o r t................................................... 83
Table 6-3 U.S. Destination Ports and Inland D estinations.............................................84
Table 6-4 Maritime CARVER Risk Matrix for Frankfurt to Oakland R o u te .............97
LIST OF FIGURES
Figure 1.1 Illustrative Example of Key Points in the Global Supply C h ain ................ 1
Figure 2.1 Interactions Between Logistics, Transaction, and Oversight Layers of the
Supply C h ain .............................................................................................................................. 11
Figure 4.1 Intermodal Maritime Container Supply C h ain ............................................. 43
Figure 4.2 Intermodal Maritime Container Supply Chain (Foreign Landside) 44
Figure 4.3 Intermodal Maritime Container Supply Chain (W aterside)........................ 47
Figure 4.4 Intermodal Maritime Container Supply Chain (U.S. Landside)................ 50
Figure 5-1 Maritime CARVER Framework Process.........................................................68
Figure 5.2 Simulation Example Routing M a p .................................................................. 71
Figure 6-1 Origin Supply Chain Schem atic.......................................................................83
Figure 6.2 Map Depicting Ocean V oyage.........................................................................85
1
I. INTRODUCTION
The risk to U.S. ports and inward movement of intermodal maritime containers,
by rail or truck, is real. Although DHS is mandated to screen 100% of the inbound
containers from international origins [1], whether by land or sea, it is a challenge. There
are physical, regulatory and procedural security measures in place, but they must be
harmonized and integrated in order to be used effectively.
Manufacturers, exporters or freight forwarders, local transportation companies,
etc. are all components of and contribute to the potential risk involved enroute and at the
foreign port and in foreign waters. In order to understand the process, Figure 1.1, below,
is a graphical representation of the supply chain involved in the intermodal maritime
container flow. [2]
China United States
Local delivery • (U.S. importer) 0* .*Factory
W arehouse Local transport
( P Transport Rail container yard
Rail transport Unloading of vessel/ port of entry container yardVessel en route to the
United Slates. Consolidation facility
Port of origin container yard/ of vesselloading
Sourc*: GAO; Map Resources imap)
Figure 1.1 Illustrative Example of Key Points in the Global Supply Chain (GAO-12- 764, 2013)
2
Intermodal maritime container security starts with the supply chain to and at the
foreign port. The process then transitions through the ports to the sea lanes/ voyage and
finally when the ships await entry and, then, enter U.S. waters and ports, and unloads.
In transit, the risk would appear to be less, but there are locations and conditions
that could compromise a vessel and its cargo; an intermodal container in this case.
Examples include straits and canals, and areas of known piracy. Also and because of the
remoteness of some sea lanes, responding to an incident is difficult and tracking a
challenge. Finally and when entering U.S. waters, the many DHS and in particular U.S.
Coast Guard (USCG) and Customs and Border Protection (CBP) rules and regulations are
focused on minimizing, to the extent possible, the risk for this component of the supply
chain, but it still exists.
The container shipping industry is challenged by its inherent complexity; new
developments in technology, not the least of which are the jumbo container vessels now
making their appearance on the high seas; a tenuous landside labor situation; increased
congestion in the ports, in part because of the size of the new ships and security
measures; and evolving security threats.
The research and focus of this dissertation is restricted solely to containerized
shipping and the potential threats and vulnerabilities in the liner trades, and excludes
liquid and dry bulk shipping, cruise lines, and ferry services. This is because liquid (e.g.
petroleum products and chemicals) and dry bulk (e.g. grain and cement) are moved in
specific vessel types for the product; tankers and dry bulk carriers, respectively. Plus,
they normally represent only one supply chain. Cruise ships are not considered because
they do not carry cargo. Ferries, although they may transport a limited number containers
3
on chassis, the length of the voyage is relatively short, in territorial waters and close to
land. For example, the CAT, which operates between Portland, ME to Yarmouth, Nova
Scotia, is only 185 nautical/212 statutory miles in length.
Security threats to vessels stem from several origins; the principal ones being
landside and at sea routing, characteristics of the cargo, provisioning, and harbor and port
infrastructure characteristics. Containerships can vary in size from the relatively small
carrying only 500 TEUs (twenty-foot equivalent units)1 to the massive new vessels with
nearly 20,000 TEUs onboard, and, while scope does play a factor, the variables
associated with security threats share common ground.
1.1 RESEARCH OBJECTIVES
This research seeks to establish a simplified risk framework that can be used
easily and economically to analyze routes and route segments for the purpose of selecting
routes based on safety and security. While the primary target of the model would be
weapons of mass destruction (WMD), a value added would be the application of the
model to the smuggling of drugs and other contraband in intermodal maritime containers.
While maritime shipping does have some flexibility on the high seas, much of that
is lost when vessels need to maneuver within the limited confines of harbors, “pinch
points”, such as the Panama Canal, Straits of Hormuz, Malacca Straits, and how long the
vessel remains at anchorages. Hence, there are many variables that need to be grouped;
1 A 20-foot equivalent unit (TEU) is the measurement o f intermodal containers stowed in container ships. D im ensions are 20' long by 8 ’ tall by 8 ’ w ide.
4
each variable assigned a measureable value to determine the relative security risk of a
segment or route.
When looking at assessing risk, a method to evaluate it must be developed so that
it is inclusive of the major components comprising the risk, considers exceptions and
variances and is simple enough so that all stakeholders can develop the input variables
and run the model. The Federal Railroad Administration’s Rail Corridor Risk
Management System (RCRMS) was developed in accordance to 49 CFR 172.820 [3] to
evaluate routing alternatives for certain categories of hazmat to avoid populated areas, to
the extent possible, and reduce the risk of a major incident. But and initially RCRMS did
not fully consider the complexities and cost of the model, and routing alternatives. This
“handcuffed” the risk assessment process with, among other things, limited routing
options.
RCRMS was built based on the appendix to the regulation [4] and includes 27
factors to be considered in the analysis of the safety and security of the routing, and the
risk, thereof. These 27 factors were well thought out, as representative of the parameters
used in a railroad’s routing decision making process and were consolidated into clusters
of like components in a paper on hazmat routing risk analysis (Gordon & Young, 2016).
[5] The factors are comprised of components based on like characteristics; physical,
routing and operations, safety measures, regulatory and procedural measures, and threats
and vulnerabilities. This thought process appears to be compatible with the research
objectives being used herein to further the development of a risk assessment model for
intermodal maritime containers.
5
From lessons learned from RCRMS, it is the intent of this research to develop a
subjective framework that is user-friendly and easy to understand, not cumbersome to run
and is cost-effective to aid in the decision making process. While at sea, ships can
operate relatively without restriction so alternate routes are more available subject to port
capacity, ocean depth, canal operations and characteristics, channels and strait
characteristics, etc. These characteristics distinguish it from RCRMS. Further and a
benefit of pursuing a simplified maritime routing risk assessment, the sensitive security
information (SSI) [6] issues associated with the input variables and assessment outcome
of RCRMS is not, at this time, known to be SSI. This is in part because the input data
will be from open source information and documents, and rely on expertise in maritime
transportation.
This research will focus on the physical, technological, operational, procedural
and regulatory measures and processes used to minimize risk. The methods, facilities
and programs are briefly presented, as follows:
• Physical components of security that will address, among other things, fencing
and access control, lighting, technology, such as cameras and intrusion detection,
and waterside protective facilities and structures.
• Technological measures that include automated identifications systems (AIS),
navigation GPS, and harbor operations and control centers manual and cyber
systems.
• Regulatory Programs of the U.S. Department of Homeland Security (DHS) and
other U.S. Government organizations and programs, international conventions
6
and foreign governments. This includes host nation regulations and programs
being at par with and accepted by the U.S.
• Operational measures that involve land and waterside security elements, such as
the U.S. Coast Guard (USCG); host nation security elements similar to that of the
USCG; state, local or regional harbor patrols; and host nation harbor patrols. This
could include Navies and coast guards in international waters and in areas of
known threats and piracy (e.g. Strait of Malacca). [7]
• Programs that include risk assessment tools, such as the USCG’s Maritime
Security Risk Analysis Model (MSRAM) and International Port Security Program
(LPSP) or other risk assessment tools. This will also address similar programs
internationally that provide similar risk assessments and, thus, theoretically
minimize risk.
1.2 ORGANIZATION OF DISSERTATION
To fully address the research, the dissertation is organized into eight chapters.
The chapters and a brief description of them are presented in the paragraphs, below.
Chapter II - Background
This chapter will provide a background of the international supply chain and
transportation flow for maritime intermodal containers and the risk associated with
terrorism. It will focus on maritime intermodal containers originating outside the
Continental United States (OCONUS) destined to U.S. ports for inward movement. It
will look at, among other things, the evolving threats and vulnerabilities, regulatory
procedures, vetting of all parties involved in the supply chain, the port facilities, and in
7
transit maritime operations, to include points of constriction and overall transportation
flow.
Chapter III - Literature Review
This chapter will look at all scholarly papers and other writings and documents
that address, among other things, the threats, vulnerabilities and risks associated with the
supply chain, U.S. and host nation governmental and international regulations and
programs, industry risk standards, risk assessments that have been conducted, to include
subjective and objective methods, and known events and threats. Academic institution
papers, industry standards and government regulations, reports and studies will be
researched, as well as practitioner and industry expert research on maritime risk.
Chapter IV - Transportation and Container Supply Chain Characteristics
This chapter will describe the supply chain for intermodal containers in maritime
transportation from factory to foreign port, in transit and to and into U.S. ports. It will
also relate the information obtained in Chapters II and III to the supply chain, to include
U.S. and foreign government regulations on vetting and inspections, physical security
measures in ports, in-transit operational security measures, technology and aids to
navigation to track shipments and “pinch points”. It will also look at threats and
vulnerabilities given, among other things, operations and industry in the ports, adjacent
land use and population, places of iconic value and known threats,
Chapter V - Assessment Methodology
This chapter will develop the risk assessment methodology, based upon the
research of assessment methodologies in Chapter III. It will address the risks associated
with the links and nodes involved in the supply chain. Involved are the route segments
8
from foreign manufacturer to foreign port, at sea, and to the U.S. port and inland to its
(container) final destination, the latter to a lesser degree. This will allow the user of the
assessment model to look at individual segments of the supply chain, particularly when
there are threats and vulnerabilities affecting only a specific segment or location. A
composite risk will be determined based on the individual segments so that a user can
evaluate the entire supply chain/route when comparing them to others.
An example using synthesized data that is representative of an actual route will be
developed in this chapter. Note that, although the RCRMS model was the initial model
considered for adaptation, the U.S. Army’s CARVER model will be used to develop the
maritime risk assessment framework herein. This model will then, in Chapter VI, be
validated using actual shipping, routing and shipment data.
Chapter VI -Case Study Analysis
This chapter will be to perform a case study to validate the assessment framework
developed in Chapter V. The case study will reflect an intermodal maritime supply chain
using an actual route from an OCONUS manufacturer to U.S. port. Its results will be
compared to the framework developed in Chapter V for consistency and validation.
Chapter VII - Application of the Model to Industry
This chapter will look at the comparative risks in the maritime intermodal
container supply chain and how it could be used by governments and industry to:
minimize the risk of a given route; alter routes; advance technology-based solutions; and
improve vetting and inspection procedures. This will include and address current and
evolving threats and vulnerabilities, and applicability, viability and relevance given them.
9
Chapter VIII - Summary and Conclusions
This chapter will summarize the results obtained in the research and framework
construction, and applicability, viability and relevance to governments and industry in
assessing and minimizing the risk of a compromised intermodal maritime container
entering the U.S. This chapter will also look at the research and lessons learned and
provide a way forward in combatting the risk associated with intermodal maritime
containers being used to transport WMDs or other contraband. It will look at regulatory
and procedural, operational, technological and human measures of assessing and
minimizing risk.
10
II. BACKGROUND
According to a Government Accountability Office (GAO) report, “ ...ports are
critical gateways for the movement of commerce through the global supply chain.” [2]
How we protect the handling of maritime intermodal containers through the entire supply
chain is important to ensure what is received on U.S. shores has not been compromised.
Further, the U.S. Customs and Border Protection (CBP) reported that about 11.5 million
containers arrived in the U.S. from over 650 foreign ports in fiscal year (FY) 2012
equating to over 31,000 containers every day. Of the 650 foreign ports, there are 61 that
CBP coordinates with regarding maritime intermodal container examinations. The
number of container shipments flowing through the 61 ports represents about 88% of the
11,500 U.S. bound container shipments annually.
This research excludes the repositioning of empty containers, although they pose
a potential risk because 1) they are relatively small in number and 2) of the imbalance of
trade. This is evidenced by approximately 20,000,000 loaded TEUs imported and
12,000,000 loaded TEUs exported in 2015. [8] The approximate difference of 8,000,000
containers is either held in storage, repositioned or shipped back to its origin empty.
With such volumes and the vulnerability of exploitation, the intermodal maritime
containers and the facilities and infrastructure through which they pass, and the ships on
which they are moved must be protected. Doing so is difficult because “chain of
custody” and the “hand-off’ of containers are the responsibility of many agencies,
governments and organizations. This handling and re-handling provides an opportunity
for compromise; a potential security breach. The risk of hand-offs and chain of custody
11
is not a new concept. The Transportation Security Administration (TSA) in its rail
transportation security regulation [9] addressed this issue in 2008 for the transportation of
certain categories of hazmat by rail.
2.1 GLOBAL SUPPLY CHAIN SECURITY
While efficiency of the intermodal container supply chain is often viewed as in
conflict with security, Rand Corporation, in a 2004 report, concluded that efficiency and
security are distinct, but interconnected, and that public and private initiatives to improve
security focus on deterrence and prevention. [10] This is based on the concept that the
supply chain is viewed as having three interdependent systems: physical logistics,
transaction-based and oversight with subsystem layers of logistics, transaction and
regulatory. Figure 2.1 from the Rand report is a graphic representation of the layers and
interactions in the container supply chain.
FTCO v e r s i g h t l a y e r IMO WCO
USCGCBP
f o r e i g n s u p p l i e rT r a n s a c t i o n la y e r
NVOCC
C o n s o l i d a t o r I m p o r t - e x p o r t b a n k F o r e i g n s u p p l i e rC u s t o m e r
C u s t o m e r s v e h i c l e
' r u c k
U S p o r t F o r e i g n p o r tRail c a r r i e r
O v e r s i g h t o r r e g u l a t o r y r e l a t i o n s h i p
C o n t r a i t u a l r e l a t i o n s h i p
P hy s ic a l r e l a t i o n s h i p
Figure 2.1 Interactions Between Logistics, Transactions, and Oversight Layers of the Supply Chain (Figure 5.1, Rand, 2014)
12
The Rand report suggests that improving security, while maintaining efficiency,
should consider: public sector support of supply chain resilience, addressing
vulnerabilities along supply chain links and new technology supporting low cost, high
volume remote sensing and scanning. This is consistent, in principle, with the findings in
a U.S. Defense Threat Reduction Agency (DTRA) study published in a Journal of
Transportation Security (JTS) article on limiting the flow of weapons systems and their
components in maritime transport. [11]
As discussed in the 2004 Rand report, supply chain security takes on a layered
approach. When looking at the maritime conveyance of weapons and their components,
the DTRA study looked at the physical, informational and financial flows associated with
the supply chain. The report identified that monitoring and regulating the exporting of
dual-use items that could be used as WMDs or their components (e.g. cell phone as a
detonator) poses a problem to international trade. [12] This problem is not exclusive to
the U.S. The solution to this involves international cooperation and multinational
agreements (e.g. Wassenaar Agreement between members of the European Union (EU)
that identifies nations, entities, items and a combination thereof that addresses the
problem. The U.S., after 9/11, promulgated the Proliferation Security Initiative (PSI) to
limit the trade of dual-use items and establish bi- and multilateral agreements to address
interdiction. This is in addition to CBP and other initiatives and programs, such as CBP’s
Customs - Trade Partnership Against Terrorism (C-TPAT) and Cargo Security Initiative
(CSI). The solution includes the creation of public private partnerships to address the
risk, vetting and enforcement of the supply chain.
13
According to GAO Report 13-764, [2] there are no known incidents of intermodal
maritime containers being used to transport weapons of mass destruction (WMD). But
and because intermodal maritime containers are potential conveyances for illegal
purposes and criminal activity, the potential exists that they could be used for terror
purposes. Figure 1.1 in Chapter I presents a simple graphic that provides an
understanding of the process and complexities of the global supply chain and potential
issues that could arise.
Although the GAO indicated that there were no known incidents of intermodal
containers transporting WMDs, the DTRA, on the other hand, believes the risk is real. In
the JTS article, the number of participants in the supply chain and the complexities of the
supply chain flow (physical, informational and financial) contribute to the risk involved
in maritime transport. [11] The DTRA further concluded that limiting the maritime
transportation of weapons and their components is a difficult and complex undertaking
requiring a coordinated and cooperative approach among all parties. This includes
industry organizations, such as the American Association of Exporters and Importers. A
public-private partnership approach is encouraged by the DTRA.
Admiral Sir Johnathan Band", in a keynote address at the Royal United Services
Institute (RUSI) Transport Security Conference in 2002, spoke of the need to police the
oceans and seas to deprive state-sponsored and geopolitical enemies of their use (oceans
and seas) for criminal or terrorist purposes. [13] Admiral Sir Band cited the tension
between security and global trade, the need for cooperation, shared responsibilities and
need to eliminate communication stovepipes as challenges to maritime security. He
2 Admiral Sir Jonathan Band is a former First Sea Lord (equivalent to the U .S. C h ief o f Naval Operations) for the British Royal N avy.
14
further stated that seaport security is a . .poor relation to airport security.” His vision
for effective maritime security is an awareness of the commercial sensitives and an
overall strategy of multinational cooperation via a diplomatic, economic, intelligence,
law enforcement and military partnership. Further, NATO would have a greater role in
maritime security looking beyond its traditional defensive role.
When looking at the risk of WMDs, it is typically thought of by the general public
to be either nuclear or radiological, but should also include biological or chemical
devices. The dilemma is that, although there are no known cases where WMDs have
used intermodal maritime containers to enter the U.S., what about the materials to make a
WMD being transported in separate containers? Introduced in transit? Or at the ports?
The process of inspecting intermodal maritime containers before they depart on
their journey to the U.S. is part of DHS’s layered approach to maritime security. The
process is both physical and process-oriented and includes domain awareness, securing
U.S. ports and protecting the supply chain. GAO addresses these issues in report 14-
636T to Congress on the challenges with selected port security programs. [14] In the
report, it was determined that DHS programs for protecting the supply chain have had
varying degrees of success. It looked at, among other things, CBP’s Automated
Targeting System (ATS), Cargo Security Initiative (CSI) and Customs Trade Partnership
Against Terrorism (C-TPAT) programs; National Nuclear Security Administration
(NNSA) Megaports Initiative3; USCG’s International Port Security Program (IPSP); and
the combined CBP and USCG Mutual Recognition Agreement (MRA) program4, as ways
to secure the international supply chain. A key finding in the report was that the
3 Program that funds the installation o f radiation detection equipm ent in foreign seaports 4 An agreem ent with the U .S . and foreign partners regarding security practices o f one being recognized by the other.
15
imposition of security measures must be balanced with the supply chain’s need for an
unimpeded flow of commerce to efficiently move goods.
In another GAO report (15-94), it was determined that between 2009 and 2013,
less than 1% of maritime shipments were identified as high risk containers. [15] This can
be attributed to CBP’s inconsistent application of the criteria that determines the level of
vetting and proper handling of the cargo - a maritime intermodal container in this case.
The report concluded that, in the absence of 100% screening of U.S. bound containers at
foreign ports, meeting the intent of the underlying objective of 100% screening be met
by, among other things, refining and enhancing CBP’s layered security strategy.
With the 100% screening requirement for containers destined to the U.S. (SAFE
Ports Act of 2006) being delayed, DHS is looking at “outside the box” solutions to
complement technological solutions and regulation changes to allow more containers to
be scanned overseas. [16] This approach is, for the most part, due to DHS waiving the
100% screening requirement a third time to May 2018. In an article in the American
Supplier the reasoning for waiving the 100% screening requirement is multifaceted, to
include cost, funding, technology, logistics, supply chain inefficiencies, and buy-in and
implementation (of screening measures) by foreign governments. [17] The article further
states that a drawback to 100% screening is the transshipment of container traffic, which
increases the number of times a container is handled and limits the ability to be properly
screened. As of the date of the article, less than 4% of the containers entering the U.S.
were screened, of which only 1% were screened overseas. This makes a layered
approach to security that much more important.
16
The Congressional Budget Office (CBO) has stated that it would take $22 billion
to 100% screen containers overseas, which doesn’t include foreign nations wanting
reciprocity on U.S. exported goods. [18] DHS’s Secure Freight Initiative (SFI), which
deploys a combination of technology and nuclear detection devices to foreign ports as
part of the SAFE Ports Act of 2006 layered security strategy, addresses the inability to
100% screen. Phase I of this initiative only incudes 6 foreign ports. [19]
Straits and canals pose a threat to intermodal maritime container supply chain
risk. Although these are perceived as potential interdiction areas and vulnerable to
attack, they are good areas for detection. The threat is because they are densely
trafficked areas, but generally offer a greater presence of U.S., NATO, host nation Navies
and Coast Guards, and other law enforcement. [20] Security is administered in the same
manner as being underway (e.g. vessel security plan - VSP), but there is always the
concern of an insider threat. In areas of known piracy, many vessels now carry security
teams with costs absorbed by vessel owner. Vessels having security teams onboard
came to light after the Maersk Alabama incident in 2009.
2.2 THREATS, VULNERABILITES AND RISKS
In the past, threats to maritime operations and ports have usually come from
countries by traditional means. The Japanese attack on Pearl Harbor is an obvious
example. In recent history, an asymmetric threat has arisen from smaller nations with
inferior militaries and terror groups, such as A1 Qaeda and ISIS. An asymmetric threat
involves a weapon, tactic or strategy that 1) a state or non-state enemy would use against
the U.S., 2) the U.S. would not use and 3), if not countered, could have serious
17
consequences. [21] Since these entities cannot effectively engage a more superior
military in the conventional sense, they would target, in addition to ports, the supply
chain, straits and canals, and ships at anchor. Iran’s threats to close the Straits of Hormuz
and the small boat attack on the USS Cole in 2000 are examples of asymmetrical threats.
[22]
When assessing the risk to the intermodal maritime container industry, the threat
most likely to be encountered is an asymmetrical threat. This includes the disruption of
port operations and the in-transit transportation to and from the ports with the intent of
impacting a nation’s or global economy. This can be taken a step further by introducing
weapons of mass destruction or material to construct one at the foreign manufacturing
facility or in-transit to the port. This could be accomplished by an insider at the
manufacturing facility and during any phase of the supply chain, especially when the ship
is stopped or moving slowly while transiting a canal or constrained area, such as a strait.
When discussing maritime intermodal container security with senior U.S. port
officials, it was determined that the biggest risk in the supply chain is with the foreign
manufacturer loading operations, and the bonding and sealing of the intermodal
containers. [20] It is considered the hardest phase/segment of the process to regulate and
monitor what is being shipped, and to intercept “contraband”; WMDs in this case.
This is consistent with a well-known industry axiom; “cargo at rest is cargo at
risk”. Intermodal containers loaded onto trucks or rail cars or a combination of the two,
offer opportunities where the shipment would be in a static state and vulnerable. It is not
uncommon for a string of rail cars to be sitting on sidetracks awaiting entry into a port.
18
2.3 GLOBAL SUPPLY CHAIN SECURITY MEASURES
Security measures employed are, as introduced in Chapter I, physical, operational
and procedural, and include the entire supply chain from manufacturing facility in a
foreign country to the U.S. port. This includes cyber security, whose measures are
relatively new when considering other maritime safety and security measures. Successful
security is a combination of the physical, procedural and operational measures, and is
layered. Also note that the security measures have an added value in aiding in the safety
measures employed in the port, as well as deterring smuggling.
2.3.1 100% Screening
The 2007 Implementing Recommendations of the 9/11 Commission Act required
that 100% of maritime cargo entering the U.S. be screened by 2012. [23] Recognizing
that 100% screening was costly and cumbersome, an alternate approach is continually
being considered. This approach includes a risk-based method of cargo “screening”, to
include CSI, C-TPAT and an expansion of the PSI5. It was further determined that the
technology and infrastructure level to fully scan 100% of the maritime cargo was there,
but not to the scale needed.
The Congressional Budget Office (CBO) recognized that there are challenges to
scanning and imaging all U.S. bound containers. The challenges include cost, disruption
of the supply chain and refusal of host countries to comply. [24] Further, the CBO
recognized that the first and second challenges could be addressed, but the third must be
addressed, as host nations could require scanning and imaging U.S. exports to the same
degree. Two options were identified. One is scanning and imaging 100% of the
5 A voluntary international initiative to stop the m ovem ent o f W M D s, com ponent materials and delivery system s w ithout jeopardizing U .S. sovereignty.
19
containers at the 453 ports shipping to the U.S., which would be too costly and require an
increase of CBP’s budget by up to 25%. The second option would be to focus screening
of the 121 foreign ports that handle 97% of the containers destined to the U.S. The
remaining 3% of the containers from the other ports would have to be routed through the
121 ports to be screened. This could reduce costs over the first option by about 60%.
Recognizing that 100% screening is unfeasible, DHS should look at solutions that
do not hamper the supply chain. [23] The Heritage Foundation article recommends that a
combination of procedural security measures, in conjunction with the screening to date,
be implemented in lieu of 100% screening. This includes enhancing CSI, C-TPAT and
PSI, reevaluating the feasibility of the 100% screening requirement and international
partnerships, especially where foreign ports maintain security measures comparable to
that of the U.S. The screening measures can be human via physical inspection or
technological, such as VACIS (CBP’s vehicle and cargo inspection system) and radiation
portal monitors, or a combination thereof.
2.3.2 Physical Security
Physical security at ports is layered and divided into concentric security rings that
interact physically and operationally to protect and restrict access to assets within the
port. [25] Typically, major ports use a 5 ring system that includes the following:
20
Table 2.1 - Port Security Rings
Security Ring Components of the Ring External security ring Coordination with intelligence and law
enforcement operations both inside and outside of the port perimeter (or MTSA area6)
Perimeter security ring Physical security measures, such as fencing and gates to provide access control, intrusion detection, lighting, waterside security measures and control areas for drug, explosives and WMD detection. Procedurally, it includes access control policies and procedures, vetting and badging
Inner security ring Port’s MTSA area and includes security patrols and a 24/7 operations center, where human (patrols) and technological (e.g. CCTV and cyber) security measures are monitored
Site and asset-specific security ring(s)
Protection of specific buildings or critical assets, such as power substations, IT systems, communications buildings and administrative building holding sensitive information
Vessel security ring Independent of and in addition to the port’s security measures. Involves searching items on and to be loaded on the ship for malicious or illegal intent, waterside security and conducting arrival and departure inspections.
By dividing the port areas into concentric security rings, access can be more
progressive and restrictive as access to interior rings would require a greater level of
vetting and protection. For example, a trucking company salesperson would only require
access to the port office, which would likely be within the perimeter security ring, while a
truck driver carrying a container to a ship would likely need access to a site-specific
security ring to offload the container for loading onto a ship.
To expand upon the above information, the physical components of security are
also focused on preventing access to the port, protecting and hardening the landside and
6 Area o f the port defined and regulated by the M aritim e Transportation Security A ct o f 2002 , PL 107-295 , 2002
21
waterside facilities to withstand an attack (e.g. IED), and observing and detecting
intrusions from both the land and water. In today’s environment, drones, as with
railroads, are used for security and surveillance purposes, but could also be used in an
attack mode.
Closed circuit television (CCTV), which is a staple of physical security measures
employed, is most effective when it is monitored so that an intrusion can be seen in “real
time” and recorded to aid in investigations and legal procedures. Lighting is important to
the effective use of CCTV. To compensate for less than desirable lighting, motion
sensing and alarmed systems to detect intrusion and activate the cameras are used.
Infrared cameras are also effective when lighting levels are low in a port.
Not always thought of, but x-ray machines and radiation detectors are
technological enhancements that allow the screening of containers as they enter or exit a
port. CBP uses its VACIS to x-ray the containers and are either fixed portals at port entry
and exit points or truck mounted and portable. Radiation portal monitors (RPM) and
detectors are also used by CBP. In 2016, RPMs were used at the top 26 sea ports of
entry. [26]
Waterside security measures are much like that for the landside except that they
cannot be fenced or gated. They include CCTV, intrusion detection and patrols. The
latter is often by the USCG, local marine police and security, and private security. Divers
are also used to inspect the underside of vessels for sabotage, smuggling, etc. Waterside
intrusion has more of a potential of becoming an issue when a port handles cruise and
cargo ships. For example and in the Port of Boston, which is the busiest container port
in New England, the cruise terminal berth is approximately 500’ across the channel from
22
the container ship berth at Conley Terminal, which handles approximately 600 containers
a day.
Infrastructure protection and hardening and system redundancy are also
important. Although layered security is intended to keep the “bad actors” out, nothing is
100% effective. By identifying the critical infrastructure in the port, physical measures to
protect and harden the infrastructure may be necessary. This issue is one of the reasons
DHS has developed a list of critical infrastructure vital to the U.S. and its economy, and
the USCG has developed and implemented Maritime Security Risk Assessment Model
(MSRAM) to mitigate the risk in U.S. ports and waterways, and prioritize resources for
port security operations.
Physical security components are costly. DHS, through the U.S. Coast Guard,
administers the Port Security Grant Program to assist ports, government agencies and
industries operating in ports develop and fund security improvements. This helps
enhance the security posture in and around the port. A condition of the PSGP is the
requirement for an Area Maritime Security Plan (ASMP) and Area Maritime Security
Committee (AMSC) to manage security in the port area.
2.3.3 Regulatory and Procedural
Regulatory and procedural security measures include vetting personnel and
companies, and criteria for cargo targeting and inspection involved in the security of the
supply chain. This process commences with the manufacturer and exporter, continues
through the ground transportation system and into the port, where the container is loaded
onto the vessel for onward movement to the U.S. port. These processes are regulatory in
nature, such as those of the U.S. Department of Homeland Security (DHS) and other U.S.
23
Government agencies, as well as the international community and host nations. There are
many U.S. and international regulatory and procedural security measures and programs.
They include, but are not limited to:
• CBP’s Cargo Security Initiative (CSI)
• CBP’s Customs Trade Partnership Against Terrorism (C-TPAT)
• DHS’s Secure Freight Initiative (SFI)
• Proliferation Security Initiative (PSI)
• Transportation Worker Identification Credential (TWIC)
• USCG Maritime Security Risk Management Model (MSRAM)
• USCG International Port Security Program (IPSP)
• International Maritime Organization’s (IMO) International Ship and Port Facility
Security (ISPS) Code7
The host nation programs must be acceptable and must adhere to the requirement
of U.S. and/or international maritime security standards. The programs are many and
diverse and will not be discussed herein. However, the level of oversight of the U.S.
government in foreign ports and comparison of the foreign nation’s programs to that of
the U.S. will be considered as part of the framework to be developed.
Programs that include risk assessment tools, such as the USCG’s MSRAM or
other risk assessment tools and models are beneficial. This will also address similar
programs globally, such as with the European Union (EU), and in Australia, New
Zealand, China and Japan that provide similar risk assessments and, thus, theoretically
7 The ISPS C ode ensures that vessels and port facilities o f IMO member states im plem ent security standards that 1) contain detailed security-related requirements for governm ents, port authorities and shipping com panies and 2) guidelines on how to meet those requirements.
24
minimize risk. [2] Chapter III, Literature Search, will discuss risk assessment
methodologies that address maritime risk.
2.3.4 Regulatory and Operational
Operations that involve land and water-side security elements, such as the U.S.
Coast Guard, host nation security elements similar to that of the USCG, state, local or
regional harbor patrols and host nation harbor patrols, are regulatory in nature. This
could include Navies in international waters and in areas of known threats and piracy.
[27]
A port’s MARSEC (maritime security) level sets security measures or protocols
as the threat increases and generally impacts access to the port, inspection and scrutiny.
Operationally, CBP’s 24-hour and the USCG’s 96-hour notice of arrival (NOA) rules will
determine the conditions for loading and unloading of the ships, respectively. AIS is
used to monitor and track ships at sea as to, among other things, the ship’s identification,
and its position, course and speed - much like an airplane’s “black box”. [28] The IMO’s
Safety of Life at Sea (SOLAS) requires ships to have AISs on international voyages,
which heightens the visibility of the vessel.
Partnerships among nations, companies and organizations have been described as
the most effective manner in which maritime security can be maintained. The
International Maritime Organization (IMO), and in particular its SOLAS/ISPS Code, is
but one of the many organizations that promote safety and security at sea. Also for
Malaysia, which is one of the 9 Straits of Malacca littoral states, the Malaysian Maritime
Enforcement Agency (MMEA) is that country’s coast guard. It is tasked to provide
safety of vessels. Another partnership in the region is the Malacca Straits Coordinated
25
Patrol (MALSINDO). It was created in 2004 by Malaysia, Singapore and Indonesia to
suppress piracy within each state’s territorial seas. [7]
A geographically focused example of cooperation among governments is the
Regional Cooperation Agreement on Combating Piracy and Armed Robbery against
Ships in Asia (ReCAAP). Established in 2006, it is a regional government-to-
government agreement to promote and enhance cooperation to combat piracy and
robbery against ships in Asia. It consists of 20 countries, to include the U.S. ReCAAP
established an Information Sharing Center (ReCAAP ISC) for the purpose of information
sharing, capacity building to strengthen its network of information sharing and
cooperative arrangements to promote cooperation to share information and best practices.
[28]
From the discussion herein, regulatory and procedural security measures are
essentially the same and intertwined. You will note that some initiatives and programs
are addressed as both procedural and regulatory. For the purpose of this research,
procedural will involve vetting companies, people and cargo and regulatory will address
the ship’s operations.
2.3.5 Cyber
In addition to the “traditional” methods of compromising maritime and port
security, cyber attacks have become an increasingly probable method of compromise.
This includes the navigation and tracking of ships, port operations, vetting and tracking
containers and their cargo; the latter two being major security methods of mitigating risk.
The “NotPetya” cyber attack of the Maersk Group in 2017 was considered a watershed
event making the maritime transportation industry know that it is real. [29] The article
26
also concluded that cyber attacks must be taken seriously, cyber defenses must be able to
deal with the creativity of the hackers and that automating or innovating processes further
the exposure.
Operationally, cyber attacks could interrupt navigation and tracking ships at sea
by hacking into the automated identification system (AIS) and navigation GPS.
Physically, CCTV could be hacked to shut the system down or provide false indications.
Access control could be compromised. Procedurally and for C-TPAT, as an example,
hacking pre-vetting of the stakeholders of the international supply chain, to include
transportation carriers and manufacturers, to render false approvals could occur. Just
think of how the rest of the regulatory and procedural security measures employed in the
intermodal maritime supply chain could be compromised.
When looking at navigation and cyber threats, hacking or jamming the global
navigation satellite systems (GNSS) could impact operations in ports and navigation in
constricted waterways. [30] GNSS is the interoperability and compatibility among
satellite navigation systems, such as modernized GPS. [31] This creates a problem, as
these threats move rapidly making it difficult to trace intrusions and, if state sponsored,
could use spoofing to affect navigation at sea. All of this could “mask” the true location
and speed of a ship.
Cyber security is a complex problem, in part because it involves the public and
private sector. [32] The private sector stakeholders look at the investment involved, and
current security measures are focused on the physical. Going forward, solutions should
focus on investing in cyber security, protecting infrastructure, especially that which is
cyber focused, prioritizing risk and reducing cyber vulnerabilities. Being invisible to the
27
casual observer, cyber vulnerabilities are a challenge. [33] This is true for the vessel and
facility operators. Assessing risk will involve determining the systems that are cyber
system dependent, vital to operations, interconnectedness of the systems and
consequences of an exploitation. Aboard ship, cyber system standards should be
developed and implemented to reflect the environment in which they operate.
Recent developments in intermodal container maritime container tracking are a
deeper investment in tracking technology by two of the three largest international
container lines. [34] This will be accomplished by providing more real-time information
to allow greater visibility in-transit over the current electronic data interchange and other
methods with greater reliability.
2.4 APPROACH
The information in this section is a description of the issues associated with the
intermodal maritime container supply chain, threats and vulnerabilities, and security
measures. The analysis and framework to be developed will subjectively look at the
presence or absence of security measures and exposure to threat and, ultimately,
minimizing the risk of a WMD being smuggled into the U.S. It will not look at what
should be done physically, procedurally and with regard to regulations to improve
security. The risk components and assessment model, which will be developed in
Chapter V, are intended to be used by stakeholders in route selection in whole or in part.
Although not a separate component, the all-encompassing cyber threat will be
subjectively factored in the components in the framework.
28
A value added will be the possible use of the framework to monitor and manage
drug smuggling and other criminal, non-terrorist activities.
29
III. LITERATURE REVIEW
From the information in Chapter II, it has been determined that there is no single
solution when it comes to determining the risk of maritime transportation in the ports, at
sea and in the intermodal container supply chain from the manufacturer to the sea port of
departure (SPOD). In addition to getting a handle on the security programs and measures
in place and threats and vulnerabilities, how the risk of compromising maritime
intermodal containers is assessed must be determined. This section will look at risk
assessment approaches, frameworks, etc. that are focused on maritime intermodal
containers, maritime security risk assessment methods in general and other risk
assessment methods that could be adapted to the risk associated with maritime intermodal
containers. The risk assessment process will also be looked at in general to understand
the penchants of the industry and academia with regard to quantitative and qualitative
methods.
As stated previously, the Rail Corridor Risk Management System (RCRMS) was
considered for adaptation for this research. However and from many discussions with
railroad and industry experts and practitioners over several years on a non-attributed
basis, RCRMS was found to be so complex and data intensive, the large and small
railroads were begrudgingly using it and looking for alternatives. As with RCRMS,
available risk assessment methods can be either costly, cumbersome to operate or both.
As stated previously, the purpose of this endeavor is to develop a risk assessment method
that is easy to use and understand, thereby providing timely results, and does not
consume extensive resources to conduct. The following sections will look at some of the
30
government and industry risk assessment methods and independent research. The review
will be primarily on the applicability and mechanics of the models, what they consider
and, ultimately, how they would affect end-to-end supply chain security, to include from
manufacturer to foreign ports, at sea and at U.S. ports to the ultimate user.
3.1 GOVERNMENT APPROACH TO RISK ASSESSMENT
The Government Accountability Office (GAO) in its report on supply chain
security and assessing the risk from foreign ports has indicated that CBP and the USCG
have models that address risk at foreign ports and of the cargo carried on the ships. [2] In
this process, the USCG model provides for operating decisions for its International Port
Security Program (IPSP). CBP developed a model to further its 100% scanning
requirement, but the model was not implemented. This creates doubt with regard to the
viability of some Container Security Initiative (CSI) ports abroad.
For U.S. ports, the USCG’s Maritime Security Risk Assessment Method
(MSRAM) enables the USCG and maritime stakeholders to perform scenario-based risk
assessments to support risk management involving critical infrastructure and key
resources (CI/KR) in and around port areas and facilities. MSRAM utilizes a
combination of target and attack modes in terms of threats, vulnerabilities and
consequences, and measures the risk from a local, national and international level. In
addition to the traditional methods (e.g. landside and waterside) the attack modes
considered include cyber threats. [35] The benefit of MSRAM in this research is the
relative surety of the physical security measures in place at U.S. ports and foreign ports
where similar risk assessment models are used and verified. A disadvantage of MSRAM
31
and its availability to industry is that the assessment results are classified. The concept of
MSRAM is an adjunct to the USCG International Port Security Program that assesses the
security of foreign ports.
DHS has an overall approach to assessing risk. Risk analysis is more developed
in the insurance and financial industries and less in homeland security. This is, in part,
because of the dynamic nature of terrorism and lack of a historical database for terror
attacks. Therefore and through 2007, the risk analysis methods have been primarily
probabilistic assessments relying, in part, on intelligence. [36] DHS recognizes that
terrorism risk analysis and assessments do not exist in a vacuum, but rather it looks at
mitigation measures to “buy down” risk. DHS looks at this process as part of the
Homeland Security Grant Program (HSGP) to understand the return on investment (ROI)
of investments in security, make the risk allocation process transparent and develop a
long term strategy for assessing, mitigating and managing risk. The methodology is
general in nature focused on funding and phased to reflect the level of funding, and built
g
upon the widely accepted risk equation R = T x V x C.
The U.S. Army’s CARVER targeting method was developed for and used by U.S.
Army Special Forces during the Vietnam War for mission planning and validation, and
target analysis and selection. [37] CARVER is an acronym for Criticality, Accessibility,
Recuperability, Vulnerability, Effect and Recognizability, which are the factors in target
selection in the analysis. It is a subjective analysis that utilizes a range of values from 1
to 10 to determine effectiveness.
This method of analysis has been adapted for civilian and government use and the
protection of assets, and determination of vulnerability. For example, the U.S.
8 R = Risk, T = Threat, V = Vulnerability and C = C onsequence.
32
Department of Agricultures (USDA) and U.S. Food and Drug Administration (USFDA)
adapted the CARVER model for the food and agriculture sector. This adaptation reflects
terrorists’ goals to inflect mass casualties and create economic and psychological
impacts. [38] In this instance, its principles will be considered in the assessment and
mitigation of, and protective measures for the supply chain to reduce the risk associated
with the delivery potential of a WMD or its components to U.S. shores. This will be
discussed in greater detail in Chapter V.
Also for the U.S. Army, Rand Corporation^ Arroyo Center developed a
vulnerability assessment method guide to assist in the identification of adversary, friendly
and other stakeholder strengths and weakness to, among other things, exploit adversary
vulnerabilities. [39] This is the premise and focus of this research. The Vulnerability
Assessment Method Pocket Guide (VAMPG) folds existing military methods already
being used into the process, such as CARVER, and identifies steps to further the targeting
of adversary facilities. They are: understanding the mission and operational environment,
determining the desired end state, developing the operational approach and assessing
effectiveness. It provides a comprehensive look at military targeting in a holistic manner.
VAMPG, like CARVER, is a subjective analysis method with ranges of values to
determine effectiveness.
3.2 RISK ASSESSMENT APPROACHES
Over the years, there have been many approaches to assessing risk developed that
could be used. They were and are based on, among other things, the reason for the
assessment, terrorist intent, what is to be protected and cost effectives. [40] They include
33
CARVER + Shock for military special operations, Operations Risk Management (ORM)
for military uses, Risk Analysis and Vulnerability Assessment (RAVA) for federal
government non-military uses and Threat, Vulnerability, Risk model (TVR) for the
computer industry. When looking at risk and as protective measures increase, softer
targets, such as those that impact economies, create fear and commercial targets become
more attractive. [41] This could be a guiding factor for a terrorist to ship a WMD in a
container to affect mainstream America.
Past experience and as evidenced from this research, has shown that risk
assessment approaches, models and techniques have been, what appears to be more
focused on the process of determining risk, rather than the benefit (the model has) of
minimizing and mitigating risk on a “real time” basis. This has resulted in complex and
resource intensive models that transportation providers cannot use for a myriad of
reasons. Cost, resource and data intensiveness, and computer and analytical expertise are
just a few of the reasons the industry is hesitant to use them. They need immediate
assessments and not a long, drawn out process, as there may be a need to respond to an
immediate threat.
Risk assessments have been researched and developed, and methodologies
published in text and reference books, and scholarly papers. The literature search
conducted herein substantiates the proclivity for complicated analytical models and, thus,
the need for a simple model representing industry and supply chain expertise as it
addresses security and risk. The following paragraphs present a discussion of maritime
and other risk assessment models found in the literature search that could shed light on
34
the process and, thus, an approach to this research that is appropriate for the intended
thesis to make the framework simple and “user friendly”.
Brian Bennett in his book on understanding terrorism and protecting critical
infrastructure and personnel discussed the CARVER model. [38] The discussion, in
addition to presenting the USDA/USFDA model, promoted the CARVER concept to look
at methods of attack or compromise and associated vulnerabilities and gaps. Bennett
finds the CARVER model a good decision matrix that shows the interrelationships
among assets, threat, vulnerabilities and protection measures.
Rutgers University conducted a U.S. Department of Transportation funded
research project to develop a probabilistic risk analysis (PRA) to quantify the likelihood
and consequences of a crude oil release accounting for route and train-specific
characteristics. [42] The research design approach was to be able to use the PRA results
in a GIS decision support tool. This research was the result of the 2013 Lac Megantic
Bakken crude oil train derailment and FRA’s 2015 rule for the safe transportation of
flammable liquids by rail. This employs an analytic model measured by the product of
probabilities and consequences of an oil release incident and several conditions and
parameters, to include FRA class of track, signalization and freight densities. One
deliverable of the research was a GIS-enabled decision support tool that automates the
analytical procedures.
Karim Vellani in his text on strategic security management [43], discussed
qualitative and quantities risk assessments. His assessment is that qualitative risk
assessments are best when historical information or metric data is unavailable. This, on
the surface, ignores the benefit of a subjective or qualitative analysis based on subject
35
matter experts, which is a premise of the U.S. Army’s CARVER model. His quantitate
approach is an analytical model that that looks at loss event probability and frequency
based on Risk = Threat + Vulnerability. He does, however, discuss specialized risk
assessment methodologies that address specific industries, assets and threats. The
CARVER model is one of them.
In a book on transportation security utilizing intelligent transportation systems
(ITS), the authors discuss several methods of assessing risk critical to transportation
infrastructure. [44] The first model, the Blue Ribbon Panel Method, utilizes a
quantitative approach and was developed for bridges and tunnels. It is based on
probability of risk of an infrastructure element, occurrence, vulnerability and asset
importance. A fault-tree analysis is also discussed, which is both a quantitative and
qualitative method, and is focused on infrastructure failure due to a deliberate attack. It
represents a graphical and algebraic Boolean relationship between fault events caused by
an unwanted occurrence. Next the book discusses using a simulation analysis that
evaluates different response plans or could be applied to courses of action, which could
be enhanced by animation to train first responders. The Monte Carlo method of analysis
is introduced to determine mathematical solutions where there are multiple, changing
factors. It is a multi-variant approach using random numbers to create a statistical
distribution based on the influences of the variable. The last model discussed is the
Weibell Hazard Model, which is used to estimate changing hazards based over time. It is
based on the statistical distribution based on shape, scale and location of the variables.
Like many other models discussed herein, with the possible exception of the fault-tree
analysis, they are not simple and require sophisticated mathematical and/or statistical
36
analysis. The fault-tree analysis may not be as analytical as the others, but is not simple,
which is the intent of this research.
In a paper on maritime transportation system (MTS) vulnerability assessment,
Berle et. al. determined that there were no methods that specifically assessed MTS risk.
[45] This document further stated that supply chain risk assessment frameworks only
considered anticipated threats and not those that were unforeseen. The paper presented
the concept of transferring the principles of a safety-oriented Formal Safety Assessment
(FSA) to a maritime supply chain Formal Vulnerability Assessment (FVA). The concept
was based on the ability of the maritime transportation system to endure and recover from
a disruption and to cope with low probability, high impact events. The framework looked
at failure modes, such as transportation and internal operations/capacity, and elements
across the maritime transportation system impacted by the failures, such as terminals and
intermodal connections. The above paper states that there is limited research on overall
maritime supply chain vulnerability and, thus, security. It suggests that future research be
framed to identify generic vulnerability in critical infrastructure in ports. It is a
subjective approach and relies on subject matter experts (SME) and experiential
information and data, and that “quantification” is via major or minor or no impact
determinations.
Subsequent to the Exxon Valdez oil spill in 1989, concern was expressed by the
stakeholders in Prince William Sound, to include the USCG, regarding the safety and
potential risk associated with the transportation of oil (in Prince William Sound). [46] A
probabilistic model was developed to address the risk and provide measures to reduce
them. The model was built based on a simulation of the oil transportation system in
37
Prince William Sound, data analysis and expert judgement addressing subjective
assessments for input into the probabilistic model. This model, as presented, loosely
parallels the subjectivity in the U.S. Army CARVER model, but with a more complex
analysis and numeric outcomes.
An analysis of security risk in the global container supply chain (GCSC) was
conducted by Bachkar et. al. in 2013 using the analytical hierarchy process (AHP). [47]
The objectives of the research was to formulate an AHP framework to address and
mitigate risk, prioritize and evaluate risk, and validate the assumptions based on SME
judgements. The paper cites previous research by Kumar et. al. that identifies six
common risk criteria associated with GCSC risk. [48] They are: measurement,
environment, personnel, material, method and machine. The AHP in the Bachkar et. al.
research, consisted of five steps: structuring the decision problem, collecting input data,
calculate relative priorities of the decision elements, derive decision alternative values
and validate the decision process. The process uses a subjective assessment of conditions
with a measurement scale to evaluate the six criteria. The results of the analysis showed
that 1) the findings were consistent with previous studies on container security and 2) the
most critical risk factor was personnel citing that security measures need to ensure that all
participants in the supply chain must be trusted.
The United Nations (UN), in a 2006 report, introduced a security risk assessment
and management framework to shift the focus of maritime security from facilities to the
supply chain and reflect the global scope of the transportation network. [49] The
document reviewed the current layered approach to security and suggested alternative
risk assessment methods to reflect the complexity of the integrated global transportation
38
network. The complex regulatory environment and operating scenarios are key
considerations and challenges, as well as an opportunity to secure the supply chain. It
cites several U.S. and international regulations and programs, to include the ISPS Code
and its AIS requirement, CBP’s CSI and C-TPAT, and USCG’s MARSEC (maritime
security) level and MTSA requirements as part of the process.
The UN report further discussed event and fault tree analyses as possible methods
of identifying and assessing risk paralleling the ISPS accepted MARSEC levels of 1
(minor) to 3 (major) as rating scale values. In its research, the UN observed several
issues regarding regulatory risk that could have an impact on the framework. They
include regulatory risk being reactive, that there is no established framework for risk
assessment outside of government regulations and that few countries have undertaken
comprehensive regulatory assessments. When looking at issues surrounding current risk
assessment methods, several stood out to the UN in its research. They include
understanding the impact of terrorist events on the supply chain, inadequacy of traditional
approaches to modelling threats, vulnerabilities and risk (e.g. probabilistic) and
quantifying cost/benefits among the supply chain stakeholders. The UN report
framework is based on three sources of risk: environment, which addresses external
sources (e.g. terrorists); organizational, which addresses uncertainty in the supply chain;
and network-related, which addresses interactions between organizations and the supply
chain. The latter includes uncertainties associated with trading with non-complaint
partners. A balanced approach is sought to address the efficiency in a deregulated
environment with the security requirements from an increasingly regulated environment.
39
Maritime security has become a major concern. A central issue is how to enhance
security while not adversely affecting efficiency. In addressing the issue, there are three
cornerstones for effective maritime security management: quality, risk, and business
continuity management. The major objective of the empirical research conducted was to
identify factors important to effective maritime security. A conceptual model was
developed by Thai that included 13 dimensions (e.g. structured security policy,
stakeholder communications and management buy-in) and 24 associated factors (e.g.
clear definition of risk levels, resources and contingency planning). [50] The model was
tested with the result being that the findings supported the validity of the 24 factors and
that security incident handling and response are regarded as the most important, along
with risk assessment, risk-based security mitigation strategies and plans, and management
commitment. The Thai model used an involved and detailed statistical model to report
on the research results. It is not simple and is resource intensive requiring extensive data
and appears to be more process focused than providing the industry with a “hip pocket”
assessment than can be used anywhere at any time to address threats and vulnerabilities
to protect the supply chain.
In looking at risk assessment models for aviation transportation, the
preponderance of models found focused on checkpoint risk. Because of the limited scope
of this, any method used would be inappropriate for a global risk assessment framework.
In a document by the RAND corporation, the TSA Risk Management Analysis Tool
(RMAT) was evaluated for its validity and applicability to address TSA’s risk assessment
needs for the commercial air transportation system. [51] RMAT is an analytical
simulation model that is comprised of two conceptual models; adversary and defender.
40
The model is data intensive with about 4300 input variables. Of the results of the
evaluation, the reliance on a large number of uncertain parameters and conceptual models
would not be suited for strategic decision making regarding risk mitigation. This is
consistent with the premise of this research that complex and data intensive models are
not in the best interest of minimizing risk.
3.3 MARITIME APPLICATION OF THE CARVER MODEL
In the literature search, no models were found that fully and comprehensively
addressed the physical, operational and procedural assumptions to be used in an
experiential risk assessment model. It appears that risk assessments for the maritime
container supply chain and environment, and ports in general, are subjective in nature
following the principles of the AHP framework. This leads to the attractiveness of the
CARVER model as the basis of the model developed herein, as the practitioners are the
SMEs, which lends to the validity of the approach. We can also see that the UN report
considered a subjective approach to assign values to assess risk, as did the government
and other models and analysis frameworks reviewed, which further validates the
subjective, rather than objective, approach to framework development.
As stated herein, quantitative modeling would likely be complex and overshadow
the intent to assess risk as part of route and port selection criteria. It is also inconsistent
with the intent of the framework to be developed, which is simplicity. As we learned
from the railroad industry with RCRMS, as discussed in Chapter I, practitioners do not
want to be overcome by complicated, cumbersome and costly models. Therefore, a risk
assessment model that is experiential, intuitive and easy to operate, and that is helpful in
41
port and route selection would be beneficial. The model should reflect the layered
approach to security and provide a risk assessment that can become established outside
that which is government regulation focused. For these reasons, the U.S. Army
CARVER model was selected for adaptation for the intermodal container maritime
supply chain risk assessment framework.
The U.S. Army CARVER model is suitable as a framework where there are no
apparent methods to simply, subjectively and efficiently address intermodal maritime
container risk. This framework is, for all practical purpose, limited in scope and
conceptual in nature to address a thesis focusing on the assessment process and
components that measure risk from a practical and operational perspective. This research
applies a case study approach that can be useful in the early phases of research where
there may be no prior theories or previous work and is intended to be theory building,
rather than testing. [52]
The Maritime CARVER framework uses a simple and subjective approach that is
based on subject matter experts (SME). Traditional risk techniques and models are often
data intensive focusing on severity and probability and, although beneficial, often result
in modeling methods that are intractable. The Maritime CARVER framework, on the
other hand, uses a small number of data that is readily available, as it is part of the
intermodal maritime container supply chain process. Probability and severity are
introduced subjectively by the SMEs, based on their experience, as they assign the
numeric values based on the conditions in the tables. This provides for a manageable
assessment process and not one that is intractable because of extensive data requirements
and analysis.
42
Therefore, the intent of this research is to develop a framework that is focused on
assessing risk from a practitioner’s perspective and, thus approach, and not one that is
analytically and theoretically driven.
43
IV. INTERMODAL CONTAINER SUPPLY CHAIN
Before an assessment method can be determined, an understanding of how a
container gets from a foreign manufacturer to the consumer in the U.S. Figure 4.1 is a
graphical representation of the flow depicting the permutations in the supply chain based
on, among other things, the role of the exporter and importer, transportation modes used,
modal transfers, areas posing constraints in the flow, characteristics of the ports and their
operations, and other transportation nodes.
Foreign U.S.
Landside W atersid e Landside
Exporter wm\ H H I A | 1
A |
Intermodal Railroad
Load Center Port
Key: Alternate links land maritime
Might be single or multiple entities
% *1canals „ .
< • ■ • \ A Anchor
ages
:<■ ■ ■ \ /•
Risk areas- vessel enters and exits during transit
Load Center Port
Intermodal Railroad
Importer
Figure 4.1 Intermodal Maritime Container Supply Chain
The analysis will look at the foreign landside flow, in-transit operations via
international and U.S. waters and, then, approaching and at U.S. ports and inland flow.
44
First, an overview of the links and nodes comprising the supply chain will be
presented. The nodes will consist of the physical facilities associated with the
manufacture of the goods to be shipped, transfer points (node to node) and ports. The
links will be the movement by rail, truck and/or ship from node to node. Finally, the
supply chain will undoubtedly have constraints along the way, which includes canals and
straits, and anchorages, where ships may remain for periods of time. Although straits and
canals are physical and geographic features, they will be treated as a link. Areas of
compromise, such as known piracy, will also be considered as part of the route
determination process.
4.1 FOREIGN LANDSIDE
Let’s start with the foreign landside component of the supply chain, as shown in
Figure 4.2. Note that, although the figure depicts a movement from manufacturer and/or
exporter by truck to an intermodal rail yard, feeder port or load center port, rail may also
serve the manufacturing facility and proceed directly to the load center port.
Feeder Port
Intermodal Railroad
Inland Trucker
Load Center Port
Manufacturer
Exporter
Figure 4.2 Intermodal Maritime Container Supply Chain (Foreign Landside)
45
A product is manufactured in a factory at an overseas location say in China, and is
shipped to the U.S. via Shanghai, which is the busiest container port in the world. [53]
An exporter is used by the manufacturer on its behalf to sell its goods to a customer in
another country; the U.S. in this case. From a customs perspective, it is the agent for the
manufacturer who makes the necessary customs declarations.
From the factory, the intermodal container is either loaded onto a truck (inland
trucker) or rail car (intermodal rail) and is brought to a feeder port or directly to the load
center port like Shanghai for the long haul. In the former case and by truck, the container
is loaded onto a feeder ship9 for transport to the load center port. In this case, the
container is handled 3 times; at the manufacturing facility, at the feeder port and, then, at
the load center port. If the latter and by truck, the container is brought directly to the load
center port and transloaded onto the ship. The container is handled twice; at the
manufacturing facility and load center port.
Using rail, a container can be handled 3 times when using feeder ports; at the
manufacturing facility, at the feeder port, and finally at the load center port. This
assumes that the manufacturing facility and the ports have railheads. If not, the
containers are handled 5 times; at the manufacturing facility, at intermodal facilities near
the manufacturing facility and feeder port, feeder port and at the load center port. When
transporting directly to the load center port, the intermodal maritime containers are
handled 2 times when there is a railhead in the manufacturing facility and load center
port. If the manufacturing facility and load center port do not have railheads, intermodal
yards will be required. In this case, the container will be handled 4 times.
9 A seagoing vessel with an approxim ate capacity o f carrying 300 - 1000 tw enty-foot equivalent units (T E U ) for the purpose o f consolidating intermodal containers at a central container terminal to be loaded onto larger vessels for long haul maritime voyage.
46
The following table summarizes the number of times an intermodal maritime
container could be handled from manufacturing facility to load
Table 4.1 - Handling of Maritime Intermodal Containers Landside Foreign
Transportation Node Rail Truck Rail and
Truck To load center port via feeder port
At manufacturer 1 1 1 At intermodal yard 1 At intermodal yard 1 At feeder port 1 1 1 At load center port 1 1 1 Total times handled 3 3 5
To load center port direct ly At manufacturer 1 l 1 At intermodal yard 1 At intermodal yard 1 At load center port 1 l 1 Total times handled 2 2 4
4.2 WATERSIDE
Continuing the movement of the intermodal containers to the waterside of the
supply chain, you are looking at the movement from the feeder to load center ports and,
then, to a U.S. load center port and onward movement to smaller or feeder ports. Figure
4.3 is a graphic representation of the links and involved nodes in this phase.
47
Feeder Pori
..M A
U.S. Load Center Port
Canals, Anchorages and Straits
V A
Canals. Anchorages and Straits l .S. Feeder
Port
Load Center Port
Figure 4.3 Intermodal Maritime Container Supply Chain (Waterside)
The feeder ships would traverse open waters, and could pass through canals and
straits, be close to land, and sit at anchorage awaiting entry into ports and/or passage
through straits or canals. From the load center port, the intermodal container will be
stowed in a line haul vessel that will transit an ocean and/or sea to its destination in the
United States. Based on the port of origin and port of destination, the vessel could
transit canals, pass through straits and be close to land, and remain at anchorage for a
period of time (e.g. Gatun Lake prior to transiting the Gatun Locks of the Panama Canal).
Although the handling of the containers is not the primary issue when at sea,
compromising the container contents is what the risk is. When passing through a canal or
strait, the ship is close to land and could be accessed with relative ease. In a strait, the
vessel could be approached by what would appear to be a harmless small boat that could
deliver a WMD or WMD materials or operatives or both. The same goes for ships at
anchor. Think of the USS Cole, when at anchor in Yemen's Aden harbor, which was
bombed by what appeared to be a harmless small boat.
48
The Strait of Malacca, which connects the Pacific and Indian Oceans, is of
strategic importance to global commerce and is heavily utilized with nearly 100,000 ships
transiting it annually. [27] Being less than 2 miles across, it is subject to piracy and
accidents, such as the collision between the USS McCain and the tanker Alnic MC in
2017. It was reported that rerouting around the Strait of Malacca would be costly and
add considerable time to the voyage. This, like with ships at anchor, could provide a
situation where small boats could approach the larger ships relatively unnoticed.
A potential vulnerability of vessels at sea, is when a ship or small boat could
transfer people and/or material much in the same manner as naval vessels refuel and
resupply at sea (connected replenishment [CONREP]). [54] The ships would hold a
steady course and speed in the vicinity of 15 knots to affect the transfer. Safety is an
issue and the transfer would be conducted accordingly, but given the intent of terrorists,
safety would not be much of a concern if they wanted to transfer WMDs or WMD
material. At this point, the 2 vessels would be side-by-side and not easily identified as 2
separate ships by automated identification systems (AIS) used to track ships. This could
be further exacerbated by one or both of the vessels not having AIS transceivers on board
or not having them activated.
Once the vessel offloads at the U.S. load center port, it could be loaded onto a
feeder vessel or barge to a smaller U.S. port. Since the security protocols (e.g. USCG
and CBP) are rigorous at U.S. load center ports, the risks associated with handling the
container and shipping it “inland” via feeder ship, rail or truck are perceived to be
minimal. A risk, albeit small, exists when the ship remains at anchor before entering the
U.S. load center port.
Rather than considering the number of times a container is handled, like landside,
this phase will address the potential for compromising a container at sea, through canals
and straits, and at anchorage. For Table 4.2, below, it will be assumed that, at anchorage,
a ship will be either awaiting passage through a canal or strait or in U.S. waters awaiting
entry into the load center port. Each are at potential risk of compromise for the reasons
described herein. Routing assessed will be a combination of the waterside constraints
that may be encountered.
Table 4.2 - Routing Considerations of Maritime Intermodal Containers at Sea
Waterside Component/Constraint Waterside Routes
A B C D Open ocean 1 1 1 1 Thru a canal 1 1 Thru a strait 1 1 At anchorage 1 1 1 1 Total components/constraints 2 3 3 4
The route designations (A, B, C and D) in the table are randomly labeled to show
reflect the components and constraints that could be encountered.
4.3 U.S. LANDSIDE
Once the vessel leaves anchor and enters the U.S. load center port, the intermodal
maritime container will be transferred to a feeder vessel, rail and/or truck in the reverse
order as that in the foreign landside discussion. In the feeder vessel case, the container
will be drayed to another pier assumedly in the same port. If destined to rail, the
container will either be transferred to a rail car, if there is an intermodal yard within the
port, or to a truck, if the intermodal yard is not within the port. If offloaded directly to
50
truck, the container will only be handled once before it reaches its final destination. This
portion of the supply chain flow is graphically depicted in Figure 4.4, below.
Feeder Ship
Intermodal Railroad
Inland Trucker
Inland Trucker
Inland Trucker
Intermodal Railroad
Inland Trucker
U .S. Feeder Port
U .S. Load Center Port
Importers
Figure 4.4 Intermodal Maritime Container Supply Chain (U.S. Landside)
Table 4.3 shows the number of times the container will be handled. The rail
move is based on a railhead in the port. The combined rail and truck move is based on an
intermodal railhead outside of the port and where the container will be transferred to
truck for its final leg of the journey. Although unit container trains are common, efficient
and cost-effective, the sole move by truck requires the least handling (of the container).
Table 4.3 - Handling of Maritime Intermodal Containers Landside Foreign U.S.
Transportation Node Truck Rail Rail and
Truck To feeder port via load center port
At U.S. load center port 1 1 At feeder port 1 1 At port intermodal yard 1 1 At intermodal yard 1 1 Total times handled 2 2 4
To final destination At the U.S. load center port 1 1 1 At port intermodal yard 1 At intermodal yard 1 Total times handled 1 1 3
51
The intermodal maritime containers will be randomly inspected and/or targeted
for inspection once offloaded in the first U.S. port and transferred to rail or truck. This is
in addition to the vetting and security measures undertaken to and in the foreign port, and
in transit at sea. The supply chain container flow for the risk assessment will end once
clearance is received and the intermodal maritime container leaves the final transfer point
at the port for the haul inland.
4.4 CONTAINER FLOW RISK FACTORS
In analyzing the risk associated with the container flow, risk factors would be looked
at as potential “points” where risk could be heightened or mitigated. Background on the
risk or mitigation “points” to be considered in the assessment are summarized and
discussed, where needed, below:
• Vetting o f the foreign manufacturer and exporter
This could be problematic because the exporter may have acquired the goods in a
domestic marketplace and then became the exporter of record. There can be several
scenarios to this option. Many exporters, especially in Asia, are essentially the equivalent
of the export departments of firms that do not have the organization to support their own
export business. These are not just tiny firms scattered throughout Asia, but could be run
in the names of substantial firms, such as Fuji in Japan.
• Vetting o f maritime transportation company
When discussing international shipping companies, the container trades are
dominated by relatively few firms. It is common knowledge that a vast majority of the
52
traffic moves among those carriers, such as Hapag Lloyd, Evergreen, NYK, COSCO,
Maersk, and NOL/APL.
• Number o f times containers are handled from manufacturer to foreign feeder
and/or load center port
This reflects “chain of custody” and number of times an intermodal maritime
container is handled (loaded, transloaded and offloaded) from foreign manufacturer to the
load center port. It includes rail, truck and feeder vessel to the container ship for the
ocean voyage.
• Physical and human security measures at feeder port and/or load center port
Physical and human security measures vary widely insofar as sophistication and
attention to detail is concerned. It includes perimeter and access control, cameras and
intrusion detection, lighting, etc. supplemented by law enforcement and regulatory
enforcement. A major concern is whether the feeder service crosses an international
boundary or not. If not, it can be assumed that this could be lax and that security will be
deferred to whatever load center port at which the containers are transloaded.
• CBP, USCG and other U.S. government oversight at foreign load center ports or
similar oversight by a foreign government, and at U.S. load center port
If the container crosses an international boundary, then the issues include the presence of
U.S. CBP, implementation of CSI (Cargo Security Initiative) and the due diligence of the
native customs service at the load center port. Also, CBP’s C-TPAT (Customs Trade
Partnership Against Terrorism) vetting is a factor, as well as USCG’s in transit rules [55]
and Ship Security Alert System (SSAS). These programs are not the total population of
DHS security programs on maritime and shipping security, but are key components.
53
• Ship’s routing traversing known piracy areas and passing through straits and
canals
This involves the potential for cargo being “tainted” without the knowledge of the
ship’s crew and/or the possibility that one or more of the crew members might be
compromised (insider threat).
• Ship remaining at anchorage fo r a period o f time, how many times at anchorage
and where.
There may be three vessels that could lie at anchorage: foreign feeder, line haul
vessel, and U.S. feeder. The major concern would be with the former (foreign feeder)
because of the potential lack of security supervision and oversight, but the latter (U.S.
feeder) cannot be excluded from concern.
• Number o f times a container is handled from U.S. load center port to inland
destination, to include via a feeder port
This is the same as the number of times a container is handled at foreign ports, but in
reverse order.
• Physical and human security measures at U.S. load center port and feeder port
Procedurally, this is within the customs territory of the U.S. involving among others
CBP, USCG and TSA, which makes the issue a domestic matter akin to that of an
intermodal freight train or a container traveling the highway. Physically, it includes
perimeter and access control, cameras and intrusion detection, lighting, etc.
54
• Vetting o f U.S. importer and consignee
This is a complicated matter, as CBP and TSA have several measures in place to
insure that the importer and consignee are trusted. CBP’s C-TPAT is just one program
that vets the importer or consignee.
It is not uncommon that the importer may not be the final user/consignee. This is
where the matter could become murky depending upon whether the final consignee has
the resources to operate as an importer or not. If not, it is common for a customs broker
to be named as the importer of record. There are two other potential scenarios for this: a
large firm, including trading companies, engaging in trade with subsidiaries importing
their product even though the ultimate customer is a U.S. firm that is the ultimate user
and using a foreign affiliate as the importer of record. There is an industrywide concern
about the intelligence gathering activities of competitors causing the consignee to
purposely not wanting to be the importer of record. This is so that trade secrets and
strategies are not divulged to competitors.
55
V. ASSESSMENT METHODOLOGY
The objective of this research and this chapter is to develop a simple methodology
that would assess the risk of route choices and supply chain partners from foreign to U.S.
ports. The risk in this endeavor is focused on the ability of terrorists to transport weapons
of mass destructions (WMD) and/or material to make them in intermodal maritime
containers destined to U.S. ports and inland destinations. A value added to this research
is the potential application of this process to the smuggling of drugs and other contraband
via intermodal maritime containers, which also have terrorist links.
The original focus of this research was to adapt and retool the Federal Railroad
Administration’s (FRA) Rail Corridor Risk Management System (RCRMS) to the risk
associated with the transport of intermodal maritime containers. This initial approach
was taken because many of the 27 factors in RCRMS have similarities in operation and
physical characteristics that could be adapted to maritime environment. Based on
personal institutional knowledge of the subject, and discussions with railroad industry
experts and after additional research, it was determined that, because RCRMS was too
costly and time consuming to run and many railroads balked at or did not have the
resources to run the risk model, this methodology would not be appropriate and is not
being pursued.
In analyzing the risk, the following factors will be looked at as potential “points”
where risk could be heightened or mitigated. The risk or mitigation “points “, which
were discussed in Chapter 2, to be considered in the assessment are:
Vetting of foreign manufacturers, exporters and land and maritime
transportation companies, and, to a lesser degree, U.S. land and maritime
transportation companies, importers and consignees. This is because once the
intermodal maritime container and its contents reach U.S. ports, they have
been vetted, inspected and protected (e.g. tamper proof seals) extensively and
pose a reduced risk.
Number of times the intermodal maritime containers are handled from
manufacturer to foreign feeder and/or load center ports.
Physical and human security measures at foreign and U.S. ports.
CBP, USCG and other U.S. government, international and host national
oversight of the supply chain and at the foreign ports.
Tracking the ships by technological methods, such as automated identification
systems (AIS), GPS, etc.
Shipping lanes/routes traversing known piracy areas and passing through
straits and canals.
Ships remaining at anchorage for a period of time, how many times and
where.
Number of times intermodal maritime containers are handled from U.S. load
center port to inland destination, to include via a feeder port. Although the
framework will not address the inland movement once reaching the U.S., it is
something that should be kept in mind.
57
The assessment methodology is developed based on these individual “points” or
processes in the intermodal maritime container flow (e.g. foreign manufacturer to load
center port) and the movement in its entirety (to the U.S. port of entry).
5.1 CARVER METHOD
For the assessment, an adaptation of the U.S. Army’s CARVER method of target
analysis is proposed. [37] CARVER was developed and used by U.S. Army Special
Forces in mission planning and validation, and target analysis. This method of analysis
has been adapted for civilian and government use and the protection of assets, and
determination of vulnerability (e.g. the U.S. Department of Agricultures’ adaptation for
the food and agriculture sector.) [56] In this instance, its principles will be used to assess
the mitigation and protective measures in the supply chain to reduce the risk associated
with the delivery potential of a WMD or its components to U.S. shores. CARVER is an
acronym for Criticality, Accessibility, Recuperability, Vulnerability, Effect and
Recognizability, which are the factors in target selection in the analysis.
Before adapting the CARVER factors to this maritime risk model, let’s look at the
original description of them from FM 34-30, Appendix D.
• Criticality - Target value with regard to whether or not destruction or damage
would have a significant impact.
• Accessibility - Ability of the operational elements to reach and attack the
target/asset.
• Recuperability - Measured in time, it is how long it takes for the adversary to
recover from the attack on the target.
58
• Vulnerability - The ability of the operational element to successfully attack
considering the target’s defensive measures.
• Effect - Potential impact on the military, political and economic environments,
and psychological and sociological impacts at the target and beyond.
• Recognizability - The extent at which the target can be recognized in all weather
conditions and seasons, and geographic characteristics.
The CARVER model sets criteria describing the factors’ impacts on the assets and
assigns a value from 1 - 1 0 that reflects the affect the attack and resulting damage. The
lower numbers reflect lesser impacts and the higher numbers reflect higher impacts. For
example and for Vulnerability, the lower numbers reflect more hardened and protected
targets requiring greater targeting measures and, perhaps, weapons. At the higher end,
less detailed targeting and lesser weapons could successfully compromise the target.
The following is a re-creation of Figure D -l, Completed CARVER Matrix, from
FM 34-36, Appendix D, to depict the end result of a targeting analysis. The total
represents the relative desirability of the potential target to be used in target selection
among many targets.
Table 5-1. CARVER Matrix from FM 34-36, Appendix D
lulk Electric Power Supply Potential Targets C A R V E R Total Fuel Tanks 8 9 3 8 5 6 41 Fuel Pumps 8 6 2 10 5 3 34 Boilers 6 2 10 4 5 4 31 Turbines 8 6 10 7 5 9 45 Generators 4 6 10 7 5 9 41 Condensers 8 8 5 2 5 4 34 Feed Pumps 3 8 5 8 5 6 33 Cir. Water Pumps 9 8 5 8 5 4 33 Generator Step Up Transformer
10 10 10 9 5 9 53
59
The score of 53 out of a possible score of 60 would indicate that the generator
step up transformer would be the primary target within the bulk electric fuel supply
facility when prioritizing the attack based on probability of success and maximum
impact. Now and when considering the bulk electric fuel supply facility against other
targets, say a highway bridge on a major arterial, an aggregate score of the components
comprising the facility should be considered. In this instance, the aggregate target value
would be 39.
5.2 FORMULATION OF MARITIME RISK ASSESSMENT FRAMEWORK
Taking the concept and principles of CARVER, a risk assessment method can be
developed to address the security of transporting intermodal maritime containers. The
first thing will be to identify the “assets” to be considered in the analysis. They would be
from the physical security measures at the ports to the vetting of the manufacturer and
exporter to U.S. government and international security measures employed at foreign
ports and at sea. The potential “points” where risk could be heightened or mitigated,
presented in Section 5.1, will be used as the basis of the framework. Note that the greater
likelihood of placing a WMD or WMD material in a container is prior to entering the
foreign port and when being loaded on the ship.
5.2.1 Discussion of Model Factors
Given the potential “points” where risk could be heightened or mitigated in the
process, the following is an adaptation of the CARVER model factors to address the
shipment of intermodal maritime containers to the U.S. The framework will be
developed from a “targeted” perspective, rather than “targeting” as in the U.S. Army’s
CARVER model. The factors or “points” are based on a given capability and resolve of
60
terrorists to compromise an intermodal maritime container from the foreign manufacturer
to its inland destination in the U.S., and U.S., international and host nation measures to
thwart the terrorist. The components of the model are discussed below.
• Chain of custody - This factor involves the surface transportation from the
foreign manufacturer to the load center port, including via feeder ports, to the first
or subsequent U.S. ports via the number of times the container is handled. As
with the TSA’s regulation on chain of custody, [57] the more times the rail car
(or container in this case) is handled the greater the risk. The risk extends from
the surface modes to the handling of the intermodal maritime containers to and
from ships (e.g. feeder ship to a long haul vessel) and, to a lesser degree, on the
ships during the voyage. This is because, in part, the ships are not easily
compromised when at sea given tracking technology and difficulty in gaining
access to ships at speed. Also and based on the security measures in place prior to
arriving at a U.S. port, the risk of intermodal maritime containers will be
significantly lessened. Therefore, this factor will be limited to the landside and
water transport from the foreign manufacturer to load center port and not the at
sea portion of the supply chain.
• Approach (to targeting and monitoring) - For the operations to and through the
originating ports, this factor is based on Table 2 of GAO-13-764 (Figure 1.1) and
is focused on the examination of container shipments based on participation in
CBP’s Cargo Security Initiative (CSI) and targeting approach, and other U.S.
government and international security measures. In theory, governments
participating in CSI and accompanying stringent targeting measures the lesser the
61
risk would be. U.S. CBP’s targeting approach is via in-country personnel,
regional hubs, remote relying on host governments and NTC-C (National
Targeting Center-Cargo) relying on in-country personnel for high risk shipments
and U.S.-based personnel for low risk shipments. [2] This provides an indication
of the involvement of CBP in inspecting and vetting the intermodal maritime
containers before loading them on a ship.
• Routing - This factor is the ocean voyage, which could also contribute to a
container being compromised. The proximity of the ships to land, especially in
known piracy areas, is another consideration, as would the physical features of
canals and straits and how they could lend to the possible ease of accessing a ship.
On the other hand, canals and straits can lend to the ease of monitoring and
observing ships. Although a remote possibility, connected or underway
replenishment (UNREP-U.S. Navy), as described previously, could provide an
opportunity to compromise an intermodal maritime container while at sea.
• Vetting - This factor is based on the vetting of the parties and cargo in the supply
chain. The first is the thoroughness of vetting, whether of the manufacturer,
exporter or shipping line and surface transportation providers. Then the strength
and weakness of U.S. government security initiatives, like CBP’s Cargo Security
Initiative (CSI), Customs Trade Partnership Against Terrorism (C-TPAT) and 24-
hour Advance Cargo Manifest Declaration Rule will be a consideration. When at
sea, adherence to U.S. and international rules and regulations will be the basis.
This includes the USCG’s Automated Identification System (AIS) and 96-hour
advanced notice of arrival (NOA) regulation (33 CFR 160.212), and CBP’s Smart
62
Box Initiative and Automated Targeting System (ATS). Cyber threats could also
compromise the vetting process, as would insider threats involving personnel
involved in the process.
• Exposure - This factor focuses on the vulnerability of the physical facilities
involved in the movement of the intermodal maritime containers, to include ports,
intermodal yards, etc., based on the physical and human security measures in
place. This includes, but is not limited to, perimeter and access control, intrusion
detection, cameras, lighting, terrain and geographic features, and the human
elements of the security measures. Cyber security for the tracking of the vessels
and its contents at sea in the harbors and ports, and managing container seals are
also considerations. Insider threats could also compromise the physical security
measures in place and increase the risk of compromise.
• Regulatory - This factor involves the U.S, international and host nation (State)
regulatory processes governing port and maritime security, and the transportation
of intermodal maritime containers. While each nation or State has its own
regulations governing maritime transportation and operations, the International
Maritime Organization (IMO), because maritime transportation is global, has
enacted conventions and treaties that embrace those of the individual nations or
States. [58] When looking at intermodal maritime containers, IMO’s Safety of
Life at Sea (SOLAS) convention and its International Ship and Port Facilities
Security Code (ISPS Code) is particularly relevant. State signatories to IMO
Conventions and treaties, such as the Mutual Recognition Agreement (MRA), are
considered fully compliant with U.S. regulations governing maritime facilities,
63
transportation and operations. [59] Therefore, this factor will look at the host
nation or State’s compliance with IMO conventions and treaties involving the
transportation of intermodal maritime containers.
As background, it is understood that U.S. maritime security is layered
starting with the origin of the container and follows it through its voyage to and
into the U.S. port. For example, CBP’s 24-hour Advance Vessel Manifest Rule,
Mutual Recognition Agreement (MRA) and Automated Target System (ATS),
and USCG’s International Port Security Program (IPSP) and 96-hour notice of
arrival (NOA) regulation [60] are overlaid with IMO’s treaties and conventions
for greater security.
5.3 MARITIME CARVER FRAMEWORK FACTORS
To use the new CARVER input variables, above, criteria and values, they must be
identified and defined. Again and based on the potential “points” where risk could be
heightened or mitigated, the following will allow the assessment of risk for the individual
factors and, then, the supply chain, as a whole. The following tables are to be used in the
CARVER matrix to determine segment or route acceptability with regard to risk.
5.3.1 Chain of Custody
Table 5-2. Chain of Custody Conditions and Values
Condition Value Combined rail and truck to feeder port via intermodal yards 9 - 10 Combined rail and truck to load center port via multiple intermodal yards
7 - 8
Combined rail and truck to load center port via intermodal yard 5 - 6 Direct rail or truck to feeder port from foreign manufacturer 3 - 4 Direct rail or truck to load center port from foreign manufacturer 1 -2
64
Note that once the ship is loaded, whether at the feeder or load center port, and
until it offloads at its destination, the container will not be “handled” and the chain of
custody will be with the ship’s officers and company officials.
5.3.2 Approach
5.3.2.1 Targeting Landside
Table 5-3. Approach (to targeting) Conditions and Values
Condition Value No coordinated or fully developed targeting approach by host nation government
9 - 10
Remote targeting approach via host nation governments and MRAs in place
7 - 8
Targeting approach is via CBP’s NTC-C for high risk shipments with in-country personnel and U.S. based CBP for non-risk shipments
5 - 6
Regional targeting approach by CBP personnel to examine containers 3 - 4 In-country targeting approach by CBP personnel to examine containers 1 -2
5.3.2.2 Targeting Waterside
Table 5-4. Approach (to targeting and monitoring) Conditions and Values
Condition Value Approach based on compliance with host nation programs only 9 - 10 Approach based on compliance with international programs only 7 - 8 Approach based on compliance with host nation and international programs
5 - 6
Approach based on compliance with U.S. and international programs 3 - 4 Approach based on compliance with U.S., host nation and international programs, rules and regulations
1 -2
Note that this table is for ships that have left port and before they reach the first
U.S. port, and is based on the application of the programs, rules and regulations
addressed in the Regulatory model factor.
65
5.3.3 Routing
5.3.3.1 Routing (ocean voyage)
Table 5-5. Routing Conditions and Values (ocean voyage)
Condition Value Ocean voyage with passage through strait and/or canal with anchorage 9 - 10 Ocean voyage with passage through strait and canal 7 - 8 Ocean voyage with passage through strait or canal 5 - 6 Ocean voyage with anchorage 3 - 4 Ocean voyage only 1 -2
Note that the routing also is for both the voyage from feeder ports and load center ports.
5.3.3.2 Routing (surface transportation)
Table 5-6. Routing Conditions and Values (surface transportation)
Condition Value Direct rail or truck or combined rail and truck greater than 500 miles 9 - 10 Combined rail and truck 300 - 500 miles 7 - 8 Combined rail and truck 300 miles or less 5 - 6 Direct rail or truck 300 - 500 miles 3 - 4 Direct rail or truck 300 miles or less 1 -2
Note that the conditions and values are based on 300 miles as the maximum distance that
can be accomplished in one day.
66
5.3.4 Vetting
Table 5-7. Vetting Conditions and Values
Condition Value No or insufficient vetting of the supply chain parties 9 - 10 Vetting of a minority the supply chain parties (e.g. manufacturer, exporter/importer, consignee, transportation companies and commodity) by other means, excluding CSI, C-TPAT and other approved means
7 - 8
Vetting of some, but not a majority of the supply chain parties (e.g. manufacturer, exporter/importer, consignee, transportation companies and commodity), by way of CSI, C-TPAT and other means
5 - 6
Vetting of a majority of the supply chain parties (e.g. manufacturer, exporter/importer, consignee, transportation companies and commodity) by way of CSI, C-TPAT and other approved means
3 - 4
Comprehensive vetting of the supply chain parties (e.g. manufacturer, exporter/importer, consignee, transportation companies and commodity) by way of CSI, C-TPAT and other approved means
1 -2
5.3.5 Exposure
5.3.5.1 Exposure (landside to/from and at ports)
Table 5-8. Exposure Conditions and Values (landside to/from and at ports)
Condition Value No or minimally coordinated physical and human security measures in place
9 - 10
Some, but not a majority, of the active physical security measures in place with some of the accompanying human security measures in place
7 - 8
Some, but not a majority, of the active physical security measures in place with accompanying human security measures in place
5 - 6
A majority of active physical security measures in place with accompanying human security measures in place
3 - 4
Active physical security measures in place, to include perimeter and access control, intrusion detection, cameras, lighting and cyber security, with accompanying human security measures in place
1 -2
67
5.3.5.2 Exposure (at sea)
Table 5-9. Exposure Conditions and Values (at sea)
Condition Value Less than comprehensive physical and procedural security measures at port of departure and/or arrival, virtually no onboard security on the vessel, and passing a known areas of concern (e.g. piracy)
9 - 10
Less than comprehensive physical and procedural security measures at port of departure and/or arrival and minimally robust onboard security on the vessel, and passing a known areas of concern (e.g. piracy)
7 - 8
Less than comprehensive physical and procedural security measures at port of departure and/or arrival, robust onboard security on the vessel, and passing a known areas of concern (e.g. piracy)
5 - 6
Comprehensive physical and procedural security measures at port of departure and/or arrival, minimally robust onboard security on the vessel, and not passing a known areas of concern (e.g. piracy)
3 - 4
Comprehensive physical and procedural security measures at port of departure and/or arrival, robust onboard security on the vessel, and not passing a known area of concern (e.g. piracy)
1 -2
5.3.6 Regulatory
Table 5-10. Regulatory Conditions and Values
Condition Value Country is unwilling to meet IMO conventions and treaties applicable to voyages to U.S. ports
9 - 10
Country is trying, but is unable to meet IMO conventions and treaties applicable to voyages to U.S. ports
7 - 8
Country is working towards meeting IMO conventions and treaties applicable to voyages to U.S. ports
5 - 6
Country meets IMO conventions and treaties applicable to voyages to U.S. ports, but vessel may not
3 - 4
Country is a signatory to IMO conventions and treaties applicable to voyages to U.S. ports
1 -2
5.4 MARITIME CARVER ASSESSMENT PROCESS
When populating the Maritime CARVER matrix, any of the supply chain partners
could do so, which is the intent of this framework. However, the parities that would be
68
most vested in the process and most likely to perform the task using the Maritime
CARVER framework, are the U.S. importer and container lines (e.g. Maersk).
The process, in which the Maritime CARVER will be undertaken, will start with
the development and collection of the input data. Whether formal or ad hoc, the
processes to collect and develop the input information is based on what is needed to vet
the containers and entities (e.g. C-TPAT and CSI), contained in the bills of lading and
ship’s manifest, etc. This provides virtually all of the required input information needed
to “run” the Maritime CARVER prior to or immediately upon sailing. This information
would be visible to the other supply chain partners, as well as government agencies, such
as CBP and the USCG. The Maritime CARVER framework process is graphically
presented in Figure D -l, below.
C onduct M aritim e CARVER
A ssessm en t
Expert Input?
M issing Run Multiple
A lternate RoutesInvalid
Solicit Input from Supply Chain
Partners Rerun Route Segm ents
Lowest Im plem ent Route
O ption
Figure 5-1. Maritime CARVER Framework Process
The steps involved in the process start with the development of the input
information for the Maritime CARVER and end with the selection and implementation of
the best routing options. The steps are as follows:
Development of input data - The information developed by the U.S. importer
and/or container line, will be based on the information readily available from the
documentation required to ship the containers to the U.S.
Input data validity - Most supply chain partners will have the expertise to provide
a majority, if not all of the input information. The first decision point is when the
entity performing the assessment determines if the input information is expertly
developed or if information from other supply chain partners/experts is required.
If the latter, the appropriate expert(s) should become involved in the process
before the assessment is conducted.
Conduct Maritime CARVER Assessment - Once the input data is determined to
be valid and expertly provided, the CARVER assessment should be conducted.
Missing or invalid data - Should a supply chain partner encounter a changed
condition (e.g. recent terrorist activity) or be made aware of or discovers missing
or invalid information (e.g. a factor is skewed and self-serving or left out), a
reassessment should be performed. This is the next decision point and could
involve the entire route, one or more route segments and/or CARVER factors.
For the reassessment, like the initial assessment, expert input data is essential.
Also, how the changed conditions or invalid or missing information could impact
other factors or segments within the route should be considered.
Run multiple alternate routes - This task would take the reassessment reflecting
changed conditions and missing and invalid information or the initial assessment,
if not impacted, and look at multiple routing options to select the route with the
least risk whether in total or to reflect skewed segments.
70
• Select lowest risk routing option - This is the third decision point and where the
parties vested in the process choose the most appropriate route based on the
process to this point. Although this process and research is solely based on
security, other factors could be considered in selecting the optimum route, to
include supply chain duration and cost.
Other than the U.S. importer and container line, other entities may be involved in
the assessment process, includes, but is not limited to the following entities.
• Port authorities and operators
• Land and maritime transportation providers
• Manufacturers and suppliers
• Exporters and freight forwarders
Although not part of the supply chain, government agencies, such as CBP and the USCG,
are involved in the overall process and provide oversight. They would be logical
agencies to monitor the assessment process or even require that it be part of the vetting
process. The latter would ensure that the assessment process is expertly prepared and the
information used is valid.
5.5 MARITIME CARVER FRAMEWORK SIMULATION
Once the conditions and values are determined, a CARVER risk matrix is
developed much in the same manner as the original developed by the U.S. Army. The
matrix to be created will be used to select ports, routes, transportation providers and
importers and exporters to minimize the risk. Like with the U.S. Army CARVER matrix,
the maximum value of any one component will be 60. The analysis conducted can be
71
used in a manner that would prioritize any segment of a route, such as avoiding a strait or
canal, and/or to choose one route over another.
For this discussion, an example has been developed using synthesized data
representing a realistic shipping route from a foreign manufacturer to a U.S. load center
port. From the World Shipping Council, about 38% of the TEUs10 shipped in 2013 were
from Asia to North America. [61] To develop the framework, let’s look at a container
ship sailing from Shanghai to Houston, TX through the Panama Canal. The analysis is
detailed in the sections below. Note that the values selected in each case are based on the
experience of those performing the analysis and subjectiveness of the components and
conditions in the tables. This approach allows for a de facto weighting of the factors and
resulting numeric values by experts. An interview protocol to guide the transportation
professional/ expert in “running” the framework is presented in Appendix A.
5.5.1 Maritime CARVER Analysis Route Segments
The routing for this analysis is based on China Shipping route designation AAE2
[62] with ports of call in Hong Kong, Chiwan, Ningbo and Shanghai in China, Pusan,
South Korea, and Houston, TX and other U.S. ports and is presented in Figure 5.1, below.
ftisan' M nhllr
Nln9bo" AAE2 Service Miim chlwane.
Hong Kong
Figure 5.2 - Simulation Example Routing Map
10 A 20-foot equivalent unit (T E U ) the m easurem ent o f intermodal containers stow ed in container ships. D im ensions are 20' long by 8' tall by 8 ’ w ide.
72
For the purpose of this analysis, let’s assume that the containers depart Shanghai
via a feeder ship and is tranloaded at Pusan onto a larger ocean going container vessel.
This is a variation on the AAE2 service for the purpose of this example. The route is as
follows:
• Manufacturer to Shanghai - Assume that land transportation is direct via truck
from the manufacturer to the port to be loaded onto a feeder ship. The length of
the truck haul is 400 miles.
• Shanghai to Pusan - The smaller feeder ship to Pusan is to be transloaded to the a
larger container ship heading east to the Panama Canal
• Pusan to the Panama Canal - This route is the ocean voyage along known
shipping lanes via the East China Sea and Korea Strait.
• Passage through the Panama Canal - This includes the container ship remaining at
anchor off Balboa before passing through the canal.
• Panama Canal to Houston, TX - This includes passing between Mexico and
Cuba, and Galveston, TX and Bolivar Peninsula, and up the Houston Ship
Channel.
5.5.2 Assumptions and Basis of Analysis
• The manufacturer, exporter and foreign trucking firm are CBP C-TPAT vetted
and the containers have been CSI cleared.
• The container is handled 2 times in the foreign landside move; at the
manufacturer and then at the feeder port.
• The route from the feeder port in Shanghai to the load center port in Pusan is via
the East China Sea and Korea Strait, and proceeds directly to the pier in Pusan (no
73
anchorage). There are no anticipated problems with passing through the Korea
Strait because of its width and depth. [63] The feeder ship does not pass through
a canal.
• From Pusan, the container vessel passes through the Korea Strait and south of the
Japanese mainland. The ship then crosses the Pacific Ocean to Panama Bay off
Balboa, Panama where it remains at anchorage until it cleared to enter the canal at
Miraflores Locks.
• In Gatun Lake, the container vessel will likely remain at anchorage for a period of
time before it is cleared to enter Gatun Locks for passage through the Port of
Colon to the Caribbean Sea.
• The route then proceeds to the Gulf of Mexico via the Yucatan Channel [64] to
Houston.
• The container ship travels through the narrow passage between Galveston and the
Bolivar Peninsula and up the Houston Ship Channel to its final destination;
Barbours Cut Container Terminal. It is assumed that, because of USCG
management of this area, no significant risk is anticipated. The ship is not
expected to be at anchor for any length of time in Galveston Bay.
• The containers are offloaded at Barbours Cut Container Terminal and loaded onto
rail via the near-dock rail ramp. The Union Pacific Railroad is the originating
railroad and interchanges the unit container train11 with the Burlington Northern
Santa Fe Railroad in Dallas/Fort Worth who, in turn, delivers it to their final
destination in Kansas City.
11 A unit train is a dedicated train carrying the sam e com m odity (containers in this instance) that is transported to the sam e destination from the same origin (Barbours Cut Container Terminal to Kansas City in this case.).
74
• The consignee (and importer in this case) and the Union Pacific Railroad and
Burlington Northern Santa Fe Railway are CBP C-TPAT vetted.
5.5.3 Maritime CARVER Analysis Framework “Run”
Given the routing and parameters, above, and CARVER matrix methodology the
following is an analysis of the route simulation presented above.
Route Segment 1 - Manufacturer to Shanghai
Chain of Custody - A value of 4 is assigned (Table 5-2). This is because the
transportation from the manufacturer to the feeder port is direct via a Chinese trucking
firm (containers handled 2 times).
Approach (to targeting) - A value of 6 is assigned (Table 5-3). This is because
both Shanghai and Pusan have a NTC-C targeting approach.
Routing - A value of 4 is assigned (Table 5-6). This is because the truck
transport, albeit direct, is 400 miles from manufacturer to feeder port.
Vetting - A value of 2 is assigned (Table 5-7). This is because the manufacturer,
exporter and Chinese trucking company have been properly vetted.
Exposure - A value of 2 is assigned (Table 5-8). This is because the port of
Shanghai is considered to have an extensive physical security program supplemented by
policing and human surveillance.
Regulatory - A value of 2 is assigned (Table 5-10). This is because the port of
Shanghai, foreign manufacturer and Chinese trucking firm are considered to be in
compliance with governing U.S., host nation and international regulations.
75
Route Segment 2 - Shanghai to Pusan
Chain of Custody - A value of 4 is assigned (Table 5-2). This is because the
containers will be loaded onto the ship in Shanghai and offloaded in Pusan (containers
handled 2 times), plus the chain of custody will be with the ship’s officers and company
officials during the sea voyage.
Approach (to targeting and monitoring) - A value of 2 is assigned (Table 5-4).
This is because the voyage is in international waters between China and Korea, both
major trading partners with the U.S., and in compliance with U.S., host nation and
international programs.
Routing - A value of 4 is assigned (Table 5-5). This is because the feeder vessel
sails directly to Pusan, but traverses the Korea Straits, which is wide and considered safe.
The vessel does not pass through a canal or remain at anchorage during the trip.
Vetting - A value of 2 is assigned (Table 5-7). This is because the maritime
transportation company and port workers (at both ports) have been properly vetted in
accordance with U.S. standards.
Exposure - A value of 4 is assigned (Table 5-9). This is because the ports of
Shanghai and Pusan are considered to have extensive physical security programs
supplemented by policing and human surveillance. The onboard security measures, as
with most ships, are not as robust as that needed to repel an attack, but the vessel is
sailing near China, Korea and Japan, which is not an area of known concerns, such as
piracy.
Regulatory - A value of 2 is assigned (Table 10). This is because all of the
components of the supply chain from vetting at the ports prior to departure and during the
76
voyage are considered to be in compliance with applicable U.S. and international rules,
regulations and programs.
Route Segment 3 - Pusan to Panama Bay/Canal
Chain of Custody - A value of 4 is assigned (Table 5-2). This is because the
container will have been offloaded from the feeder ship and loaded onto the line haul
vessel (containers handled 2 times), plus the chain of custody will be with the ship’s
officers and company officials during the sea voyage. Also, the container will be stowed
on the ship and, as in all segments, have a “tamper p roof’ locks.
Approach (to targeting and monitoring) - A value of 2 is assigned (Table 5-4).
This is because the voyage is in international waters between Korea and the Panama
Canal and in compliance with U.S., host nation and international programs.
Routing - A value of 4 is assigned (Table 5-5). This is because the line haul
vessel sails directly from Pusan to Panama Bay and remains at anchor awaiting passage
through the canal. Other than the Korea Straits, which is wide and considered safe, there
are no other constraints to the trip. Plus, the voyage will be along established sea lanes
far out at sea.
Vetting - A value of 2 is assigned (Table 5-7). This is because the maritime
transportation company and its crew, and cargo have been properly vetted by this stage of
the voyage.
Exposure - A value of 4 is assigned (Table 5-9). This is because the port of
Pusan is considered to have an extensive physical security program supplemented by
policing and human surveillance. The onboard security measures, as with most ships, are
77
not as robust as needed to repel an attack, but the vessel is not passing any areas of
known concerns, such as piracy.
Regulatory - A value of 2 is assigned (Table 5-10). This is because all of the
components of the supply chain from vetting at the ports prior to departure and during the
voyage are considered to be in compliance.
Route Segment 4 - Transiting the Panama Canal
Chain of Custody - A value of 2 is assigned (Table 5-3). This is because the
containers will be stowed on the ship and will not be handled during this segment of the
voyage, plus the chain of custody will be with the ship’s officers and company officials
during the sea voyage.
Approach (to targeting and monitoring) - A value of 2 is assigned (Table 5-4).
This is because the voyage will be within the Republic of Panama and in compliance with
U.S., host nation, international programs and the Panama Canal Authority (ACP) rules
and regulations.
Routing - A value of 8 is assigned (Table 5-5). This is because, although the
ship will essentially not be on an ocean voyage in this segment, it will navigate the
approximate 50 mile canal system. It will pass through 3 sets of locks, Culebra Cut and
likely remain at anchorage in Gatun Lake awaiting passage through Gatun Locks into the
Caribbean Sea. All of which is close to land and subject to potential interdiction.
Vetting - A value of 2 is assigned (Table 5-7). This is because the maritime
transportation company, the ship and its crew, cargo and documentation will be
scrutinized by the ACP prior to its traversing the canal.
78
Exposure - A value of 4 is assigned (Table 5-8). The Panama Canal is
considered to have an extensive physical security program supplemented by policing and
human surveillance. Despite this and because of the proximity of the ship to land for
nearly 50 miles and takes about 8 - 1 0 hours to cross, [65] physical and human security
measures may not be as effective as if the ship were stationary in a port or at sea.
Regulatory - A value of 2 is assigned (Table 5-10). This is because compliance
with U.S., international and host nation regulatory programs and agreements are
supplemented by compliance with those of the ACP to pass through the canal.
Route Segment 5 - Panama Canal to Houston, TX
Chain of Custody - A value of 2 is assigned (Table 5-3). This is because the
containers will be stowed on the ship for this segment and unloaded at a port subject to,
among other requirements, the SAFE Port Act, [66] and Maritime Transportation
Security Act [67] and required TW IC12. Further, chain of custody is addressed by TSA
for the containers transferred from the ship to rail. [9]
Approach (to targeting and monitoring) - A value of 2 is assigned (Table 5-4).
This is because the voyage will be within “reach” of the USCG, “examining” the
containers prior to departure and in transit is essentially complete, and compliance is now
more with U.S. than with international requirements.
Routing - A value of 4 is assigned (Table 5-5). This is because the ship will pass
between the Yucatan Peninsula and Cuba, through the narrow cut between Galveston and
the Bolivar Peninsula and, then, up the Houston Ship Channel. Although the latter 2 are
in U.S. waters and within the “reach” of the USCG, the physical constraints and being
close to land increase the risk.
12 Transportation W orker Identification Credential (T SA /U SC G )
79
Vetting - A value of 2 is assigned (Table 5-7). This is based on all vetting being
complete and that the ship cannot enter the port (anchored off Galveston in this case)
unless and until the 96-hour advanced notice of arrival is received and approved by the
USCG.
Exposure - A value of 4 is assigned (Table 5-8). This is partly based on the
layered physical and human security measures in place at the Port of Houston and along
the Ship Channel. Like the Panama Canal the chosen value is also based on having to
pass between the Yucatan Peninsula and Cuba, through the narrow cut between
Galveston and the Bolivar Peninsula and, then, up the approximate 50 mile long Houston
Ship Channel. The USCG, CBP and other law enforcement along the ship channel
mitigate the risk.
Regulatory - A value of 2 is assigned (Table 5-10). This is based on compliance
with U.S. and international regulatory programs and agreements will have been met
before entering the Houston Ship Channel.
Note that, of the value ranges available for each condition, the higher value is
selected. This is because security errs on the side of caution lending to the assignment of
the higher value available. Based on the Maritime CARVER risk matrix in Table 5-11,
there is equal risk between the segments from the manufacturer to the Port of Shanghai,
and transiting the Panama Canal. The least risk would be experienced in the segments
from Pusan to the Panama Canal, and Panama Canal to Houston. If you were to compare
this route to another shipping route to Houston, the trip would likely be westerly and
potentially passing through the Suez Canal, Straits of Hormuz and Malacca. The risk for
this route would in all probability be higher.
80
Table 5-11. Maritime CARVER Risk Matrix for Shanghai to Houston
Shanghai to Houston, TX
Route Segment C A R V E R Risk No.
Manufacturer to Shanghai 4 6 4 2 2 2 20
Shanghai to Pusan 4 2 5 2 4 2 19 Pusan to Panama Bay/Canal 2 2 4 2 4 2 16
Transiting Panama Canal
2 2 8 2 4 2 20
Panama Canal to Houston 2 2 4 2 4 2 16
Component Risk Number 2.8 2.8 5.0 2.0 3.6 2.0
Combined Route Risk Number 18
81
VI. CASE STUDY
6.1 INTRODUCTION
To validate the framework developed in Chapter V, intermodal container
shipments from a major German chemical producer will be used on a non-attributed
13basis. The information was provided by the German chemical company’s Director of
International Distribution.
The commodities produced and shipped include dyes, pigment and organic
intermediates; textile fibers; reprographic chemicals; surfactants and their precursors;
engineering polymers; and specialty fluoro compounds. They are packaged in steel,
plastic or fiber drums with plastic liners or polymers in corrugated cardboard or plastic
containers with plastic liners. Many of the products are either hazardous or prohibited
aboard aircraft, or were of relatively low value making airfreight not cost effective.
There are approximately 8,000 shipments per year transported with an equal distribution
between 20’ and 40’ containers resulting in approximately 12,300 TEUs annually. Bulk
shipments and those in ISO-tanks14 are outside the scope of this discussion.
The routing is from the chemical manufacturer in Germany through ports in
Germany, Netherlands and Belgium to primarily east coast ports in the U.S. The
container lines used include Hapag-Lloyd, Evergreen, Atlantic Container Line (ACL),
Sea-Land and Nedlloyd. The chemical manufacturer ships in intermodal maritime
13 The information was provided on a non-attributed basis because of, am ong other things the proprietary nature o f the data and sensitivity with regard to supply chain security. 14 A tank container designed and built to ISO (International Organisation for Standardisation) standards to carry hazardous and non-hazardous liquids in bulk.
82
containers. The routing from the manufacturing plants to the ports in Europe is presented
in the Table 6-1 in the following section.
6.2 SUPPLY CHAIN CHARACTERISTICS
This section details the supply chain and routing used for validating the
framework. The case study involves a German chemical manufacturer that ships from
ports in Hamburg and, Rotterdam, Netherlands and Antwerp, Belgium using several
container lines. Information obtained from the German chemical manufacturer is
provided in Appendix C and was provided on a non-attributed status.
The U.S. destinations are on the East, Gulf and West Coasts with multiple ports of
call after the first one, which is the Port of New York/New Jersey (NY/NJ). The
shipments are in maritime intermodal containers with volumes as discussed previously.
Transportation to the European ports is via truck, rail and barge with direct or
intermodal movements to the ports. The routing from the manufacturing plants to the
ports in Europe is presented in the Table 6-1, below.
Table 6-1. Container Routing at Origin
Origin Plant Seaport of Loading Land Mode Frankfurt Hamburg Rail haul from Frankfurt
to Hamburg Rotterdam, Netherlands
River barge from the plant on the Main River near confluence of the Rhine; then to Rotterdam
Wiesbaden Rotterdam, Netherlands
Trucked to the plant at Frankfurt and transferred to barge to Rotterdam
Cologne Antwerp, Belgium Trucked from plant to port
Hanover Hamburg Trucked from plant to port
83
Graphically, the routing is shown in Figure 6-1, below.
NY/NJ Norfolk Charleston Oakland
Port o f Hamburg
FIGURE KEY «...... Maritime <----- Truck •* Rail
NY/NJ Baltimore Savannah Houston
P ort o f R otterdam
Chester Richmond
Port o f Antwerp
. . . ~
German Manufacturer
Frankfurt
German Manufacturer
Hannover
German Manufacturer
Wiesbaden
German Manufacturer
Cologne
Figure 6-1. Origin Supply Chain Schematic
Table 6-2, below, presents the specifics of the routes utilized from the
manufacturer to the European port. The route miles are approximate from origin to
destination city.
Table 6-2. Distance Tables from Manufacturer to Port
Origin City Destination City Mode Miles Frankfurt Rotterdam Barge 280 Frankfurt Hamburg Rail 310 Wiesbaden Frankfurt Truck 30 Hanover Hamburg Truck 100 Cologne Antwerp Truck 140
The U.S. ports to which the intermodal maritime containers are destined are
summarized in Table 6-3, below. Note that to the Port of Houston will require a longer
84
voyage around the Florida Straits into the Gulf of Mexico and to the Port of Oakland will
also require transiting the Panama Canal. Transportation to the inland destinations from
the U.S. ports is by rail, truck, coastal feeder vessel or in combination.
Table 6-3. U.S. Destination Ports and Inland Destinations
Origin Port Arrival Port
Inland Final Destinations16 Mode to Final Destination
Hamburg NY/NJ Fairfield, NJ; Providence, RI; Chicago; Kansas City; other customer direct locations in PA, DE, NJ, and NY
Providence containers transloaded to barge or coastal feeder vessel16; Chicago and KC by COFC; all other, via truck
Norfolk Charlotte Truck Charleston Charlotte and Spartanburg Truck Oakland Customers Truck
Rotterdam NY/NJ Fairfield, NJ; Providence, RI; Chicago; Kansas City; other customer direct locations in PA, DE, NJ, and NY
Baltimore Customers in MD, PA, and VA; some to St. Louis
St. Louis by COFC; all other by truck
Savannah Charlotte and Spartanburg Truck Houston Houston and Galveston Truck
Antwerp Chester, PA
Customers in PA Truck
Richmond, VA
Charlotte Truck
Figure 6-2, below, graphically depicts the route the ship would take from
Hamburg to Oakland. Note that the route in this case study takes the ship between the
Yucatan Peninsula of Mexico and Cuba. An alternate route that takes the ship through
the Windward Passage east of Guantanamo Bay and west of Haiti, and either east
(Jamaica Channel) or west of Jamaica. This route is less desirable because it is close to
15 Fairfield, C hicago and Charlotte are distribution center locations; Providence, Spartanburg, Houston and Charlotte are manufacturing plants. 16 H apag-Lloyd operates a sm all containership feeding sm aller ports from its load center at N ew Y ork/N ew Jersey.
85
land traversing areas of potential interdiction and compromise. Further, the chosen route
provides the flexibility to stop at other ports, especially in the Gulf of Mexico, such as
New Orleans and Houston.
Hamburg
F ra n k fu r t
O a k la n d
U N I T E D S T A T E S O F A M E R I C A T U R K E Y
Charleston
E G Y P T
SUOAN
Figure 6-2. Map Depicting Ocean Voyage
For this assessment and the validation of the model, the onward
transportation inland from the U.S. ports to the final destinations will not be addressed.
This is, in part, because the assessment methodology developed is focused on the security
measures in place, whether physical, procedural or human, and that they must be
completed before the intermodal maritime container can be offloaded at the first U.S. port
reached.
6.3 ROUTE SEGMENTS
For this analysis and validating the framework, the Frankfurt to Hamburg to
Oakland route is selected. This is, in part, because there is a multimodal component from
a chemical manufacturer in Frankfurt-am-Main to the port of Hamburg, a lengthy sea
voyage and passage through the Panama Canal. The route, from Frankfurt to Hamburg,
accounts for 4,700 TEUs or 38% of that shipped by the chemical manufacturer. The
86
Frankfurt chemical manufacturing facility accounts for 8,700 TEUs exported or 71% of
the manufacturer’s total. The route is as follows:
• Frankfurt to Hamburg - Direct rail access from the chemical manufacturing plant
in Frankfurt to Hamburg, where there is rail unloading in the port. The rail haul is
approximately 310 miles.
• Hamburg to U.S. East Coast - Routing is via the Elbe River to the North Sea
through the Strait of Dover (between England and France) and English Channel,
and across the Atlantic Ocean. Then once reaching the East Coast, the first U.S.
stop will be at the Port of New York and New Jersey (NY/NJ) and then
intermediate ports at Norfolk, VA and Charleston, SC.
• U.S. East Coast to Panama Canal - From Charleston, the route then proceeds
south around Florida via the Strait of Florida into the Gulf of Mexico and Yucatan
Channel between Mexico and Cuba to the Caribbean Sea and then the Panama
Canal.
• Panama Canal - Transit the Panama Canal via Gatun Locks, Gatun Lake and and
Pedro Miguel and Miraflores Locks to the Pacific Ocean at the Port of Balboa in
Panama City.
• Panama Canal to Oakland - From the Port of Balboa, the routing is up the West
Coast of Mexico and Central America, and the U.S. through the channel under the
Golden Gate Bridge to San Francisco Bay to Oakland.
87
6.4 ASSUMPTIONS AND BASIS OF ANALYSIS
In validating the framework developed in the previous chapters, assumptions were
made to reflect the Maritime CARVER factors based on the handling of the containers,
routes and modes taken, and ports through the maritime intermodal container flow. They
are:
• The chemical manufacturer, exporter and railroad operator are all CBP C-TPAT
cleared and the shipments are CSI approved. Germany, which is part of the
European Union, is a “signatory” to the Mutual Recognition Agreement (MRA)
between the U.S. and EU’s Authorized Economic Operator Program. [68] This
assures that the security requirements of the German customs agency are the same
or similar to that of CBP and, thus, making the German security requirements
acceptable to the U.S.
• Between the manufacturer and Port of Hamburg, the intermodal maritime
containers are handled twice; once loading the rail cars at the manufacturing plant
in Frankfurt and once unloading from the railcar to be queued up for loading on
the ship.
• The Port of Hamburg is one of the 61 ports that CBP coordinates with regarding
container examinations. CBP’s targeting approach in Hamburg is via in-country
personnel. [2]
• The voyage from Germany to the first U.S. port, Port of NY/NJ in this case, is
relatively simple and does not transit potentially dangerous or constricted areas.
The container ship will transit the English Channel and Straits of Dover.
The handling of the intermodal maritime containers at the first U.S, port, NY/NJ,
will be limited to offloading the containers destined to/through the port to their
inland destinations and repositioning the containers within the ship for vessel
stability and loading of domestic containers destined to Norfolk, Charleston or
Oakland.
The Port of Hamburg is one of the approximate 150 ports the USCG vets under
the International Port Security Program (IPSP). [67] [69] The intent of the IPS
Program is to inspect the ports of the U.S. maritime trading partners to verify
compliance with international security regulations.
The container ship is likely to remain at anchorage for a period of time at the Port
of Colon before entering Gatun Locks and again in Gatun Lake before it is cleared
to enter the Pedro Miguel and Miraflores Locks for passage to Panama Bay off
Balboa and, then, the Pacific Ocean.
Because of USCG operations, no significant risk is anticipated from the Port of
NY/NJ to and around the Florida Straits into the Gulf of Mexico. From the Gulf
of Mexico through the Yucatan Channel to the Panama Canal is also considered
to have nominal risk, however, passing between Mexico and Cuba could impose
some, albeit minor, risk.
The container ship could remain at anchor awaiting entry into all U.S. ports, but
not for any significant length of time or posing any significant risk.
The intermodal maritime containers will be offloaded in Oakland and transferred
to truck for delivery to customers inland.
89
6.5 MARITIME CARVER ANALYSIS
Given the routing and parameters, above, and CARVER matrix methodology
developed and discussed in Chapter V, the following is an analysis of the route to
validate the risk framework.
6.5.1 Route Segment 1 - Frankfurt to Hamburg
Chain of Custody - A value of 2 is assigned (Table 5-2 in Chapter V). This is
because the containers are directly loaded onto rail cars at the manufacturer and
transported to the load center port in Hamburg where they are offloaded and loaded
directly onto the ship (containers handled 2 times).
Approach (to targeting) - A value of 2 is assigned (Table 5-3 in Chapter V).
This is because, among other things, Hamburg is one of the 61 ports that CBP
coordinates with in-country inspectors and Germany is part of the MRA between the U.S.
and EU’s Authorized Economic Operator Program, which also includes international
regulations (e.g. IMO’s SOLAS).
Routing - A value of 8 is assigned (Table 5-6 in Chapter V). This is because the
rail transport, albeit direct, is over 300 miles from manufacturer to the load center port.
This determination is made based on the longer the distance the more chance the train
and its contents could be compromised. This is, in part, due to the train operating speeds,
number of times the train may stop and opportunities for an unwanted person to board or
compromise the train.
Vetting - A value of 2 is assigned (Table 5-7 in Chapter V). This is because the
manufacturer, exporter and railroad have been properly vetted, via, among other things,
CSI and C-TPAT, which is a condition of the MRA between the U.S. and EU’s
Authorized Economic Operator Program.
90
Exposure - A value of 2 is assigned (Table 5-8 in Chapter V). This is because
the Port of Hamburg is inspected under the USCG IPSP and is a part of the MRA
between the U.S. and EU’s Authorized Economic Operator Program. Further the port has
an extensive physical security program supplemented by policing and human surveillance
consistent with being one of the 61 CBP ports and is part of the CBP C-TPAT and MRA.
Regulatory - A value of 2 is assigned (Table 5-10 in Chapter V). This is because
the Port of Hamburg, German manufacturer and railroad are in compliance with
governing U.S., host nation and international regulations and programs, as evidenced by
Germany being a signatory of the MRA between the U.S. and EU’s Authorized
Economic Operator Program.
6.5.2 Route Segment 2 - Hamburg to First U.S. Port (NY/N.T)
Chain of Custody - A value of 2 is assigned (Table 5-2 in Chapter V). This is
because that, once the containers are loaded onto the ship in Hamburg, the containers will
not be handled until reaching the sea port of destination and the chain of custody will be
with the shipping line and its ship’s officers.
Approach (to targeting and monitoring) - A value of 2 is assigned (Table 5-4 in
Chapter V). This is because the voyage is in international waters between Germany and
the U.S. (trading partners), both of which are in compliance with U.S. and international
programs (e.g. IMO’s SOLAS), and are “signatories” of the MRA. This greatly enhances
the maritime supply chain security.
Routing - A value of 4 is assigned (Table 5-5 in Chapter V). The voyage is via
the Strait of Dover and through the English Channel. Although Table 5-5 assigns a value
of 5 or 6 when passing through a strait or canal, the Strait of Dover, which is about 21
91
miles across, is not in “hostile waters” and lends to a lower Routing value. Also and
based on the activity at the Port of NY/NJ, the vessel may remain at anchorage off the
coast for a period of time. This would yield a value of 3 or 4.
Vetting - A value of 2 is assigned (Table 5-7 in Chapter V). This is because
Germany is a “signatory” of the MRA between the U.S. and EU’s Authorized Economic
Operator Program assuring compliance with U.S. and international programs, which
includes CSI and C-TPAT and other vetting programs.
Exposure - A value of 4 is assigned (Table 5-9 in Chapter V). This is because
the ports of Hamburg and NY/NJ maintain comprehensive physical security programs
supplemented by policing and human surveillance (.e.g. Port Authority of New York and
New Jersey Police Department and U.S. Coast Guard presence). Since several shipping
lines are used and onboard security measures vary from shipping line to shipping line, the
higher value of 4 (“ .. .minimal onboard security.. .”) is used because of the possible
inconsistencies. Plus and as stated in Routing, the voyage does not traverse any know
hostile area.
Regulatory - A value of 2 is assigned (Table 5-10 in Chapter V). This is because
Germany is a “signatory” of the RMA, which acknowledges that the supply chain, from
vetting the manufacturer, railroad and at the ports prior to departure and during the
voyage, is considered to be in compliance with applicable U.S., host nation and
international rules and regulations.
6.5.3 Route Segment 3 - U.S. East Coast to Panama Canal
The voyage from the Port of NY/NJ to and through Norfolk and Charleston is
within or close to U.S. territorial waters. As such, many of the requirements applicable to
92
the first U.S. port of entry (e.g. USCG 96-hour notice of arrival rule) do not apply.
Therefore, this route segment will not include entry into the ports of Norfolk and
Charleston. Entering the Port of Oakland, however, will be included in Segment 5
because the voyage will have traversed international waters; Gulf of Mexico, Caribbean
Sea, Panama Canal and Pacific Ocean.
Chain of Custody - A value of 4 is assigned (Table 5-2 in Chapter V). This is
because the containers will be handled to either offload or relocate them within the ship
before loading domestic containers and continuing the voyage to Norfolk, Charleston and
Oakland. Further, the containers destined to inland endpoints from the Port of NY/NJ in
Table 6-2 will be offloaded and transloaded to truck or rail adding chain of custody
partners. But and since this assessment does not address the onward transportation to the
final inland destinations, only the risk to the containers and impact of handling within the
ship is considered. This is because the principles and procedures of TSA’s chain of
custody regulation (49 CFR 1580) are employed. Also, domestic containers could be
loaded potentially, but it is unlikely that the containers that remain on the ship will be
compromised.
Approach (to targeting and monitoring) - A value of 2 is assigned (Table 5-4 in
Chapter V). This is because operating in U.S. ports and territorial waters does not pose a
substantial risk. This is, in part, because the intermodal maritime containers and supply
chain from Germany would have been properly vetted prior to entry into the first U.S.
port.
Routing - A value of 8 is assigned (Table 5-5 in Chapter V). This is even when
the table shows a value of 9 or 10 for a vessel that passes through a strait (Florida Strait
93
and Yucatan Channel) and/or canal with anchorage (off the Port of Colon before entering
the Panama Canal). Other reasons for the lower value are that the Yucatan Channel
between Mexico and Cuba is about 135 miles wide, the route is not in “hostile waters”
and is along established sea lanes. Also, there is significant USCG presence along the
East Coast, Gulf of Mexico and Caribbean Sea, to include locations in Key West, Puerto
Rico, Guantanamo Bay and the Bahamas.
Yetting - A value of 2 is assigned (Table 5-7 in Chapter V). This is because the
ship has already been cleared (exporters, containers, crew, etc.) to enter the first U.S. port
and the containers loaded at the other U.S. ports are domestic and comprehensively
vetted. Also, a major portion of the voyage from NY/NJ to the Panama Canal is in or
close to U.S. territorial waters.
Exposure - A value of 2 is assigned (Table 5-9 in Chapter V). This is because
the ports are in the U.S. and are regulated, in part, by the USCG, DHS/CBP and
DHS/TSA; require a Transportation Worker Identification Credential (TWIC) to work in
the ports; and have extensive physical security programs supplemented by policing and
human surveillance to comply with DHS and other agency rules and regulations. Also,
the onboard security measures are heightened because of USCG operations in and around
U.S. territorial waters.
Regulatory - A value of 2 is assigned (Table 5-10 in Chapter V). This is because
all of the components of the supply chain from vetting in Germany, which is a
“signatory” of the MRA between the U.S. and EU, along the voyage and into the first
U.S. port are complaint with U.S. and international rules, regulations and programs.
94
6.5.4 Route Segment 4 - Transiting the Panama Canal
Chain of Custody - A value of 2 is assigned (Table 3 in Chapter V). This is
because the containers will be stowed on the ship and will not be handled during this
segment of the voyage. Plus the chain of custody will remain with the ship’s officers and
company officials’ control during the sea voyage. Also security along the canal is
heightened.
Approach (to targeting and monitoring) - A value of 2 is assigned (Table 5-4 in
Chapter V). This is because the voyage will be within the Republic of Panama and in
compliance with U.S., international programs (e.g. International Maritime Organization)
and the Panama Canal Authority (ACP) rules and regulations. Plus, the Ports of Colon
(Atlantic Ocean/Caribbean Sea side of the canal) and Balboa (Pacific Ocean side) are
among the 61 ports that CBP coordinates and inspects with in-country inspectors and is
one of the 150 countries with MRAs with the U.S.
Routing - A value of 8 is assigned (Table 5-5 in Chapter V). This is because the
ship will navigate the approximate 50 mile canal system, pass through 3 sets of locks,
Culebra Cut (considered a strait because of its characteristics) and likely remain at
anchorage in Gatun Lake awaiting passage through the Pedro Miguel and Miraflores
Locks into the Pacific Ocean. All of which is close to land and, although protected by
security and protective measures, could allow unwanted individuals to board the ship;
possibly undetected. The lower value used is because of the security measures entering,
transiting and exiting the canal.
Vetting - A value of 2 is assigned (Table 5-7 in Chapter V). This is because the
ship and its contents have already been cleared to enter the first U.S. port and operate in
95
U.S. territorial waters. Also, the maritime transportation company, the ship and its crew,
cargo and documentation will be further scrutinized by the ACP prior to its traversing the
canal.
Exposure - A value of 6 is assigned (Table 5-8 in Chapter V). The Panama
Canal is considered to have an extensive physical security program supplemented by
policing and human surveillance. Despite this and because of the proximity of the ship to
land for nearly 50 miles, moving at slow speeds and takes about 8 - 1 0 hours to traverse,
[65] physical and human security measures may not be as effective as if the ship was
stationary in a port or moving at sea. Hence the higher value than in the table.
Regulatory - A value of 2 is assigned (Table 5-10 in Chapter V). This is because
Panama, as one of the 150 countries with a MRA with the U.S., assures compliance with
U.S. and international, as well as host nation and ACP regulatory policies and programs.
6.5.5 Route Segment 5 - Panama Canal to Oakland
Chain of Custody - A value of 2 is assigned (Table 5-3 in Chapter V). This is
because the maritime intermodal containers will be stowed on the ship for this segment
and offloaded at the Port of Oakland with minimal handling (at the port). There, the
container will be offloaded and transferred directly to truck for inward movement to the
final destination. TSA, along with CBP, is responsible for the containers transferred from
the ship to truck. [9]
Approach (to targeting and monitoring) - A value of 2 is assigned (Table 5-4 in
Chapter V). This is because the containers have been vetted and inspected prior to arrival
in the first U.S. port and, in transit from them (the U.S. ports), they are continually
monitored by the USCG and CBP. Plus, Mexico is one of the 150 countries with a MRA
96
(with the associated U.S. and international regulations and programs) with the U.S. and
the voyage from Panama to Oakland, will be in U.S. and international waters. Although
in international waters off the coast of Central America and Mexico, the vessel will be
within the “reach” of the USCG.
Routing - A value of 2 is assigned (Table 5-5 in Chapter V). This is because,
once the ships transits the Panama Canal, it will be on the open ocean until it reaches the
San Francisco Bay, but within reach of the USCG. There (San Francisco Bay) and based
on the activities at the Port of Oakland, the vessel may remain at anchorage off the coast
for a period of time. This, however, is not expected to increase the risk, so the lower
Routing value is appropriate. Also, the USCG has a large presence in the Bay Area.
Vetting - A value of 2 is assigned (Table 5-7 in Chapter V). This is based on the
fact that the required vetting has been completed allowing the ship to enter the port in
accordance with the USCG’s 96-hour advanced notice of arrival rule. This includes
being in international waters from Panama to Oakland.
Exposure - A value of 2 is assigned (Table 5-9 in Chapter V). This is partly
based on the layered physical and human security measures in place at the Port of
Oakland and in San Francisco Bay. Although the ship will have to pass through the
narrow one mile strait or channel under the Golden Gate Bridge that connects the Pacific
Ocean and San Francisco Bay, exposure is limited. This is due, in part, to the USCG,
CBP and other law enforcement along the ship channel that mitigate the risk. Onboard
security measures are expected to be heightened when transiting the canal and remain in
place at that level until the ship reaches Oakland.
97
Regulatory - A value of 2 is assigned (Table 5-10 in Chapter V). This is based
on verified compliance of the shipping line and supply chain with U.S. and international
regulatory programs, as evidenced by the MRAs, before entering the Port of Oakland.
Note that, of the value ranges for each condition, the higher value is selected.
This is because security errs on the side of caution lending to assigning higher values.
6.6 DISCUSSION OF ANALYSIS
The model “run” in this chapter is summarized in Table 6-4, below, and shows
that transiting the Panama Canal is the riskiest part of the supply chain. This is, in part,
due to the ship being at anchor, operating in constricted areas and sailing at slow speeds;
all conditions where the ship could be boarded and/or cargo compromised. The
CARVER component that can be considered the most critical in the analysis is Routing,
which is consistent with the Panama Canal rating.
Table 6-4. Maritime CARVER Risk Matrix for Frankfurt to Oakland Route
Frankfurt via Ports of NY/N. , Norfolk and Charleston to Oakland Route Segment C A R V E R Risk
No. Manufacturer in Frankfurt to Port of Hamburg
2 4 8 2 2 2 20
Port of Hamburg to Port of NY/NJ 2 2 4 2 2 4 16
Port of NY/NJ to Panama Canal 4 4 6 2 2 2 20
Transiting Panama Canal 2 2 8 2 6 2 22
Panama Canal to Oakland 2 2 2 2 2 2 12
Component Risk Number 2.4 2.8 5.6 2.0 2.8 2.4
Combined Route Risk Number 18.0
98
For Segment 2, which is the transatlantic voyage, the value is low because the
segment is well into the voyage allowing sufficient time for the proper follow-up vetting,
to include for the maritime intermodal containers loaded in the US ports. Also, Segment
2 is low because it is within easy reach of the England and European coastline with
European navy and coast guard monitoring and protection.
It can be concluded from this analysis that the route is a relatively low risk one
with regard to risk based on, among other things, the extensive vetting and compliance
with U.S. and international rules, regulations and programs in place. Specifically:
• Germany is a “signatory” of the Mutual Recognition Agreement between the U.S.
and the EU guaranteeing a rigorous security program that is consistent with that
of the U.S and international maritime community (e.g. IMO’s SOLAS). Further,
physical and human security, as part of the agreement process, must also be
consistent with that of the U.S. and international community, which enhances
security.
• The Port of Hamburg is one of the 61 ports that CBP has in-country CSI
inspectors and is one of the 150 ports that are inspected under the USCG
International Port Security Program.
• The move from the chemical manufacturer in Frankfurt to the Port of Hamburg is
minimally handled (chain of custody) and is loaded and unloaded within the
manufacturing facility and port, respectively.
• The route other than through the Panama Canal is relatively unrestricted and does
not traverse areas of known or undue danger and risk.
99
• The supply chain, to include manufacturer, railroad and port operator, are CBP C-
TPAT vetted, which is consistent with the provisions of the MRA between the
U.S. and EU.
• The container shipping lines are known entities that have been vetted and where
trust has been built.
• Enroute vetting furthers the scrutiny under which the supply chain and shipping
line and its crew are subject to. All must be in order before the USCG can permit
entry into the first U.S. port in accordance with the 96-hour notice of arrival rule.
• Global Positioning Satellite (GPS) navigation and tracking provides awareness of
a ship’s location, speed, direction, etc., which allows a ship to be monitored as to
anomalies enroute and any unscheduled stops or deviations in routes.
From the framework “run” and discussion, it can be concluded that the Frankfurt
to Oakland route is relatively safe and the chance of a WMD being smuggled into the
U.S. is small. The German chemical manufacturer may want to compare this port and
route to the others it uses and, possibly, modify its supply chain, if a higher risk exists
from routes or from other ports. This includes that land based transportation to the ports.
To consider other routes, the German chemical manufacturer or any member of the
supply chain could run the framework for multiple alternative routes, based on its
characteristics and choose one based on overall risk, as well as determine if any one
segment on any route is riskier than another.
If for example, the framework developed with the synthesized data in Chapter V
provides the same commodities, packaging and quantities as the case study in this
chapter, the German manufacturer supply chain in this analysis would pose an equal risk,
100
as both have a combined route risk number of 18.0. This is determined by, among other
things, looking at the CARVER matrices for both. The riskiest CARVER combined
route, for the synthesized data route and case study, is 5.0 and 5.6, respectively.
Transiting the Panama Canal is the riskiest in both cases. All things being equal and not
considering cost, either route provides a safe choice for the supply chain stakeholders.
Other factors that are not cost related that could have an impact on routing includes trade
agreements, overall transit time, delivery timing, and port and harbor efficiencies.
From this analysis and to be further discussed in Chapter VII, other routes from
other countries may not be as “safe” as this one by virtue of, among other things, country
of origin, supply chain partners, known areas of danger, route, and security programs and
participation.
Based on building the framework in Chapter V and the case study in this chapter,
it is anticipated that the assessment could be performed in an estimated 8 to 16 hours.
This estimate of time is based on the following:
• An initial telephone conversation with the supply chain partners ( 1 - 2 hours)
• Developing the input data and completing the interview protocol form ( 2 - 4
hours)
• A supplemental telephone conversation with the supply chain partners to clarify
the input data provided ( 1 - 2 hours)
• Performing the CARVER assessment ( 4 - 8 hours)
This time estimate is based on the fact that the input data to be used in the
assessment is readily available from the information developed for the required shipping
documents, operational route planning, and complying with procedural and regulatory
101
requirements. It is anticipated that the amount of time to complete the route assessment
should be on the lower end of the estimated range.
Once the assessment is complete and routing decision made, changes would take
less time for “mid-course” corrections and modifications to reflect changed conditions,
such as heighted tensions or credible threats along the designated route. Further, the
Maritime CARVER framework is developed so that anyone in the supply chain can make
changes to reflect 1) changed conditions and 2) check the assumptions of other supply
chain partners. For future consideration, Maritime CARVER assessment could be made
part of the procedural and regulatory requirements by, among other agencies, CBP before
the container is loaded onto the ship.
Capturing uncertainty lends to a deterministic approach to the framework. It is
intended that the framework be run by individuals and/or organizations that have a vested
interest in the intermodal containers and commodities shipped. In this case and for the
thesis of this research, it will likely be the U.S. importer or container line. However, this
does not mean that the other supply chain partners cannot be involved in or prepare the
assessment.
Individuals and organizations are likely to view things differently, which could
result in different assessments of the same routes and segments within. Therefore, input
determination validity could be a concern. Experience and expertise in all phases of the
supply chain is necessary for the assessment to be effective. This means that supply
chain partners could be involved via oversight and lending their particular expertise to
those performing the assessment. This is particularly important when evaluating routes
or segments within either initially or as conditions change, as can be expected in today’s
102
ever changing threat environment. For future study and research, containers representing
multiple supply chains are loaded on one vessel should be considered.
It is important to recognize that the individuals or organizations performing the
assessments may not possess experience in a particular expertise needed to complete it
effectively. This leads to an assessment process that reflects many things, to include
oversight to ensure that the assessment is not self-serving, the input information is
expertly developed and cascading effects reflect the possibility that a security profile or
risk in one segment could affect that of another. A goal of this research is that the
Maritime CARVER framework be adopted by CBP as part of its 24 hour documentation
requirement prior to loading (a container).
The above discussion leads to the topic of weighting a route or segment within a
route based on extenuating conditions and situations, and experience. Traversing the
straits of Hormuz is an example where weighting could be considered based on threat
level in the region. The Maritime CARVER framework is built upon the reliance of the
industry experts subjectively weighting their choice of conditions and numeric values
found in the tables. Based on numerous runs of a segment or route, a database could be
developed that yields weighting factors that reflect a history of the experts subjectively
“weighting” CARVER conditions and numeric values. This “weighting” could also
reflect incidents and conditions that the experts may or may not subjectively factored into
their selection of numeric values over multiple years and “runs”. This is definitely suited
for future research and study.
103
VII. APPLICATION OF FRAMEWORK TO INDUSTRY
The Maritime CARVER framework is a tool that can be used to select routes that
are less risky and identify route segments that pose risk. It can be used to ensure that the
manufactures, transportation companies and exporters/importers (collectively referred to
as supply chain partners or industry) are properly vetted, which represents the security of
the supply chain. It will also help the supply chain partners select ports that have security
measures (physical, human and cyber) that are robust and consistent with that which is
required at U.S. ports and international maritime security programs.
This section will address how the industry can use the framework and what
benefits it will have. Specifically, it will look at how the supply chain partners choose
and government organizations protect the supply chain and, thus, minimize the risk of a
WMD landing on U.S. shores for onward movement inland. Note that the model can be
adapted and used to minimize the risk of smuggling contraband or a range of criminal
activities associated with the maritime intermodal container industry. Specifically and
with regard to the industry, the following will be considered and discussed as they apply
to the supply chain.
• Route selection to, among other things, avoid, where possible, areas of known
threats (e.g. piracy) and constraints, such as canals and straits.
• Choosing ports that are secure, to include the land and maritime transportation to
them from the manufacturers.
• Choosing manufacturers, exporters and freight forwarders, based on geographic
location and trustworthiness with regard to security.
104
• Choosing land transportation routes and carriers that are trustworthy and provide
the most direct routes to the port. This also applies to coastal routes from feeder
to load center ports.
• How the framework can be an asset to U.S. government (e.g. CBP and USCG)
and the intermodal maritime security community (e.g. IMO), as an invaluable tool
to address security gaps.
• How, unlike the railroad’s RCRMS, this framework will be easy to operate in a
timely manner and not be resource intensive and cost prohibitive.
• Although a factor, cost will not be addressed in the framework because it (the
framework) is solely focused on security and impact of deterring WMDs landing
on U.S. shores.
The ultimate goal of this research and framework is to develop a simplified
methodology to address and minimize the risk of a WMD, drugs and other contraband
landing on U.S. shores. Further consideration and a value added of this framework to the
industry is that it could be extended to detect tainted foodstuffs (e.g. produce from South
America) and, thus, the potential to “weaponize” items in the food chain.
7.1 ROUTE SELECTION
Although the route used to validate the model is relatively safe one, route
selection can be useful in avoiding, among other things, areas of known piracy and the
potential for the intervention, by individuals or groups who may want to further a
geopolitical agenda. Respectively, examples include the Strait of Malacca and off of the
coast of Somalia, and the Suez Canal and Strait of Hormuz. And one cannot rule out
105
criminal activity, such smuggling drugs and other contraband and, perhaps, there could
be a link between the two to further terrorism.
Although direct routes are more desirable than circuitous ones or ones that have
intermediate stops in foreign ports, an indirect route may be chosen to avoid areas of
potential conflict and intervention. Also, the framework could be “run” to determine the
impact of stopping at intermediate non-U.S. ports to determine if there is additional or
unwarranted exposure to risk. Further, the industry should focus on routes that are
protected to the greatest extent possible by coast guards and navies. The Strait of
Malacca comes to mind where there is a cooperative effort among the bordering nations
there to protect shipping.
One should not forget the land-based and maritime feeder transportation from the
manufacturer to the foreign port. The framework can be used to evaluate the risk to the
port vis-a-vis distance and routing, number of times the containers are handled, and
delays and stoppages. All of these could provide an opportunity for the maritime
intermodal containers to be compromised. Also and with regard to the route, tracking via
AIS is important, especially when far out to sea, in potentially hostile waters and when
1 7traversing straits and canals. AIS, like an airplane’s black box and geo-fencing on land,
can determine the location and speed of a vessel and is one of the considerations in the
routing component of the framework.
Any supply chain member could “run” the framework to determine if the route
and the security measures of the ship’s crew and shipping company are sufficient to
protect the intermodal container that has, theoretically, been fully vetted prior to the
17 G eo-fencing is a virtual boundary system used to track transportation vehicles and alert when they deviate from designated routes and geographic areas. It is a GPS based system and can trigger specific actions to prevent further deviation.
106
voyage. If not, multiple routes could be “run” in a simple, timely and cost-effective
manner.
7.2 PORT SELECTION
When selecting ports, ones that are USCG inspected via the IPSP and where CBP
targets and inspects locally through CSI and other means are a better choice than ones
that do not have as rigorous a security program as the U.S., thus increasing the
vulnerability. Also, the ISPS Code, which is a provision of SOLAS, is intended to ensure
that maritime operations and port facilities of IMO member countries are employing the
highest possible standards of security. Considering the above, all of which are principles
of the Mutual Recognition Agreements (MRA), the industry should select ports that
provide the maximum security possible. This could result in a different manufacturer and
supply chain being selected if a port is not up to standards and allowable risk.
For the manufacturer in Frankfurt-am-Main, there are several ports that are
relatively equidistant that maintain the highest security that could be shipped through.
They all maintain the highest security and are recognized as such. This is not always the
case. For example, the same chemicals that are manufactured in Frankfurt-am-Main and
destined to the U.S. East Coast are shipped through a port that does not have effective
security. The risk would be high. Therefore, the ultimate user of the chemical, importer,
exporter and/or maritime transportation company would be faced with the decision of
using this manufacturer and a different port. Cost could be an issue in that the price of
the chemicals and/or transportation may be higher.
107
7.3 CHOOSING MANUFACTURERS, IMPORTERS/EXPORTERS AND FREIGHT FORWARDERS
The importance of the framework to the industry is the ability to quickly assess
the importance of the manufacturer, importers/exporters and freight forwarders being
vetted through the various CBP and international (e.g. IMO) regulatory processes and
programs. Much like ports, the manufacturers, importers/exporters and freight
forwarders should be selected based on assessed risk and what could be considered a
“threat profile”.
Unless there is a valid reason, a supply chain partner not properly or CBP C-
TPAT vetted should be questioned and, if necessary, an alternate partner chosen. This
applies to the transportation provider from the manufacturer to port, as they can also be
C-TPAT vetted. The more supply chain partners that are C-TPAT vetted the more secure
it (supply chain) is. Also, the history of a manufacturer, importer/exporter and freight
forwarder with regard to CBP CSI inspections and compliance with CBP’s 24-hour
manifest rule is important. A history of requiring further inspection, not or just making a
ship because of the 24-hour manifest rule should “raise eyebrows”.
The framework, in its subjective assessment, identifies the programs and
conditions that are important to minimizing risk when considering vetting and
compliance with regulatory processes. The framework could be used by the end user,
especially if there is an issue with a given importer and exporter, and manufacturer. The
framework will help the end user determine if it is worth the risk using an importer and
exporter, or manufacturer, especially if others are available. The framework provides the
tools to assess this simply.
108
7.4 POINT OF ORIGIN INLAND AND COASTAL MARITIME TRANSPORTATION
In a previous chapter, it was stated that a major portion of the risk to intermodal
containers is at the manufacturer when loading the container and continues through the
land and water transportation to the load center port. Vetting of the supply chain under
CBP’s CSI and C-TPAT is an initial hurdle that is intended to minimize the risk of a
container being compromised. This should address much of the risk from the
manufacturer to the port. However, there is a risk associated with the transloading from
truck to rail, truck to feeder vessel and, then, truck, rail or feeder vessel to the ship in the
load center port.
The more a container is handed there are more parties involved in the chain of
custody; hence greater the risk of compromise. This could result in a container handled
numerous times by several different parties involved in chain of custody. This situation
is from manufacturer to truck to rail to ship in the load center port with the container
handled 3 - 4 times depending on whether or not the container is loaded directly onto the
ship when arriving in the port. Further and with truck and rail, they may be operating at
slow speeds or even stopped due to, among other things, traffic (e.g. freight density for
rail). When a truck or train are operating at slow speeds, the easier it would be to
compromise it. The feeder vessels could experience similar operating conditions.
Given all of the above, the framework would allow any supply chain partner to
easily determine if there is a better and more secure route to help alleviate this condition.
Because of the available land and coastal vessel routes and providers to a particular port,
the framework may suggest a different port or even manufacturer providing the same
product.
109
7.5 GOVENRMENT AND MARITIME COMMUNITY BENEFITS
When it comes to risk analysis and assessment, government agencies, in particular
that of the U.S., employ risk assessment models. Academia and consultants are also
involved, as they usually develop the models for the government. As such and more
often than not, the models are complex, theoretical, highly analytical, costly to “run”,
time consuming and data intensive, as is discussed in Chapter III, Literature Review. The
users of the framework and target “audience” are the practitioners that are the subject
matter experts (SME) with regard to the supply chain; operations, including targeting and
inspections; the vetting process; and physical, human and cyber security measures. They
are not analysts in the typical sense, mathematicians or engineers or scientists. The
simplified framework will allow the SMEs to spend less time on analysis and focus more
time performing their assigned jobs, such as resource and asset protection, transportation
operations, security, law enforcement and operations management either directly or
indirectly, based on the extent security is involved.
Government benefits, as with the maritime community, are that the framework
provides a “seat of the pants” approach to maritime intermodal container security that is
based on the expertise of the supply chain partners and governmental regulations and
programs that are focused on security. This makes it incumbent upon the government
regulators, compliance inspectors, etc. to understand the specific programs, the proper
application of them and underlying principles as they relate to security.
To the maritime community, the risk assessment framework focuses on, among
other things, loss prevention. If a ship or any of its cargo is compromised, the viability of
the importer, the shipping line, maritime intermodal company, among others, is
110
jeopardized. Further and if a WMD lands on the U.S. shores, transported inland and is
“deployed”, the liability would be astronomical and could reach back to the maritime
partners in the supply chain for not providing proper security. Since the maritime
community is “stuck” with an intermodal container delivered by rail, truck or feeder
vessel that may be improperly vetted, the framework would allow them to assess the risk
of the container based on their expertise, experience and understanding of the
transportation flow from manufacturer to port.
If a container were compromised in a port or “deployed” in a foreign or even U.S.
port, the repercussions could impact the overall operation of the port, to include cruise
ships and ferries. The latter two could have unintended results with regard to fear and
economic impact beyond what the terrorist may have intended.
7.6 BENEFIT OF “EASE OF USE”
A major benefit of the Maritime CARVER framework to the industry is the
ability to perform route analyses simply and cost-effectively, unlike the FRA sponsored
RCRMS for the railroad industry. The party “running” the assessment can simply apply
their institutional knowledge of the supply chain and security measures in place to
determine the values to be used in the analysis If the party “running” the framework
does not have the expertise to make the subjective assumptions, they can reach out to the
other partners in the supply chain to provide the information. Since none of the
information that is used in this framework is sensitive, as per TSA, USDOT and others,
let alone classified, it can be obtained easily for the framework. However, some of the
I l l
information may be proprietary, but may be sharable if not, in many cases, already being
shared among the supply chain partners.
In the supply chain, it will be known if the manufacturer and/or exporter or both
parties, as well as the and land and feeder vessel transportation providers, are C-TPAT
cleared, or whether or not the intermodal containers are CSI approved or “tagged” for
further inspection. It will also be known if the port being used is one of the 61 approved
by CBP for inspection protocols and the port is secure via, among other things, the USCG
IPSP and IMO ISPS programs. Plus, CBP’s 24-hour manifest rule is an additional layers
vetting of the container. This extends to the sea voyage and whether or not it passes areas
of known piracy and/or potential conflict, or through straits or canals. Finally, tracking
via USCG, IMO and other tracking requirements, among other methods, AIS is an
additional way of ensuring that the vessel is safe and proceeding as planned.
These parameters and conditions are all easy to determine and the basis of the
subjective evaluations of the security measures to be used in selecting the values in the
framework. Hence, they, when applied properly, provide the supply chain partners with
an easy snapshot of the risk involved in the supply chain, a given port and viability of the
route with regard to security.
7.7 SECURITY VS. COST FOCUS
The intent of the framework is to provide the industry with a simplified model
that could help any partner in the supply chain select an exporter/importer, route, port or
even manufacturer that would minimize the risk of a WMD being “smuggled” in one of
their intermodal containers to the U.S. The framework would also be a benefit to
112
governments, regulatory agencies and the security of the U.S. as a whole. An added
benefit would be the use of the framework, as mentioned several times previously, to
counter U.S. and international law enforcement (e.g. U.S. Drug Enforcement Agency and
CBP, and INTREPOL) combat smuggling drugs, conventional weapons and other
contraband, as well as the efficacy of a product and preventing any opportunity to taint a
product shipped.
As with most anything, cost and cost/benefit are always an issue. When goods
and commodities are shipped, a part of the price to the consumer is the transportation
cost. If a circuitous route is chosen because of risk, the price of the goods or products
would likely be increased. Or, if the product is a commodity, the supply chain partners
could absorb the cost.
The Army’s CARVER model, which is the basis and inspiration for this
“maritime version” of the CARVER model, is mission and operations oriented; not cost.
It looks at methods of attacking a target providing options that reflect risk. In the U.S.
Army CARVER model, resources are looked at with regard to selecting targets and
probability of success. The same basic principles apply to the Maritime CARVER
framework. It looks at methods of mitigating risk in the vetting, inspection, physical
security measures and processes, and routes taken. The model is security focused.
Although a consideration in route selection, consumer pricing, etc., cost herein is
the subject of further study. Insurance could enter into further study, as premiums are
based on loss history and relative risk and ways to mitigate them. The magnitude of
potential cost impacts is not known at this time, based on this research. Risk and risk
tolerance will govern supply chain partner selection, operations and route selection and
113
determine the impact on costs. This framework provides ways to mitigate risk that
would, with further study, let the supply chain partners evaluate the risk with the cost
considerations, if any.
114
VIII. SUMMARY AND CONCLUSIONS
The risk of a maritime intermodal container being compromised for illicit
purposes is real. The supply chain has many “moving parts” that require an experienced
and expert approach to risk assessment. Vetting is the process of scrutinizing the supply
chain members and commodities being shipped and is the first line of defense. Next, are
the physical, human and cyber security measures at the manufacturing facilities, in the
ports and along the transportation routes. Finally, the cooperation among all parties in
the supply chain, governments and international community is the overarching “entity” to
assure risks are minimized. Success in minimizing the risk is the combined efforts of the
three.
8.1 SUMMARY OF FINDINGS
The security process for maritime intermodal containers destined to the U.S. is
multifaceted and multilayered, and the ways in which a container could be compromised
are vast. There are many U.S. and international programs to combat terrorism and
criminal activity in the maritime environment, but the many jurisdictions and programs
make the process difficult and cooperation essential. It is also labor intensive relying on
information technology, which as evidenced in the news, is under attack. Based on the
port and country, physical security complemented by human security measures range
from robust to weak and must be addressed. This inconsistency, along with vetting and
inspections, makes it imperative that the supply chain partners understand where the risks
are requiring informed decisions.
115
In the development of the Maritime CARVER framework, existing models and
methods, whether developed specifically for maritime risk or not are, for the most part,
complex and analytic in nature and not user-friendly to the practitioner. In the literature
search, the U.S. Army CARVER targeting model seemed like a simple approach that
could be used to employ the expertise of the supply chain partners to assess risk. The
literature search also found a small number of approaches to risk using the CARVER
approach and technique, which is an indicator of the value of its simplicity. The
difference between the U.S. Army and Maritime CARVER risk assessment is that the
Army uses the model to “target” an objective, whereas the framework in this research and
approach is that the supply chain components are being “targeted”.
The Maritime CARVER framework is a simple, subjective approach to assessing
risk, based on the expertise of the industry and supply chain partners, resulting in a
numeric and comparative framework for lay people to assess and prioritize risk in the
decision making process. It is based on the retooling of the CARVER components (e.g.
Criticality and Effect) to reflect the maritime supply chain environment and security
measures and components (e.g. Chain of custody and Routing). Like the U.S. Army
CARVER model, this methodology allows the practitioner to look at the supply chain as
a whole or its individual links and nodes. This allows any supply chain partner to change
one or more links or nodes to reduce the risk while not scuttling the entire supply chain
network.
From the framework development in Chapter V to the case study in Chapter VI,
it can be seen that the conditions and range of values allows a practitioner or subject
116
matter excerpt (SME) to quickly assess risk. From the research and assessment “runs”, it
can be concluded that:
• Risk is most probable during the packing and loading of the containers at the
manufacturer along with the handling of the containers from the manufacturer to
the load center port. This is, in part, because there will potentially be different
parties involved with many people all of whom should be “trusted” and properly
vetted.
• Transiting straits and canals, and operating near hostile areas (e.g. off the coast of
Somalia and, perhaps, off the coast of Cuba) is where the next level of risk arises.
This is because they are known and potential threat areas and require operating at
slow speeds and even remaining at anchor for a period of time.
• Routing poses the least risk relatively speaking because of navigation aids and
tracking, and that the ships are far out to sea in international waters. This makes it
difficult for other than a comprehensively coordinated effort to compromise a
ship.
• The framework is a simple and subjective approach that will provide a reasonable
assessment of risk to be used as a part of the decision making process for
selecting ports, routes and supply chain partners.
• In addition to port security, there is a comprehensive and layered level of vetting
the supply chain partners and commodities shipped go through, to include where
they are shipped from. The Maritime CARVER framework was built on these
premises.
117
8.2 CONCLUSIONS OF THE BENEFITS OF THE FRAMEWORK
The benefits of the model to industry and governments are simple. It provides a
simple and user friendly model that a ship’s captain, manufacturer’s distribution
manager, consignee, CBP Port Director, etc. can use to assess risk of the supply chain
and its segments. It would also allow a “mid-course” correction, if an event or incident
requires the diverting of any part of the supply chain and its transportation network.
The assessment would allow the supply chain partners to work with the regulators
on security risk and issues and “game” alternate routes in “real time”. Unlike RCRMS
for the railroad industry, the framework would avoid timely and costly assessments in
support of decision making and as part of route selection.
The concern of the railroad industry of not having the resources, in terms of cost,
time and personnel, to commit to preparing a RCRMS risk assessment for the FRA for
certain categories of hazmat is something the maritime industry will probably not want.
This is important, as it is not out of the realm of possibility that some U.S. governmental
agency will require a risk assessment of the supply chain be prepared as part of a
regulatory, vetting and inspection process to deter and/or detect a WMD, drugs or other
contraband being smuggled into the country. In addition, the IMO or other country could
have similar requirements either separately or in conjunction with the U.S.
8.3 RECOMMENDATIONS AND WAY FORWARD
Now that we understand the risk associated with the maritime intermodal
container supply chain and available alternatives and their advantages and disadvantages,
what further research would benefit the U.S. and its population and the world as a whole?
118
Although there are many avenues for further research and study, several can be
considered as important, based on today’s risk. They include:
• The cost and economic impacts and how they could influence route and supply
chain partner selection to mitigate the risk. This could include consumer impacts
and insurance. This is also a consideration when evaluating the profitability and
viability of a supply chain partner or route.
• A significant portion of the vetting, security measures, and monitoring and
navigation are technology and cyber based. Further research into how cyber
attacks and compromises could impact the risk associated with the maritime
intermodal container supply chain and security measures to be employed should
seriously be considered.
• This method and the framework are not exclusive to deterring WMDs from being
smuggled into the U.S. and detecting their presence. It could be used, with
modification, to deter and detect drugs or other contraband. Future research
should look at the particulars of drugs and other contraband and ways of detecting
them, and the associated vetting processes and procedures, etc. Either a separate
framework, based on the Maritime CARVER model, or combining the two is a
possibility that should be explored. However, the differences must be understood
that may or may not preclude a uniform approach and framework, as the approach
and method(s) may not be as similar or different as initially anticipated.
• Further and, perhaps, sponsored research by the industry (e.g. Maersk or
International Maritime Organization) or a government agency (e.g. DHS) could
look at more and diverse routes to provide a more global perspective. This would
bring into play all of the areas and conditions in the framework for diverse
conditions and global issues.
• Data obtained from the Maritime CARVER “runs” could be compiled to establish
patterns and trends, and be used as a foundation for further intermodal maritime
container routing and supply chain analyses and assessment frameworks and
techniques.
• The framework could be developed for a dashboard application to be used on
PCs, tablets and iPads for easy use in the field and at sea to provide a “field
expedient” assessment.
The research represented by this dissertation is fundamentally theory building,
rather than theory testing. Having established the Maritime CARVER framework for
selecting ports, as well as service providers, in addition to assessing the relative risk of
various routing configurations, a next step could be to assess what methodologies are
being employed under various scenarios. To effectively do this, a survey methodology
could be developed to assess, as separate initiatives:
• From a policy standpoint, how seriously importers regard the chain of custody for
their supply chains;
• If they have a legitimate concern, how they go about certifying the efficacy of
such chain of custody; and
• How those approaches extend to the selection of ports of loading, engaging trade
intermediaries (customs brokers and freight forwarders), and selecting providers
of transportation services.
120
The assessment of risk within the greater realm of international trade is a
mammoth undertaking in that there are tens of thousands of importers, a similar large
number of exporters, and thousands of permutations of transportation providers and trade
intermediaries. The manner in which these may be configured will remain problematic,
both for the managers of the respective supply chains, and the government regulatory
authorities, as well.
121
IX. REFERENCES
[1] Implementing Recommendations o f the 9 /11 Commission Act o f 2007, PL 110-53.
[2] "Supply Chain Security: DHS Could Improve Cargo Security by Periodically Assessing Risks from Foreign Ports,(GAO-13-764)," Government Accountability Office, 2013.
[3] "49 CFR 172.820, Additional planning requirements for transportation by rail," 2008.
[4] Appendix D to Part 172, Rail Risk Analysis Factors.
[5] G. Gordon and R. R. Young, "Hazmat Routing: Alternate Routing Risk Analysis, Joint Rail Conference, American Society of Mechanical Engineers and Mineta Transportation Institute," 2016.
[6] 49 CFR 15 and 1520.
[7] N. Khalid, "Security in the Straits of Malacca," Asian-Pacific Journal, vol. 4, no. 6, 2006.
[8] "2000 - 2015 U.S. Waterborne Container Trade by U.S. Customs Port (Series)," U.S. Department of Transportation, Maritime Division , [Online]. Available: https://www.marad.dot.gOv/resources/data-statistics/#TradeStatistics. [Accessed 2018].
[9] 49 CFR 1520 and 1580 Rail Transportation Security, 2008.
[10] H. Willis and D. Oritiz, "Evaluating the Security of the Global Containerized Supply Chain," RAND Corporation, 2004.
[11] R. Young, M. Peterson, L. Novak, M. Flannery Hayes and F. and Tillotson, "Limiting the Worldwide Flow of Weapons and Their Components Through Established Maritime Transport," Journal o f Transportation Security, vol. 7, no. 1, pp. 27-43, 2014.
[12] "Products and materials that are commercial in nature with civil applications but have the potential to be weaponized and found in 15 CFR 774," University of Oklahoma, [Online]. Available: (http://www.ou.edu/exportcontrols/advice_for_researchers/Examples_Dual_Use. h tm l. [Accessed 2018].
[13] J. Band, "Maritime Security and the Terrorist Threat," RUSI Journal, 2002. [14] "Maritime Security: Progress and Challenges with Selected Port Security Programs
(GAO-14-636T)," Government Accountability Office, 2014.
[15] "Supply Chain Security: CBP Needs to Enhance its Guidance and Oversight of High- Risk Maritime Cargo Shipments (GAO-15-294)," Government Accountability Office, 2015.
[16] J. Gallagher, "US looking to private sector for 100 percent screening help," Journal
122
o f Commerce, 2016.
[17] E. Kulisch, "U.S. Lawmakers say with new technology, it's time to inspect all inbound containers," American Supplier, August 2016.
[18] "Scanning and Imaging Shipping Containers Overseas: Costs and Alternatives," Congressional Budget Office, 2016.
[19] "Secure Freight Initiative," Department of Homeland Security, [Online]. Available: https://www.dhs.gov/secure-freight-initiative. [Accessed 2018].
[20] D. Luensmann and B. Compagnoni, Interviewees, Port security and interm odal m aritim e containers. [Interview]. 19 January 2018.
[21] C. Primmerman, "Thoughts on the Meaning of "Asymmetric Threats"," Massachusetts Institute of Technology, Lincoln Laboratory, 2006.
[22] M. Edgerton, in A Practitioner's Guide to Effective M aritim e and Port Security, John Wiley & Sons, Inc., 2013, pp. 52-55.
[23] J. B. McNeill and J. Zuckerman, "The Cargo Screening Clog: Why the Maritime Mandate Needs to be Re-examined," Backgrounder, The Heritage Foundation, no. 2357, 2010.
[24] "Scanning and Imaging Shipping Containers Overseas: Costs and Alternatives," Congressional Budget Office2016.
[25] G. Tsinker and M. McNichols, "Chapter 13, Port Security," in Port Engineering: Planning, Construction, M aintenance, and Security, John Wiley & Sons, Inc., 2004.
[26] "Radiation detectors at U.S. ports of entry now operate effectively, efficiently: New approach improves detection of threat materials while reducing nuisance alarms," Pacific Northwest National Laboratory, 2016.
[27] K. Calamur, " High Traffic, High Risk in the Strait of Malacca," The Atlantic, 21 August 2017.
[28] "Automated Identification System Overview," U.S. Coast Guard, [Online]. Available: https://www.navcen.uscg.gov/?pageName=AISmain. [Accessed 2018].
[29] Zhen Sun, Centre for International Law, National University of Singapore, "Towards a Comprehensive Maritime Security Framework in Asia - Broaden the Mandate of ReCAAP to Cover other Illicit Maritime Activities," in 6th AsianSIL Biennial Conference, 2017.
[30] P. Tirschwell, "Cyber attack highlights maritime security limitations," Journal o f Commerce, 2017.
[31] J. DiRenzo III, N. Drumhiller, F. Roberts, D. Moskoff and W. Kaag, "Chapter 1, Threats to Global Navigation," in Issues in M aritim e Cyber Security, Westphalia Press, 2017.
[32] Alain L. Kornhauser, Department of Operations Research and Financial Engineering, Princeton University,, "Global Navigation Satellite System (GNSS)," [Online]. Available: https://www.princeton.edu/~alaink/Orf467F07/GNSS.pdf. [Accessed 2018].
123
[33] J. DiRenzo III, N. Drumhiller, F. Roberts and L. Ablon, "Chapter 2, Cyber Security in The Maritime Environment," in Issues in M aritim e Cyber Security, 2017.
[34] J. DiRenzo III, N. Drumhiller, F. Roberts, C. T. P. Michel and A. Tucci, "Chapter 6, Cyber Risk in the Maritime Transportation System," in Issues in M aritim e Cyber Security, 2017.
[35] E. Johnson, "Container lines double down on tracking tech," Journal o f Commerce, 2018.
[36] B. Brady, "The Maritime Security Risk Analysis Model," The Coast Guard Journal o f Safety and Security, vol. 64, no. 1, 2007.
[37] T. Masse, S. O'Neil and J. Rollins, "The Department of Homeland Security's Risk Assessment Methodology: Evolution, Issues, and Options for Congress," Congressional Research Service, 2007.
[38] FM 34-36, Special Operations Forces Intelligence and Electronic W arfare Operations, Appendix D, Target Analysis Process, U.S. Department of the Army, 1991.
[39] B. Bennett, Understanding, Assessing, and Responding to Terrorism: Protecting Critical Infrastructure and Personnel, Second Edition, Wiley Publishing, 2018.
[40] C. Schnaubelt, E. Larson and M. Boyer, Vulnerability Assessment Method Pocket Guide, A Tool for Gravity Analysis, RAND Corporation Arroyo Center, 2014.
[41] S. Cupp and M. Spight, "A Homeland Security Model for Assessing US Domestic Threats," Center for Homeland Defense and Security, Naval Postgraduate School, 2007.
[42] B. Hoffman, "Managing Terrorism Risk," Risk Management Solutions, 2003.
[43] Liu, X., Rutgers, The State University of New Jersey, "Development of a Risk Assessment Tool for Rail Transport of Flammable Energy Resources," USDOT Report CAIT-UTC-NC16, 2016.
[44] K. Vellani, "Chapter 6, Risk Assessments," in Strategic Security M anagem ent: A Risk Assessment Guide fo r Decision Makers, Elsevier, Inc., 2007.
[45] R. Fries, M. Chowdhury and J. Brummond, Transportation Infrastructure Security: Utilizing Intelligent Transportation Systems, Wiley Publishing, 2009.
[46] O. Berle, B. Asbjornslett and J. Rice, "Formal Vulnerability Assessment of a maritime transportation system," Journal o f Reliability Engineering and System, Safety, 2011.
[47] J. v. D. J. Merrick, H. J. T. Mazzuchi, J. Spahn and M. Grabowski, "A Systems Approach to Managing Oil Transportation Risk in Prince William Sound," Systems Engineering, vol. 3, no. 3, 2000.
[48] K. Bachkar, K. Won and J. Szmerekovsku, "An Analytical Hierarchy Process framework to Mitigate Security Risk in the Global Container Supply Chain," Journal o f M anagem ent and Engineering Integration, pp. 30-42, 2013.
[49] S. Kumar, H. Jensen and H. Menge, "Analyzing mitigation of container security
124
risks using Six Sigma DMAIC approach in supply chain design/' Transportation Journal, pp. 54-66, 2008.
[50] "Maritime Security: Elements of an Analytical Framework for Compliance Measurement and Risk Assessment, UNCTAD/SDTW/TLB/2005/4," United Nations, 2006.
[51] V. Thai, "Effective maritime security: conceptual model and empirical evidence," M aritim e Policy & M anagem ent, vol. 36, no. 2, pp. 147-163, 2009.
[52] Morral, A.R. et. al., RAND Corporation , "Modeling Terrorism Risk to the Air Transportation System," 2012.
[53] J. Meredith, A. Raturi and K. a. K. B. Amoakao-Gympah, "Alternative Research Paradigms in Operations," Journal o f Operations M anagem ent, vol. 8, no. 4, pp. 297-326, 1989.
[54] "Top 50 World Container Ports, World Shipping Council," 2017. [Online]. Available: http://www.worldshipping.org/about-the-industry/global-trade/top-50-world- container-ports. [Accessed 2018].
[55] GlobalSecurity.org , "CONREP Standard Tensioned Replenishment Alongside Method (STREAM)," [Online]. Available: https://www.globalsecurity.org/military/systems/ship/systems/unrep- stream.htm. [Accessed 2018].
[56] "Automatic Identification System, U.S. Coast Guard Navigation Center," [Online]. Available: https://www.navcen.uscg.gov/?pageName=aismain. [Accessed 2018].
[57] E. Clarke and D. Philpot, "CARVER+Shock Vulnerability Assessment Tool: A Six Step Approach to Conducting Security Vulnerability Assessments on Critical Infrastructure," Government Training Inc., 2011.
[58] 49 CFR 1580, Rail Transportation Security, Transportation Security Administration. U.S. Department of Homeland Security, 2008.
[59] "Introduction (to conventions)," International Maritime Organization, [Online]. Available: http://www.imo.org/en/About/Conventions/Pages/Home.aspx. [Accessed 2018].
[60] J. Ortiz and M. Massey, Interviewees, U.S. Coast Guard Port State Control M anager and M arine Inspector. [Interview]. 29 January 2018.
[61] "33 CFR 160 - Subpart C - Notifications of Arrival, Hazardous Conditions, and Certain Dangerous Cargoes," U.S. Coast Guard National Vessel Movement Center, [Online]. Available: https://www.nvmc.uscg.gov/NVMC/(S(kgxu5fch5fqpmauzmwbzoabk))/Regulation s.aspx. [Accessed 2018].
[62] "Trade Routes - Top Trade Routes (TEU shipped) 2013," World Shipping Council,, [Online]. Available: http://www.worldshipping.org/about-the-industry/global- trade/trade-routes. [Accessed 2018].
[63] "China Shipping North America," [Online]. Available: http://www.chinashippingna.com. [Accessed 2018].
125
[64] "Korea Strait," Encyclopedia Britannica, [Online]. Available: https://www.britannica.com/place/Korea-Strait.
[65] "Yucatan Channel," Encyclopedia Britannica, [Online]. Available: https://www.britannica.eom/place/Caribbean-Sea#ref408313. [Accessed 2018].
[66] "Panama Canal Authority," [Online]. Available: https://www.pancanal.com/eng/general/canal-faqs/physical.html. [Accessed 2018].
[67] Security and Accountability For Every Port Act o f 2006, Public Law 109-347, 109th Congress, 2006.
[68] M aritim e Transportation Security Act o f 2002, Public Law 107 -295 , 107th Congress, 2002.
[69] "EU, US Fully Implement Mutual Recognition Decision, HDS/CBP," U.S. Customs and Border Protection, 2013. [Online]. Available: https://www.cbp.gov/newsroom/national-media-release/eu-us-fully-implement- mutual-recognition-decision. [Accessed 2018].
[70] Navigation and Vessel Inspection Circular (NVIC) 02-05, U.S. Coast Guard, 2005.
126
APPENDIX A. GLOSSARY
ACP Panama Canal Authority
AHP Analytical Hierarchy Process
AIS Automated identification system
AMSC Area Maritime Security Committee (USCG)
AMSP Area Maritime Security Plan (USCG)
ATS Automated Targeting System (CBP)
CARVER Criticality, Accessibility, Recuperability, Vulnerability, Effect, Recognizability (U.S. Army)
CBO Congressional Budget Office
CBP U.S. Customs and Border Protection
CCTV Closed Circuit Television
CI/KR Critical Infrastructure/Key Resources
CSI Cargo Security Initiative (CBP)
C-TPAT Customs Trade Partnership Against Terrorism (CBP)
DHS U.S. Department of Homeland Security
DTRA U.S. Defense Threat Reduction Agency
EU European Union
FRA U.S. Federal Railroad Administration
FSA Formal Safety Assessment
FVA Forma Vulnerability Assessment
GAO U.S. Government Accountability Office
GCSC Global Container Supply Chain
GIS Geographic Information Systems
127
GNSS Global Navigation Satellite system
GPS Global Positioning system
HSGP Homeland Security Grant Program (DHS)
IED Improvised Explosive Device
IMO International Maritime Organization
IPSP International Port Security Program (USCG)
ISO International Standards Organization
ISPS International Ship and Port Facility Security Program (IMO)
JTS Journal of Transportation Security
MALSINDO Malacca Strait Coordinated Patrol
MARSEC Maritime Security level (USCG)
MMEA Malaysian Maritime Enforcement Agency
MRA Mutual Recognition Agreement
MSRAM Maritime Security Risk Analysis Model (USCG)
MTS Maritime Transportation System
MTSA Maritime Transportation Security Act of 2002
NATO North Atlantic Treaty Organization
NNSA National Nuclear security Administration
NO A Notice of Arrival
NTC-C National Targeting Center-Cargo (CBP)
OCONUS Outside the Continental United States
ORM Operations Research Management
PRA Probabilistic Risk Analysis
PSI Proliferation Security Initiative
RAVA Risk Analysis and Vulnerability Assessment
128
RCRMS Rail Corridor Risk Management System
ReCAPP Regional Cooperation Agreement on Combatting Piracy and A Robbery
RECAPP ISC ReCAPP Information Sharing Center
RMAT Risk Management Analysis Tool
RPM Radiation Portal Monitors
RUSI Royal United Services Institute
SFI Security Freight Initiative
SOLAS Safety of Life at Sea (IMO)
SME Subject Matter Expert
SSAS Ship Security Alert System
SSI Sensitive Security Information
TEU Twenty-foot Equivalent Unit
TSA U.S. Transportation Security Administration
TVR Threat, Vulnerability and Risk model
TWIC Transportation Worker Identification Credential (TSA/USCG)
UN United Nations
USCG United States Coast Guard
USDA U.S. Department of Agriculture
USFDA U.S. Food and Drug Administration
VACIS Vehicle and Cargo Inspection System (CBP)
VAMPG Vulnerability Assessment Method Pocket Guide
VSP Vessel Security Plan
WMD Weapon(s) of Mass Destruction
129
APPENDIX B. INTERVIEW PROTOCOL FORM
Maritime CARVER Risk Assessment Interview Protocol for the
Intermodal Maritime Container Supply Chain
INSTRUCTIONS
Please provide the information requested, below , on the nodes (e.g. manufacturer and ports) and links (e.g. surface transportation to ports, voyages and passage through canals and straits) that comprise the intermodal maritime container supply chain. A notes section is provided at the end o f the questionnaire to clarify the information requested. Questions on the questionnaire and information requested should be directed to aary jJordon@ um l.edu.
ENTITY
C om pany/A gency:_______________________ _____________________________ ___________________
Address: ___________________________________________________________________________________
Contact Person: ____________________________________________________________________________
Telephone: _______________________________ Email: ________________________________________
Other Information: ____ __________
SHIPMENT DATA
Commodities: _____
Packaging: ________
Volumes:
Other Information:
130
Maritime CARVER Risk Assessm ent Model Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)
TRIP INFORMARTION
Origin: ________________________________________________________________ _
Port o f Origin: ______________________________________________________________
Port o f Destination: _______ _________________________________________________
Route: ______ ___________________________________________ _
Ship Nam e or T y p e :_______________________________ ________________________
Comments: ___________________ _____________________
M ODEL FACTORS
C - Chain of Custody
To Foreign Load Center Port
M ove to Load Center Port: D irect V ia Feeder Port _ _ _
M ode(s) to Feeder or Load Center Port: Truck R a il Combined Rail and Truck
Estimated number o f times container is handled to Load Center Port: _______
Comments: ________________________ __________________
At Sea
Once the ship is loaded at the foreign feeder port or load center port, and from the U.S. load center port to feeder port, it w ill be considered that the container w ill not be “handled” and the chain o f custody will be with the ship's officers and company officials.
Comments: _________________________ _______________ _______
2
131
Maritime CARVER Risk A ssessm ent Model Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)
From U.S. Load Center Port
M ove to Consignee: Direct Via Feeder Port
M ode(s) from Load Center Port to Consignee: Truck Rail Combined Rail and Truck
Estimated number o f times container is handled from Load Center Port:
Comments:
A - Approach (to targeting and monitoring)
In Foreign Country to/at Load Center Port
CBP approach to targeting: In-county Regional NTC-C Other
Host nation approach: Y es No If yes, meets U .S. requirements? Yes N o
Comments:
At Sea Before Entering U .S. Load Center Port
Compliance with U .S ./ international safety/security rules and regulations: Yes N o
Comments:
R - Routing
Route Description:
Pass through canal: Yes N o Describe:
Pass through a strait: Y es N o Describe:
3
132
Maritime CARVER Risk Assessm ent Model Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)
Pass near area o f known threats (e.g. piracy): Y e s N o Describe: ___
Remain at anchorage: Y e s N o Where and number o f times: ______
Comments: _________________________________________
V - Vetting
CSI vetted: Y e s N o ____
C-TPAT vetted: Y e s N o ____
Other U .S. Vetting measures: Y e s N o Describe:
Host Nation vetting: Y e s N o ____
If yes, meets U .S. standards: Y e s N o
If no, explain vetting procedure: _________
Other vetting standards: Y e s N o
If yes, explain: ______________________
Comments:
133
Maritime CARVER Risk A ssessm ent M odel Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)
E — Exposure
List the PHYSICAL and HUM AN security measures in place at each port, intermodal yard or other transportation node.
Port #1:
Nam e and country: _____________________________________________________________________
Description o f security measures: ________________________________________________________
Port #2:
Nam e and country: _____________
Description o f security measures:
Intermodal Yard #1:
Nam e, location and country: ___
Description o f security measures:
Intermodal Yard #2:
Nam e, location and country: ____
Description o f security measures:
134
Maritime CARVER Risk Assessm ent M odel Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)
Other Transportation N ode # 1 :
Nam e, location, country and type: __________________________________ _
Description o f security measures:
For additional ports, intermodal yards and other transportation nodes, use the Additional Information section at the end o f this questionnaire.
At Sea
Description o f onboard security: ____________________________________________________
Agreement(s) with nation or international security forces:
Other:
Comments:
R — Regulatory
Compliance with U .S. rules and regulations: Y e s No
If no, explain: __________________________________________
6
135
Maritime CARVER Risk Assessment Model Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)
Compliance with international rules and regulations: Y e s N o ____
If no, explain: ________________ ______________ ______________________________
Compliance with host nation rules and regulations: Y es_ No
If no, explain: ___________ ___________________ _________________
Comments:
NOTES:
The follow ing is an explanation o f the information required in each specific section o f the questionnaire when the question requested information requires clarification.
Trip Information:
The origin should be the manufacturer’s location
The route, list the canals and straits to be passed through, and areas o f known threats (e.g. piracy).
Chain o f Custody
When determining transportation modes, m oves by yard tractor (goats) within ports and intermodal yards are not included when deeming the number o f time the container is handled. The number o f times the container is handled will be 1.
Approach
NTC-C targeting is via in-country CBP inspectors for high risk shipments and U .S. Based CBP personnel for non-risk shipments. At sea targeting and monitoring involves insuring that the containers are in compliance with appropriate U .S. and international rules and regulations prior to entering the U .S. Load Center Port.
7
136
Maritime CARVER Risk A ssessm ent Model Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)
Routing
Attention should be given to routes passing through canals, straits and known threat areas, portions o f the voyage that is away from land and U.S., national and international security forces.
Vetting
This factor includes all o f the parties in the supply chain, such as the manufacturer (or originator o f container) consignee, exporter and importer, transportation facilities (e.g. canals, ports and intermodal facilities) and operators and cargo.
Exposure
List the physical and human security measures for all ports, intermodal yards (not in the port) and other transportation nodes though which the maritime intermodal container traverses.
Regulatory
This includes U.S., international and host nation rules and regulations other than vetting and targeting. This includes the USCG 96-hour advanced notice o f arrival (N O A ) requirement, US CBP automated targeting system (ATS), Maritime Transportation Security Act (M TSA), the Safe Ports Act o f 2006, and CBP initiatives and IMO’s International Ship and Port Facility Security Code (ISPS).
8
137
Maritime CARVER Risk Assessm ent Model Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)
ADDITIONAL INFORMATION
9
138
APPENDIX C. CASE STUDY INTERVIEW
The interview protocol was received from the non-disclosed entity on 3/15/18. A
follow-up discussion was conducted on 3/21/18 to clarify the information submitted.
M aritim e C A R V E R R isk A ssessm en t Interview P rotocol for the
Interm odal M aritim e C ontainer Supply Chain
INSTRUCTIONS
Please provide the in form ation requested , b e lo w , on the n odes (e .g . m anufacturer and ports) and link s (e .g . surface transportation to ports, v o y a g es and p assage through canals and straits) that com p rise the interm odal m aritim e container sup p ly chain . A n otes section is p rovid ed at the end o f the questionnaire to c larify the in form ation requested. Q u estion s on the q uestionnaire and inform ation requested should b e d irected to garv gordonta:um I.ed u .
ENTITY
C om p an y/ A g e n cy : t i e r b t ^ C - t o £ > e z > ( j j . z> , ) ___________________________________
A ddress: _____________CcZ-jA/Ocl A d a M A i ______________________ __ _________________
C ontact Person: _____A + , ~ e m U a & S 2> f t l £ aC T S A C £ E £ f t /<& * - /
T elephone: A1 > P . _________________ Em ail: /vl ■ •_____ ___________ _______
Other Inform ation: i N T L O F S P Z C . t A c r y £ > f t & A r t / C £ # £ # ( £ 4 C S ____
AdAJe>(L . f / kc t c .r r /£ S A T f
SHIPMENT DATA
C om m odities:
Packaging:
V olum es:
Other Information:
139
Maritime CARVER Risk Assessment Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)
TRIP INFORMARTION
Origin: ______ _/ o c a~tus *J 5 A G O * *
Port o f Origin:
Port o f Destination:
^ £ <//*»%# 4.^Route:
Ship Name or Type:
Comments:
MODEL FACTORS
C - Chain of CustodyV
To Foreign Load Center Port
M ove to Load Center Port: Direct j / Via Feeder Port____
Modc(s) to Feeder or Load Center Port: Truck Rail \ S Combined Rail and Truck
Estimated number o f times container is handled to Load Center Port: - 3
C om m en ts:__A rrftC tfZ F>_________________________________________________________
At Sea
Once the ship is loaded at the foreign feeder port or load center port, and from the U.S. load center port to feeder port, it will be considered that the container will not be “handled” and the chain o f custody will be with the ship's officers and company officials.
Comments: r ; ? _______________________________________________________________
P U) > 1 & L q y t W i f ^ .oJ.111 bML . P 'V.W l y d \ ) r\fN|. > 6 ? \ j o y a ; _________________________________
2
140
Maritime CARVER Risk Assessment interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)
From U.S. Load Center Portad Cenje
M ove to Consignee: Direct Via Feeder Port S '
Modc(s) from Load Center Port to Consignee: Truck S ' R ail Combined Rail and Truck y
Estimated number o f times container is handled from Load Center Port:
Comments: a U ~ UiTHtd _______________________________________ ________
' ] € e v h / c t y i> K dk > k ( X _ _
l eg A ^ 6 H - { V > .______________________________
A - Approach (to targeting and monitoring)
In Foreign Country to/at Load Center Port
CBP approach to targeting: ln-county y R egional NTC-C- Other
Host nation approach: Yes S N o If yes, meets U.S. requirements? Yes No
Comments:
At Sea Before Entering U.S. Load Center Port
Compliance with U .S./ international safety/security rules and regulations: Yes y ' No
Comments: L/*}$ _ _ _ _ _ _
R - Routing
Route Description:
P ass through canal: Y e s _S_ N o _ D escrib e: ____ <pAaT>Aj6. 5 _____
Pass through a strait: Yes S ' No D escr ib e :__D e / t / t } f ru>d./AjL
3
141
Maritime CARVER Risk Assessment Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)
Pass near area o f known threats (e.g. piracy): Yes S No D escrib e:_____________ ___
__ Remain at anchorage; Yes N o Where and number o f times: fa ^ ^ A K ,e . f / t o r
Lccktiq*J& ' ulfeSC C&fi T~ (/,£> (3n£> P/+rJ4 f* 4 Comments: /y)o»)fc.___________ _____________________________ _________ __________
V - Vetting
CSI vetted: Yes N o ____
C-TPAT vetted: Yes ^ N o ____
Other U.S. Vetting measures: Y e s N o Describe: M >r____________________
KKXCo fJD A r v k >5 ~ ( £ r+ £ e r ri/v l V l n C i r a - W ,___________ ________________________ ______
Host Nation vetting: Y es * / N o ____
If yes, meets U.S. standards: Yes / N o ____
If ncx explain vetting procedure:_____________________________________________________
Other vetting standards: Y e s No \ /
If yes, explain: ___________ _̂________________________________________________ ____________
X ^ O TcH 'iC[-^s. <kU p r y & d i / r f ^ g A ,-ry i Ai nw l t W f o f- ~t6- [ / £ d / y f K o f N v H « * v .............
Comments:
m / a ■____________________________________________________
4
142
Maritime CARVER Risk Assessment Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)
E - Exposure
List the PHYSICAL and HUMAN security measures in place at each port, intermodal yard or other transportation npde.
Port #1:
Name and country: __
Description o f security measures:
A c £ p y d W A V M v . Q t - J f f f d v N ) U f / u N l l l i Q f t CC) tACK -Awftd riyMfKlctVA <Lcfcfcy 4 f ■■ % \ \cuf i - e w ts . <y\ W oc-1-pa.T iw x i t v v ( V s $ ? 'w « n c £ ai\<$ A w W 'f ’S.
Port #2: "
Name and countiy: £oTTe^e t > A - * A _____________________________ __________
Description o f security measures: -fe/g O, <». >w.in a)#z
.............................. ^ .~~T",__ ____________________
Name, location and countiy:
Description o f security measures: fk t t US. C? s ,n
___________________ - M 2 L- O W _______ _______________
Intermodal Yard #2:
Name, location and countiy:
Description o f security measures: r ± k r
(V)046 ' ACl c®yp ;| (VV i) | jyc sk\M>iOf A m-p l A f i k i u w y # p (fv ( y < ? u c v m y
143
Maritime CARVER Risk Assessment Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)
Other Transportation Node # 1 :
Name, location, country and type: /u /d ___ _ ______ ______
Description o f security measures: a\ /A ____________________________________
I For additional ports, intermodal yards and other transportation nodes, use the Additional | Information section at the end o f this questionnaire.
i | At Seai1i | Description o f onboard security: A&r fcOOoiuJ____________________________________________
i P t € S c / . < C ^ U> V a Q C c o sm itA ^ w i-vc . T M f l
Agreement!s) with nation or international security forces: , J
uvWV\q-h»/viV OxcOi fa /tW s :1 Rhvtes <Tat\ t f W f lP / ^ e t j q s Coa S j - a o A ^ .
u H £ r ''v 'U r-1 c d U w o+ C ° Other: m / a _______________________________________________________________________
Comments:
R - Regulatory
Compliance with U.S. rules and regulations: Yes S No
If no, explain: U C 0 (2 ? ̂ ~ 0 fC ~ ̂ C V") - jvQ>/1(Â I
^ <4 i k F r q u v W - C f y j . [ ) > ,ry
144
Maritime CARVER Risk Assessment Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)
Compliance with international rules and regulations: Yes f N o ____
If no, explain: r f - M O C O ?A / > E ( P i \ C C ......... _ ^ I
Compliance with host nation rules and regulations: Yes S N o ____
If no, explain: D & ^ 1 N- ^ c j ^7 CAv qv,\ ^ {
Comments: lo t A*-t a 0/t SAiflkfiiOAt. g,'vi, 4-irl TiSt
T* /t& fo d 't £ » m.Pc/A*J(.£. Aua, P (t ifn/tAA
A c 5 0 Ma/toTn/Aj5 <SoC(4 £xp*a.T>&£
NOTES:
The following is an explanation o f the information required in each specific section o f the questionnaire when the question requested information requires clarification.
Trip Information:
The origin should be the manufacturer’s location
The route, list the canals and straits to be passed through, and areas o f known threats (e.g. piracy).
C hain o f Custody
When determining transportation modes, moves by yard tractor (goats) within ports and intermodal yards are not included when deeming the number o f time the container is handled. The number o f times the container is handled will be 1.
Approach
NTC-C targeting is via in-country CBP inspectors for high risk shipments and U.S. Based CBP personnel for non-risk shipments. At sea targeting and monitoring involves insuring that the containers arc in compliance with appropriate U.S. and international rules and regulations prior to entering the U.S. Load Center Port.
7
145
Maritime CARVER Risk Assessment Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)
Routing
Attention should be given to routes passing through canals, straits and known threat areas, portions o f the voyage that is away from land and U.S., national and international security forces.
Vetting
This factor includes all o f the parties in the supply chain, such as the manufacturer (or originator o f container) consignee, exporter and importer, transportation facilities (e.g. canals, ports and intermodal facilities) and operators and cargo.
Exposure
List the physical and human security measures for all ports, intermodal yards (not in the port) and other transportation nodes though which the maritime intermodal container traverses.
Regulatory
This includes U.S., international and host nation rules and regulations other than vetting and targeting. This includes the USCG 96-hour advanced notice o f arrival (NOA) requirement, US CBP automated targeting system (ATS), Maritime Transportation Security A ct (MTSA), the Safe Ports Act o f 2006, and CBP initiatives and IMO’s International Ship and Port Facility Security Code (ISPS).
8
146
Maritime CARVER Risk Assessment Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)
ADDITIONAL INFORMATION
Anrr
9
147
Container Shipping Summary
1. S h ip p e r : A m a j o r G e r m a n c h e m i c a l p r o d u c e r ( n o t n a m e d )
2 . V o l u m e : A p p r o x i m a t e l y 8 0 0 0 s h i p m e n t s p e r y e a r s w i t h a n e q u a l d i s t r ib u t io n b e t w e e n
2 0 ' a n d 4 0 ' c o n t a i n e r s , t h e r e f o r e ~ 1 2 0 0 0 TEUs a n n u a l ly .
3 . C o m m o d i t i e s : D y e s , p i g m e n t s , a n d o r g a n ic i n t e r m e d i a t e s ; t e x t i l e f ib e rs ; r e p r o g r a p h ic
c h e m ic a l s ; s u r f a c t a n t s a n d t h e i r p r e c u r s o r s ; e n g i n e e r i n g p o l y m e r s ; a n d s p e c i a l t y f l u o r o
c o m p o u n d s .
4 . P a ck a g in g : C h e m i c a l s w e r e p a c k a g e d in s t e e l d r u m s , p la s t ic d r u m s , o r f ib e r d r u m s w i t h
p la s t i c l iners; p o l y m e r s in c o r r u g a t e d g a y l o r d s w i t h p la s t ic l in er s . M a n y p r o d u c t s w e r e
h a z a r d o u s a n d p r o h i b i t e d a b o a r d a ircra f t , o r w e r e o f r e la t iv e ly l o w v a l u e t h e r e b y
m a k i n g a ir fr e ig h t u n r e m u n e r a t i v e .
5 . Bulk s h i p m e n t s a n d t h o s e in I s o - t a n k s a r e o u t s i d e t h e s c o p e o f t h i s d i s c u s s i o n
P o in t s o f Origin:
Origin Plant TEUs Seaport of Loading Land M ode Container Line F rankfurt 4 7 0 0 H a m b u r g Rail f r o m F ran kfurt t o
H a m b u r g
H a p a g -L lo y d
E v e r g r e e n
A tla n t ic C o n t a in e r
Line (ACL)
4 0 0 0 R o t t e r d a m River b a r g e l o a d e d a t t h e
p la n t o n River M a in n e a r
c o n f l u e n c e o f t h e Rh ine;
t h e n d i r e c t ly t o
R o t t e r d a m
S e a -L a n d
N e d l l o y d
W i e s b a d e n 8 0 0 R o t t e r d a m T r u c k e d t o p la n t a t
Fran kfurt a n d
t r a n s f e r r e d t o b a r g e
S e e " H a m b u rg "
a b o v e
C o l o g n e 2 3 0 0 A n t w e r p T r u c k e d t o p o r t I n d e p e n d e n t
C o n t a in e r Line
H a n o v e r 5 0 0 H a m b u r g T r u c k e d t o p o r t S e e " H a m b u rg "
a b o v e
A rriva ls in U.S.:
Origin Port Arrival Port
Inland Final Destinations1 Approx TEUs
M ode to Final Destination
H a m b u r g NY-NJ F air f ie ld , NJ; P r o v i d e n c e ,
Rl; C h ic a g o ; K a n sa s City;
o t h e r c u s t o m e r d ir e c t
3 5 0 0 P r o v i d e n c e c o n t a i n e r s
t r a n s l o a d e d t o b a r g e or
c o a s t a l f e e d e r v e s s e l 2;
1 F airf ie ld , C h ic a g o , a n d C h a r lo t t e w e r e d i s t r ib u t io n c e n t e r l o c a t i o n s . P r o v i d e n c e , S p a r t a n b u r g ,
H o u s t o n , a n d C h a r lo t t e w e r e m a n u f a c t u r i n g p la n ts .
2 H a p a g -L lo y d o p e r a t e d a sm a l l c o n t a i n e r s h i p , C /V Y a n k e e C lipp er
148
l o c a t i o n s in PA, DE, NJ, a n d
NY
C h ic a g o a n d KC b y COFC;
all o t h e r , v ia t r u c k
N o r f o lk C h a r l o t t e 5 0 0 T ruck
C h a r l e s t o n C h a r l o t t e a n d S p a r t a n b u r g 1 0 0 0 T ruck
O a k la n d C u s t o m e r s 2 0 0 T ruck
R o t t e r d a m NY-NJ S e e "NY-NJ" a b o v e 2 1 0 0
B a l t im o r e C u s t o m e r s in M D , PA, a n d
VA; s o m e t o S t . L ou is
7 0 0 St. L o u is b y COFC; all
o t h e r b y t r u c k
S a v a n n a h S e e " C h a r le s t o n " a b o v e 1 2 0 0 T ruck
H o u s t o n H o u s t o n a n d G a l v e s t o n 8 0 0 T ruck
A n t w e r p C h e s t e r , PA C u s t o m e r s in PA 5 0 0 T ruck
R i c h m o n d ,
VA
C h a r l o t t e 1 8 0 0 T ruck
149
BIOGRAPHICAL SKETCH OF THE AUTHOR
Gary Gordon is pursuing a Ph.D. in Civil and Environmental Engineering at the
University of Massachusetts Lowell under the guidance of Dr. Chronis Stamatiadis. Gary
received his B.S in Civil Engineering from the University of Massachusetts Lowell (then
Lowell Technological Institute), M.S. in Civil Engineering (transportation concentration)
from the University of Maryland and Master of Business Administration from the
University of Massachusetts Lowell. He is also a graduate of the U.S. Army Command
and General Staff College and U.S. Army Engineer Officer Basic and Advanced, and
Transportation Officer Advanced Courses.
Professionally, Gary has over 40 years of engineering, construction, operations
and safety and security experience in the transportation sector. He is currently Adjunct
Faculty at the University of Massachusetts Lowell teaching courses in transportation
security, critical infrastructure protection and emergency management, and an Adjunct
Professor at the Massachusetts Maritime Academy teaching courses in disaster related
business continuity/continuity of operations and infrastructure protection.
Prior to this, Gary was a former Assistant Federal Security Director-Surface
Transportation responsible for DHS/TSA’s South Central Region headquartered in
Houston, TX. His professional experience also includes Assistant Chief Engineer-Design
& Construction of the former Boston & Maine Railroad/Guilford Rail and transportation
engineering, construction, operations and safety and security consultant. Gary retired
from the U.S. Army Reserve as a Lieutenant Colonel with assignments as an engineering
officer and multimodal transportation operations and management officer.
150
Gary is a registered professional engineer and holds several professional
certifications relating to transportation operations and security, and emergency
management. He is a co-author of Railway Security: Protecting Against Manmade and
Natural Disasters, CRC Press/Taylor & Francis Group, and is published in the areas of
transportation security and emergency management, to include in the Journal o f
Emergency Management. He has also spoken at many technical conferences and is
published in the conference proceedings. He is on the editorial board of the Journal o f
Transportation Security and is also active in many professional organizations, to include
the Society of American Military Engineers and National Defense Transportation
Association.