HLSS645Wk6

profileRawono1
V1O6K.pdf

INTERMODAL MARITIME CONTAINER SECURITY: A MULTIFACTOR FRAMEWORK FOR ASSESSING ROUTING RISK

GARY A. GORDON, P.E., LT. COL., U.S. ARMY (RET.)

B.S. UNIVERSITY OF MASSACHUSETTS LOWELL (1971) M.S. UNIVERSITY OF MARYLAND (1977)

MBA UNIVERSITY OF MASSACHUSETTS LOWELL (1995)

SUBMITTED IN PARTIAL FULFILMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY

CIVIL AND ENVIRONMENTAL ENGINEERING UNIVERSITY OF MASSACHUSETTS LOWELL

BY

Signature o Author:

Signature of Dissertation Chair:

Name: Dr. Chronis Stamatiadis

Signature of Other Dissertation Committee Members

Committee Member Signature:_____________ O'

Name: Dr. Yuanchang Xie

Signature of Other Dissertation CommittefiJVIe^ib^xP^7

Committee Member Signature:_____ -----------------------------

Name: Dr. James H. Schreiner, Lieutenanx Colonel, U.S. Army

ProQuest Number: 11003890

All rights reserved

INFORMATION TO ALL USERS The quality of this reproduction is dependent upon the quality of the copy submitted.

In the unlikely event that the author did not send a com p le te manuscript and there are missing pages, these will be noted. Also, if material had to be removed,

a note will indicate the deletion.

uest ProQuest 11003890

Published by ProQuest LLC(2018). Copyright of the Dissertation is held by the Author.

All rights reserved. This work is protected against unauthorized copying under Title 17, United States C ode

Microform Edition © ProQuest LLC.

ProQuest LLC. 789 East Eisenhower Parkway

P.O. Box 1346 Ann Arbor, Ml 48106- 1346

INTERMODAL MARITIME CONTAINER SECURITY: A MULTIFACTOR FRAMEWORK FOR ASSESSING ROUTING RISK

BY

GARY A. GORDON, P.E., LT. COL., U.S. ARMY (RET.)

ABSTRACT OF A DISSERTATION SUBMITTED TO THE FACULTY OF THE DEPARTMENT OF CIVIL AND

ENVIRONMENTAL ENGINEERING IN PARTIAL FULFILLMENT OF THE REQUIRMENTS

FOR THE DEGREE OF DOCTOR OF PHILOSOPHY

CIVIL AND ENVIRONMENTAL ENGINEERING UNIVERSITY OF MASSACHUSETTS LOWELL

2018

Dissertation Chair: Chronis Stamatiadis, Ph.D.

Associate Professor, Department of Civil and Environmental Engineering

Committee Member: Yuanchang Xie, Ph.D., P.E.

Associate Professor, Department of Civil and Environmental Engineering

Committee Member: James H. Schreiner, Ph.D., Lieutenant Colonel, U.S. Army,

Academy Professor, Department of Systems Engineering, United States Military

Academy

ABSTRACT

Intermodal container maritime security is layered and is comprised of physical

security measures, vetting programs and processes, and regulations both domestic and

international. Inspecting all of the containers entering the U.S., which is an obvious

physical security measure, is virtually impossible according to the U.S. Customs and

Border Protection of DHS and other sources. Hence, the importance of a layered security

process. Also, and because of the many companies, facilities and countries involved, and

the interrelationships and dependencies of the three security measures and processes,

there are opportunities for smuggling, and error and compromise of what is shipped in the

containers.

Security measures employed are multipurpose focusing on interdicting the

smuggling of weapons of mass destruction (WMD) or components to make them, drugs

or other contraband. The latter two could be associated with funding terrorism in

addition to having other negative impacts on the U.S. and its people. Smuggling a WMD

into the U.S. or WMD components to be assembled in the U.S. could have far-reaching

effects, to include mass casualties and economic disruption. From the research conducted

herein, no one single security measure can prevent the intermodal maritime supply chain

from being compromised, whether by a WMD or other contraband, but a layered

approach could minimize if not eliminate the risk. Protecting the imported products that

may have the potential of being tampered with or perhaps even stolen is important.

To address this, a practitioner-focused, universal and simple risk assessment

framework should be considered that reflects the perspective of the intermodal maritime

container supply chain partners. The target audience is any partner in the supply chain

and government agencies both domestic and international. Research has shown that a

vast majority of the risk assessment models employed in the transportation industry,

regardless of mode, are data and resource intensive, theoretical and analytically driven.

One railroad model, the Federal Railroad Administration (FRA) required Rail Corridor

Risk Assessment Model (RCRMS) for hazardous material transportation, is so complex

and data intensive, the larger railroads are begrudgingly using it. The smaller railroads

can’t easily afford the cost associated with running it although mandated. An aviation

risk assessment model discussed in a RAND Corporation report is data intensive relying

on over 4,000 input variables.

When analysis takes over as the focus of a risk assessment model, it is time to

look for a framework or model that is not as theoretically and analytically focused. The

model should reflect the needs of industry to assess risk in a timely manner. Not using

the models because of their burdensome nature is a vulnerability that could weaken

security. Recognizing this, the framework developed herein is subjective in nature

relying on the intermodal maritime container supply chain and its “players” expertise and

experience using the principles of a U.S. Army CARVER targeting model to generate

route and segment priorities to be used in decision making. The subjective assessments

will generate numeric values to quantitatively present the risk involved so that a

comparative analysis can be made of routes or segments within the routes.

The U.S. Army CARVER model is focused on the target selection factors of

Criticality, Accessibility, Recuperability, Vulnerability, Effect and Recognizability;

hence the acronym CARVER. For each factor, there are conditions that allow the expert

user to subjectively assign values from 1 to 10 to determine target value. For this

research, the principles of CARVER are used to reflect the vulnerability of and risk

associated with the intermodal maritime supply chain. For the Maritime CARVER

framework, the factors were retooled from a targeting to a targeted perspective to reflect

what could compromise the security of the intermodal maritime supply chain. The

factors developed for the Maritime CARVER framework are Chain of custody, Approach

(to targeting), Routing, Vetting, Exposure and Regulatory. Because of the difference in

operations between the land and sea transportation modes, the Approach, Routing and

Exposure factors have separate conditions and tables for each to assess the values.

A test case employing an open source route with synthesized data was used to

develop the framework and look at the security of the supply chain from manufacturer,

through the land transportation to and through the ports, and at sea. From the framework

built in the test case, a case study for a German chemical manufacturer shipping from

Hamburg was developed on a non-attributed basis. From both “runs”, it was determined

that the highest risk was transiting the Panama Canal, but the risk for the segment from

the manufacturer and transportation to the port cannot be ignored. The sea voyage was

found to be comparatively safe, but constricted areas, such as canals and straits, offered

the potential for compromise heightening the risk. Areas of known threat, such as the

Strait of Malacca and off the coast of Somalia, also pose a risk.

It was further learned that shipping out of ports and in countries that employ

security measures in partnership with the U.S. or have measures that are similar to that of

the U.S. enhance the security and reduce the risk. The U.S. government and its many

agencies involved have extensive regulations that are the foundation of the processes and

physical security measures used to reduce risk. When coupled with that of international

maritime organizations, security is enhanced. But there is always the risk of an insider

threat and cyber attacks, especially given today’s events. This could result in the vetting

process being impacted, data being compromised and even vessel operations and tracking

being impacted. All of this contributes to the risk.

The framework developed herein is intended to be used by any party in the

intermodal maritime container supply chain, as well as government agencies, to quickly

assess routes, suppliers, shipping lines, ports, etc. This assessment, which is industry

expert driven, could be used to evaluate a route, route segment or port; respond to

recently developed intelligence, address the failure of a partner or container to be

properly vetted; or respond to a security incident at a port or in a given sea lane. This

would allow a supply chain partner to make appropriate changes. A future for the

framework could be to provide the intermodal maritime container supply chain partners

with a simple dashboard application to be used on PCs, tablets and iPads for easy use in

the field and at sea to provide a “field expedient” assessment and decision.

Key words; Intermodal maritime supply chain security, port and maritime security, practitioner-focused risk assessment, weapons o f mass destruction, contraband smuggling

ACKNQWLDEGEMENTS

I could not have completed this endeavor without the encouragement from,

support of, help from and understanding of many people.

Most importantly, I would like to thank my wife and best friend, Bobbie, for

inspiring and encouraging me to finish my doctorate and understanding my virtual

absences and inattentiveness to family time allowing me to “hole up” in my office to

research and write this dissertation.

I am indebted to my advisor, Professor Chronis Stamatiadis, Ph.D., University of

Massachusetts Lowell, for his understanding, support, guidance and encouragement,

which were instrumental in my completing my dissertation.

I would like to express my sincere gratitude to Professor Yuanchang Xie, Ph.D.,

University of Massachusetts Lowell, and Professor James H. Schreiner, Ph.D., Lieutenant

Colonel, U.S. Army, United States Military Academy, for the comments and guidance

they provided.

I greatly appreciate the support, encouragement and mentorship of my friend and

Distinguished Professor of Supply Chain Management Richard R. Young, Ph.D., The

Pennsylvania University Harrisburg, in all our writing and research collaborations and, in

particular, his encouragement during the preparation of this dissertation .

I would also like to express my appreciation to the following individuals: NCL

Captain Martin Holmqvist for his personal insight and perspective as a ship’s captain,

which helped shape my research focus; and Ms. Diane Luensmann, Senior Director,

v

Government and Strategic Communications, and Captain Barry Compagnoni U.S. Coast

Guard (Retired), Senior Director, Public Safety & Security, Port Canaveral for providing

a port operator’s perspective. Moreover, there were numerous industry executives

representing various facets of containerized maritime shipping, as well as the marine

casualty segment of the insurance industry. They provided me with an extensive

understanding of the relevant variables, as well as the numerous nuances that make the

topic of this research as complex as it is. By prior agreement promising non-attribution,

those individuals cannot be named here, but their contributions are most gratefully

appreciated and their impact clearly profound.

vi

TABLE OF CONTENTS

ABSTRACT..................................................................................................................................... i

ACKNOWLDEGEMENTS..........................................................................................................v

TABLE OF CONTENTS............................................................................................................vii

LIST OF TABLES......................................................................................................................... x

LIST OF FIGURES......................................................................................................................xi

I. INTRODUCTION..................................................................................................................... 1

1.1 RESEARCH OBJECTIVES........................................................................................ 3

1.2 ORGANIZATION OF DISSERTATION.................................................................. 6

II. BACKGROUND.................................................................................................................... 10

2.1 GLOBAL SUPPLY CHAIN SECURITY ............................................................... 11

2.2 THREATS, VULNERABILITES AND RISKS......................................................16

2.3 GLOBAL SUPPLY CHAIN SECURITY M EASURES....................................... 18

2.3.1 100% Screening....................................................................................................18

2.3.2 Physical Security....................................................................................................19

2.3.3 Regulatory and Procedural...................................................................................22

2.3.4 Regulatory and Operational................................................................................ 24

2.3.5 Cyber...................................................................................................................... 25

2.4 APPROACH...........................................................................................................27

III. LITERATURE REVIEW .....................................................................................................29

3.1 GOVERNMENT APPROACH TO RISK ASSESSM ENT................................. 30

3.2 RISK ASSESSMENT APPROACHES................................................................... 32

3.3 MARITIME APPLICATION OF THE CARVER M ODEL................................ 40

IV. INTERMODAL CONTAINER SUPPLY CHAIN......................................................... 43

4.1 FOREIGN LANDS IDE...............................................................................................44

4.2 WATERSIDE............................................................................................................... 46

4.3 U.S. LANDS IDE..........................................................................................................49

4.4 CONTAINER FLOW RISK FACTORS................................................................. 51

V. ASSESSMENT METHODOLOGY...................................................................................55

5.1 CARVER METHOD.........................................................................................................57

5.2 FORMULATION OF MARITIME RISK ASSESSMENT FRAMEWORK.... 59

5.2.1 Discussion of Model Factors...............................................................................59

5.3 MARITIME CARVER FRAMEWORK FACTORS.............................................. 63

5.3.1 Chain of Custody...................................................................................................63

5.3.2 Approach................................................................................................................. 64

5.3.3 Routing.................................................................................................................... 65

5.3.4 Vetting..................................................................................................................... 66

5.3.5 Exposure.................................................................................................................66

5.3.6 Regulatory...............................................................................................................67

5.4 MARITIME CARVER ASSESSMENT PROCESS................................................ 67

5.5 MARITIME CARVER FRAMEWORK SIMULATION.......................................70

5.5.1 Maritime CARVER Analysis Route Segm ents................................................71

5.5.2 Assumptions and Basis of Analysis....................................................................72

5.5.3 Maritime CARVER Analysis Framework “Run” .............................................74

VI. CASE STUDY....................................................................................................................... 81

6.1 INTRODUCTION..........................................................................................................81

6.2 SUPPLY CHAIN CHARACTERISTICS.................................................................. 82

6.3 ROUTE SEGM ENTS................................................................................................... 85

6.4 ASSUMPTIONS AND BASIS OF ANALYSIS......................................................87

6.5 MARITIME CARVER ANALYSIS...........................................................................89

6.5.1 Route Segment 1 - Frankfurt to Hamburg.........................................................89

6.5.2 Route Segment 2 - Hamburg to First U.S. Port (NY/NJ)............................... 90

6.5.3 Route Segment 3 - U.S. East Coast to Panama C anal.....................................91

6.5.4 Route Segment 4 - Transiting the Panama C anal............................................ 94

6.5.5 Route Segment 5 - Panama Canal to O akland.................................................95

6.6 DISCUSSION OF ANALYSIS.................................................................................. 97

VII. APPLICATION OF FRAMEWORK TO INDUSTRY...............................................103

7.1 ROUTE SELECTION................................................................................................. 104

7.2 PORT SELECTION.................................................................................................... 106

7.3 CHOOSING MANUFACTURERS, IMPORTERS/EXPORTERS AND FREIGHT FORWARDERS..................................................................................................107

7.4 POINT OF ORIGIN INLAND AND COASTAL MARITIME TRANSPORTATION........................................................................................................... 108

7.5 GOVENRMENT AND MARITIME COMMUNITY BENEFITS.....................109

7.6 BENEFIT OF “EASE OF USE” ............................................................................... 110

7.7 SECURITY VS. COST FOCUS............................................................................... 111

VIII. SUMMARY AND CONCLUSIONS............................................................................114

8.1 SUMMARY OF FINDINGS.....................................................................................114

8.2 CONCLUSIONS OF THE BENEFITS OF THE FRAM EW ORK.....................117

8.3 RECOMMENDATIONS AND WAY FORW ARD..............................................117

IX. REFERENCES.................................................................................................................... 121

APPENDIX A. GLOSSARY....................................................................................................126

APPENDIX B. INTERVIEW PROTOCOL FO R M ............................................................ 129

APPENDIX C. CASE STUDY INTERVIEW ......................................................................138

BIOGRAPHICAL SKETCH OF THE AUTHOR................................................................ 149

LIST OF TABLES

Table 2.1 Port Security R in g s ............................................................................................20

Table 4.1 Handling of Maritime Intermodal Containers Landside Foreign...............46

Table 4.2 Routing Considerations of Maritime Intermodal Containers at Sea.......... 49

Table 4.3 Handling of Maritime Intermodal Containers Landside Foreign U.S 50

Table 5-1 CARVER Matrix from FM 34-36, Appendix D ............................................58

Table 5-2 Chain of Custody Conditions and V alues.......................................................63

Table 5-3 Approach (to targeting) Conditions and V alues............................................64

Table 5-4 Approach (to targeting and monitoring) Conditions and V alues................ 64

Table 5-5 Routing Conditions and Values (ocean voyage)........................................... 65

Table 5-6 Routing Conditions and Values (surface transportation)............................. 65

Table 5-7 Vetting Conditions and V alues........................................................................ 66

Table 5-8 Exposure Conditions and Values (landside to/from and at p o rts ) ..............66

Table 5-9 Exposure Conditions and Values (at s e a ) .......................................................67

Table 5-10 Regulatory Conditions and V alues................................................................. 67

Table 5-11 CARVER Risk Matrix for Shanghai to H ouston ...........................................80

Table 6-1 Container Routing at O rig in ..............................................................................82

Table 6-2 Distance Tables from Manufacturer to P o r t................................................... 83

Table 6-3 U.S. Destination Ports and Inland D estinations.............................................84

Table 6-4 Maritime CARVER Risk Matrix for Frankfurt to Oakland R o u te .............97

LIST OF FIGURES

Figure 1.1 Illustrative Example of Key Points in the Global Supply C h ain ................ 1

Figure 2.1 Interactions Between Logistics, Transaction, and Oversight Layers of the

Supply C h ain .............................................................................................................................. 11

Figure 4.1 Intermodal Maritime Container Supply C h ain ............................................. 43

Figure 4.2 Intermodal Maritime Container Supply Chain (Foreign Landside) 44

Figure 4.3 Intermodal Maritime Container Supply Chain (W aterside)........................ 47

Figure 4.4 Intermodal Maritime Container Supply Chain (U.S. Landside)................ 50

Figure 5-1 Maritime CARVER Framework Process.........................................................68

Figure 5.2 Simulation Example Routing M a p .................................................................. 71

Figure 6-1 Origin Supply Chain Schem atic.......................................................................83

Figure 6.2 Map Depicting Ocean V oyage.........................................................................85

1

I. INTRODUCTION

The risk to U.S. ports and inward movement of intermodal maritime containers,

by rail or truck, is real. Although DHS is mandated to screen 100% of the inbound

containers from international origins [1], whether by land or sea, it is a challenge. There

are physical, regulatory and procedural security measures in place, but they must be

harmonized and integrated in order to be used effectively.

Manufacturers, exporters or freight forwarders, local transportation companies,

etc. are all components of and contribute to the potential risk involved enroute and at the

foreign port and in foreign waters. In order to understand the process, Figure 1.1, below,

is a graphical representation of the supply chain involved in the intermodal maritime

container flow. [2]

China United States

Local delivery • (U.S. importer) 0* .*Factory

W arehouse Local transport

( P Transport Rail container yard

Rail transport Unloading of vessel/ port of entry container yardVessel en route to the

United Slates. Consolidation facility

Port of origin container yard/ of vesselloading

Sourc*: GAO; Map Resources imap)

Figure 1.1 Illustrative Example of Key Points in the Global Supply Chain (GAO-12- 764, 2013)

2

Intermodal maritime container security starts with the supply chain to and at the

foreign port. The process then transitions through the ports to the sea lanes/ voyage and

finally when the ships await entry and, then, enter U.S. waters and ports, and unloads.

In transit, the risk would appear to be less, but there are locations and conditions

that could compromise a vessel and its cargo; an intermodal container in this case.

Examples include straits and canals, and areas of known piracy. Also and because of the

remoteness of some sea lanes, responding to an incident is difficult and tracking a

challenge. Finally and when entering U.S. waters, the many DHS and in particular U.S.

Coast Guard (USCG) and Customs and Border Protection (CBP) rules and regulations are

focused on minimizing, to the extent possible, the risk for this component of the supply

chain, but it still exists.

The container shipping industry is challenged by its inherent complexity; new

developments in technology, not the least of which are the jumbo container vessels now

making their appearance on the high seas; a tenuous landside labor situation; increased

congestion in the ports, in part because of the size of the new ships and security

measures; and evolving security threats.

The research and focus of this dissertation is restricted solely to containerized

shipping and the potential threats and vulnerabilities in the liner trades, and excludes

liquid and dry bulk shipping, cruise lines, and ferry services. This is because liquid (e.g.

petroleum products and chemicals) and dry bulk (e.g. grain and cement) are moved in

specific vessel types for the product; tankers and dry bulk carriers, respectively. Plus,

they normally represent only one supply chain. Cruise ships are not considered because

they do not carry cargo. Ferries, although they may transport a limited number containers

3

on chassis, the length of the voyage is relatively short, in territorial waters and close to

land. For example, the CAT, which operates between Portland, ME to Yarmouth, Nova

Scotia, is only 185 nautical/212 statutory miles in length.

Security threats to vessels stem from several origins; the principal ones being

landside and at sea routing, characteristics of the cargo, provisioning, and harbor and port

infrastructure characteristics. Containerships can vary in size from the relatively small

carrying only 500 TEUs (twenty-foot equivalent units)1 to the massive new vessels with

nearly 20,000 TEUs onboard, and, while scope does play a factor, the variables

associated with security threats share common ground.

1.1 RESEARCH OBJECTIVES

This research seeks to establish a simplified risk framework that can be used

easily and economically to analyze routes and route segments for the purpose of selecting

routes based on safety and security. While the primary target of the model would be

weapons of mass destruction (WMD), a value added would be the application of the

model to the smuggling of drugs and other contraband in intermodal maritime containers.

While maritime shipping does have some flexibility on the high seas, much of that

is lost when vessels need to maneuver within the limited confines of harbors, “pinch

points”, such as the Panama Canal, Straits of Hormuz, Malacca Straits, and how long the

vessel remains at anchorages. Hence, there are many variables that need to be grouped;

1 A 20-foot equivalent unit (TEU) is the measurement o f intermodal containers stowed in container ships. D im ensions are 20' long by 8 ’ tall by 8 ’ w ide.

4

each variable assigned a measureable value to determine the relative security risk of a

segment or route.

When looking at assessing risk, a method to evaluate it must be developed so that

it is inclusive of the major components comprising the risk, considers exceptions and

variances and is simple enough so that all stakeholders can develop the input variables

and run the model. The Federal Railroad Administration’s Rail Corridor Risk

Management System (RCRMS) was developed in accordance to 49 CFR 172.820 [3] to

evaluate routing alternatives for certain categories of hazmat to avoid populated areas, to

the extent possible, and reduce the risk of a major incident. But and initially RCRMS did

not fully consider the complexities and cost of the model, and routing alternatives. This

“handcuffed” the risk assessment process with, among other things, limited routing

options.

RCRMS was built based on the appendix to the regulation [4] and includes 27

factors to be considered in the analysis of the safety and security of the routing, and the

risk, thereof. These 27 factors were well thought out, as representative of the parameters

used in a railroad’s routing decision making process and were consolidated into clusters

of like components in a paper on hazmat routing risk analysis (Gordon & Young, 2016).

[5] The factors are comprised of components based on like characteristics; physical,

routing and operations, safety measures, regulatory and procedural measures, and threats

and vulnerabilities. This thought process appears to be compatible with the research

objectives being used herein to further the development of a risk assessment model for

intermodal maritime containers.

5

From lessons learned from RCRMS, it is the intent of this research to develop a

subjective framework that is user-friendly and easy to understand, not cumbersome to run

and is cost-effective to aid in the decision making process. While at sea, ships can

operate relatively without restriction so alternate routes are more available subject to port

capacity, ocean depth, canal operations and characteristics, channels and strait

characteristics, etc. These characteristics distinguish it from RCRMS. Further and a

benefit of pursuing a simplified maritime routing risk assessment, the sensitive security

information (SSI) [6] issues associated with the input variables and assessment outcome

of RCRMS is not, at this time, known to be SSI. This is in part because the input data

will be from open source information and documents, and rely on expertise in maritime

transportation.

This research will focus on the physical, technological, operational, procedural

and regulatory measures and processes used to minimize risk. The methods, facilities

and programs are briefly presented, as follows:

• Physical components of security that will address, among other things, fencing

and access control, lighting, technology, such as cameras and intrusion detection,

and waterside protective facilities and structures.

• Technological measures that include automated identifications systems (AIS),

navigation GPS, and harbor operations and control centers manual and cyber

systems.

• Regulatory Programs of the U.S. Department of Homeland Security (DHS) and

other U.S. Government organizations and programs, international conventions

6

and foreign governments. This includes host nation regulations and programs

being at par with and accepted by the U.S.

• Operational measures that involve land and waterside security elements, such as

the U.S. Coast Guard (USCG); host nation security elements similar to that of the

USCG; state, local or regional harbor patrols; and host nation harbor patrols. This

could include Navies and coast guards in international waters and in areas of

known threats and piracy (e.g. Strait of Malacca). [7]

• Programs that include risk assessment tools, such as the USCG’s Maritime

Security Risk Analysis Model (MSRAM) and International Port Security Program

(LPSP) or other risk assessment tools. This will also address similar programs

internationally that provide similar risk assessments and, thus, theoretically

minimize risk.

1.2 ORGANIZATION OF DISSERTATION

To fully address the research, the dissertation is organized into eight chapters.

The chapters and a brief description of them are presented in the paragraphs, below.

Chapter II - Background

This chapter will provide a background of the international supply chain and

transportation flow for maritime intermodal containers and the risk associated with

terrorism. It will focus on maritime intermodal containers originating outside the

Continental United States (OCONUS) destined to U.S. ports for inward movement. It

will look at, among other things, the evolving threats and vulnerabilities, regulatory

procedures, vetting of all parties involved in the supply chain, the port facilities, and in­

7

transit maritime operations, to include points of constriction and overall transportation

flow.

Chapter III - Literature Review

This chapter will look at all scholarly papers and other writings and documents

that address, among other things, the threats, vulnerabilities and risks associated with the

supply chain, U.S. and host nation governmental and international regulations and

programs, industry risk standards, risk assessments that have been conducted, to include

subjective and objective methods, and known events and threats. Academic institution

papers, industry standards and government regulations, reports and studies will be

researched, as well as practitioner and industry expert research on maritime risk.

Chapter IV - Transportation and Container Supply Chain Characteristics

This chapter will describe the supply chain for intermodal containers in maritime

transportation from factory to foreign port, in transit and to and into U.S. ports. It will

also relate the information obtained in Chapters II and III to the supply chain, to include

U.S. and foreign government regulations on vetting and inspections, physical security

measures in ports, in-transit operational security measures, technology and aids to

navigation to track shipments and “pinch points”. It will also look at threats and

vulnerabilities given, among other things, operations and industry in the ports, adjacent

land use and population, places of iconic value and known threats,

Chapter V - Assessment Methodology

This chapter will develop the risk assessment methodology, based upon the

research of assessment methodologies in Chapter III. It will address the risks associated

with the links and nodes involved in the supply chain. Involved are the route segments

8

from foreign manufacturer to foreign port, at sea, and to the U.S. port and inland to its

(container) final destination, the latter to a lesser degree. This will allow the user of the

assessment model to look at individual segments of the supply chain, particularly when

there are threats and vulnerabilities affecting only a specific segment or location. A

composite risk will be determined based on the individual segments so that a user can

evaluate the entire supply chain/route when comparing them to others.

An example using synthesized data that is representative of an actual route will be

developed in this chapter. Note that, although the RCRMS model was the initial model

considered for adaptation, the U.S. Army’s CARVER model will be used to develop the

maritime risk assessment framework herein. This model will then, in Chapter VI, be

validated using actual shipping, routing and shipment data.

Chapter VI -Case Study Analysis

This chapter will be to perform a case study to validate the assessment framework

developed in Chapter V. The case study will reflect an intermodal maritime supply chain

using an actual route from an OCONUS manufacturer to U.S. port. Its results will be

compared to the framework developed in Chapter V for consistency and validation.

Chapter VII - Application of the Model to Industry

This chapter will look at the comparative risks in the maritime intermodal

container supply chain and how it could be used by governments and industry to:

minimize the risk of a given route; alter routes; advance technology-based solutions; and

improve vetting and inspection procedures. This will include and address current and

evolving threats and vulnerabilities, and applicability, viability and relevance given them.

9

Chapter VIII - Summary and Conclusions

This chapter will summarize the results obtained in the research and framework

construction, and applicability, viability and relevance to governments and industry in

assessing and minimizing the risk of a compromised intermodal maritime container

entering the U.S. This chapter will also look at the research and lessons learned and

provide a way forward in combatting the risk associated with intermodal maritime

containers being used to transport WMDs or other contraband. It will look at regulatory

and procedural, operational, technological and human measures of assessing and

minimizing risk.

10

II. BACKGROUND

According to a Government Accountability Office (GAO) report, “ ...ports are

critical gateways for the movement of commerce through the global supply chain.” [2]

How we protect the handling of maritime intermodal containers through the entire supply

chain is important to ensure what is received on U.S. shores has not been compromised.

Further, the U.S. Customs and Border Protection (CBP) reported that about 11.5 million

containers arrived in the U.S. from over 650 foreign ports in fiscal year (FY) 2012

equating to over 31,000 containers every day. Of the 650 foreign ports, there are 61 that

CBP coordinates with regarding maritime intermodal container examinations. The

number of container shipments flowing through the 61 ports represents about 88% of the

11,500 U.S. bound container shipments annually.

This research excludes the repositioning of empty containers, although they pose

a potential risk because 1) they are relatively small in number and 2) of the imbalance of

trade. This is evidenced by approximately 20,000,000 loaded TEUs imported and

12,000,000 loaded TEUs exported in 2015. [8] The approximate difference of 8,000,000

containers is either held in storage, repositioned or shipped back to its origin empty.

With such volumes and the vulnerability of exploitation, the intermodal maritime

containers and the facilities and infrastructure through which they pass, and the ships on

which they are moved must be protected. Doing so is difficult because “chain of

custody” and the “hand-off’ of containers are the responsibility of many agencies,

governments and organizations. This handling and re-handling provides an opportunity

for compromise; a potential security breach. The risk of hand-offs and chain of custody

11

is not a new concept. The Transportation Security Administration (TSA) in its rail

transportation security regulation [9] addressed this issue in 2008 for the transportation of

certain categories of hazmat by rail.

2.1 GLOBAL SUPPLY CHAIN SECURITY

While efficiency of the intermodal container supply chain is often viewed as in

conflict with security, Rand Corporation, in a 2004 report, concluded that efficiency and

security are distinct, but interconnected, and that public and private initiatives to improve

security focus on deterrence and prevention. [10] This is based on the concept that the

supply chain is viewed as having three interdependent systems: physical logistics,

transaction-based and oversight with subsystem layers of logistics, transaction and

regulatory. Figure 2.1 from the Rand report is a graphic representation of the layers and

interactions in the container supply chain.

FTCO v e r s i g h t l a y e r IMO WCO

USCGCBP

f o r e i g n s u p p l i e rT r a n s a c t i o n la y e r

NVOCC

C o n s o l i d a t o r I m p o r t - e x p o r t b a n k F o r e i g n s u p p l i e rC u s t o m e r

C u s t o m e r s v e h i c l e

' r u c k

U S p o r t F o r e i g n p o r tRail c a r r i e r

O v e r s i g h t o r r e g u l a t o r y r e l a t i o n s h i p

C o n t r a i t u a l r e l a t i o n s h i p

P hy s ic a l r e l a t i o n s h i p

Figure 2.1 Interactions Between Logistics, Transactions, and Oversight Layers of the Supply Chain (Figure 5.1, Rand, 2014)

12

The Rand report suggests that improving security, while maintaining efficiency,

should consider: public sector support of supply chain resilience, addressing

vulnerabilities along supply chain links and new technology supporting low cost, high

volume remote sensing and scanning. This is consistent, in principle, with the findings in

a U.S. Defense Threat Reduction Agency (DTRA) study published in a Journal of

Transportation Security (JTS) article on limiting the flow of weapons systems and their

components in maritime transport. [11]

As discussed in the 2004 Rand report, supply chain security takes on a layered

approach. When looking at the maritime conveyance of weapons and their components,

the DTRA study looked at the physical, informational and financial flows associated with

the supply chain. The report identified that monitoring and regulating the exporting of

dual-use items that could be used as WMDs or their components (e.g. cell phone as a

detonator) poses a problem to international trade. [12] This problem is not exclusive to

the U.S. The solution to this involves international cooperation and multinational

agreements (e.g. Wassenaar Agreement between members of the European Union (EU)

that identifies nations, entities, items and a combination thereof that addresses the

problem. The U.S., after 9/11, promulgated the Proliferation Security Initiative (PSI) to

limit the trade of dual-use items and establish bi- and multilateral agreements to address

interdiction. This is in addition to CBP and other initiatives and programs, such as CBP’s

Customs - Trade Partnership Against Terrorism (C-TPAT) and Cargo Security Initiative

(CSI). The solution includes the creation of public private partnerships to address the

risk, vetting and enforcement of the supply chain.

13

According to GAO Report 13-764, [2] there are no known incidents of intermodal

maritime containers being used to transport weapons of mass destruction (WMD). But

and because intermodal maritime containers are potential conveyances for illegal

purposes and criminal activity, the potential exists that they could be used for terror

purposes. Figure 1.1 in Chapter I presents a simple graphic that provides an

understanding of the process and complexities of the global supply chain and potential

issues that could arise.

Although the GAO indicated that there were no known incidents of intermodal

containers transporting WMDs, the DTRA, on the other hand, believes the risk is real. In

the JTS article, the number of participants in the supply chain and the complexities of the

supply chain flow (physical, informational and financial) contribute to the risk involved

in maritime transport. [11] The DTRA further concluded that limiting the maritime

transportation of weapons and their components is a difficult and complex undertaking

requiring a coordinated and cooperative approach among all parties. This includes

industry organizations, such as the American Association of Exporters and Importers. A

public-private partnership approach is encouraged by the DTRA.

Admiral Sir Johnathan Band", in a keynote address at the Royal United Services

Institute (RUSI) Transport Security Conference in 2002, spoke of the need to police the

oceans and seas to deprive state-sponsored and geopolitical enemies of their use (oceans

and seas) for criminal or terrorist purposes. [13] Admiral Sir Band cited the tension

between security and global trade, the need for cooperation, shared responsibilities and

need to eliminate communication stovepipes as challenges to maritime security. He

2 Admiral Sir Jonathan Band is a former First Sea Lord (equivalent to the U .S. C h ief o f Naval Operations) for the British Royal N avy.

14

further stated that seaport security is a . .poor relation to airport security.” His vision

for effective maritime security is an awareness of the commercial sensitives and an

overall strategy of multinational cooperation via a diplomatic, economic, intelligence,

law enforcement and military partnership. Further, NATO would have a greater role in

maritime security looking beyond its traditional defensive role.

When looking at the risk of WMDs, it is typically thought of by the general public

to be either nuclear or radiological, but should also include biological or chemical

devices. The dilemma is that, although there are no known cases where WMDs have

used intermodal maritime containers to enter the U.S., what about the materials to make a

WMD being transported in separate containers? Introduced in transit? Or at the ports?

The process of inspecting intermodal maritime containers before they depart on

their journey to the U.S. is part of DHS’s layered approach to maritime security. The

process is both physical and process-oriented and includes domain awareness, securing

U.S. ports and protecting the supply chain. GAO addresses these issues in report 14-

636T to Congress on the challenges with selected port security programs. [14] In the

report, it was determined that DHS programs for protecting the supply chain have had

varying degrees of success. It looked at, among other things, CBP’s Automated

Targeting System (ATS), Cargo Security Initiative (CSI) and Customs Trade Partnership

Against Terrorism (C-TPAT) programs; National Nuclear Security Administration

(NNSA) Megaports Initiative3; USCG’s International Port Security Program (IPSP); and

the combined CBP and USCG Mutual Recognition Agreement (MRA) program4, as ways

to secure the international supply chain. A key finding in the report was that the

3 Program that funds the installation o f radiation detection equipm ent in foreign seaports 4 An agreem ent with the U .S . and foreign partners regarding security practices o f one being recognized by the other.

15

imposition of security measures must be balanced with the supply chain’s need for an

unimpeded flow of commerce to efficiently move goods.

In another GAO report (15-94), it was determined that between 2009 and 2013,

less than 1% of maritime shipments were identified as high risk containers. [15] This can

be attributed to CBP’s inconsistent application of the criteria that determines the level of

vetting and proper handling of the cargo - a maritime intermodal container in this case.

The report concluded that, in the absence of 100% screening of U.S. bound containers at

foreign ports, meeting the intent of the underlying objective of 100% screening be met

by, among other things, refining and enhancing CBP’s layered security strategy.

With the 100% screening requirement for containers destined to the U.S. (SAFE

Ports Act of 2006) being delayed, DHS is looking at “outside the box” solutions to

complement technological solutions and regulation changes to allow more containers to

be scanned overseas. [16] This approach is, for the most part, due to DHS waiving the

100% screening requirement a third time to May 2018. In an article in the American

Supplier the reasoning for waiving the 100% screening requirement is multifaceted, to

include cost, funding, technology, logistics, supply chain inefficiencies, and buy-in and

implementation (of screening measures) by foreign governments. [17] The article further

states that a drawback to 100% screening is the transshipment of container traffic, which

increases the number of times a container is handled and limits the ability to be properly

screened. As of the date of the article, less than 4% of the containers entering the U.S.

were screened, of which only 1% were screened overseas. This makes a layered

approach to security that much more important.

16

The Congressional Budget Office (CBO) has stated that it would take $22 billion

to 100% screen containers overseas, which doesn’t include foreign nations wanting

reciprocity on U.S. exported goods. [18] DHS’s Secure Freight Initiative (SFI), which

deploys a combination of technology and nuclear detection devices to foreign ports as

part of the SAFE Ports Act of 2006 layered security strategy, addresses the inability to

100% screen. Phase I of this initiative only incudes 6 foreign ports. [19]

Straits and canals pose a threat to intermodal maritime container supply chain

risk. Although these are perceived as potential interdiction areas and vulnerable to

attack, they are good areas for detection. The threat is because they are densely

trafficked areas, but generally offer a greater presence of U.S., NATO, host nation Navies

and Coast Guards, and other law enforcement. [20] Security is administered in the same

manner as being underway (e.g. vessel security plan - VSP), but there is always the

concern of an insider threat. In areas of known piracy, many vessels now carry security

teams with costs absorbed by vessel owner. Vessels having security teams onboard

came to light after the Maersk Alabama incident in 2009.

2.2 THREATS, VULNERABILITES AND RISKS

In the past, threats to maritime operations and ports have usually come from

countries by traditional means. The Japanese attack on Pearl Harbor is an obvious

example. In recent history, an asymmetric threat has arisen from smaller nations with

inferior militaries and terror groups, such as A1 Qaeda and ISIS. An asymmetric threat

involves a weapon, tactic or strategy that 1) a state or non-state enemy would use against

the U.S., 2) the U.S. would not use and 3), if not countered, could have serious

17

consequences. [21] Since these entities cannot effectively engage a more superior

military in the conventional sense, they would target, in addition to ports, the supply

chain, straits and canals, and ships at anchor. Iran’s threats to close the Straits of Hormuz

and the small boat attack on the USS Cole in 2000 are examples of asymmetrical threats.

[22]

When assessing the risk to the intermodal maritime container industry, the threat

most likely to be encountered is an asymmetrical threat. This includes the disruption of

port operations and the in-transit transportation to and from the ports with the intent of

impacting a nation’s or global economy. This can be taken a step further by introducing

weapons of mass destruction or material to construct one at the foreign manufacturing

facility or in-transit to the port. This could be accomplished by an insider at the

manufacturing facility and during any phase of the supply chain, especially when the ship

is stopped or moving slowly while transiting a canal or constrained area, such as a strait.

When discussing maritime intermodal container security with senior U.S. port

officials, it was determined that the biggest risk in the supply chain is with the foreign

manufacturer loading operations, and the bonding and sealing of the intermodal

containers. [20] It is considered the hardest phase/segment of the process to regulate and

monitor what is being shipped, and to intercept “contraband”; WMDs in this case.

This is consistent with a well-known industry axiom; “cargo at rest is cargo at

risk”. Intermodal containers loaded onto trucks or rail cars or a combination of the two,

offer opportunities where the shipment would be in a static state and vulnerable. It is not

uncommon for a string of rail cars to be sitting on sidetracks awaiting entry into a port.

18

2.3 GLOBAL SUPPLY CHAIN SECURITY MEASURES

Security measures employed are, as introduced in Chapter I, physical, operational

and procedural, and include the entire supply chain from manufacturing facility in a

foreign country to the U.S. port. This includes cyber security, whose measures are

relatively new when considering other maritime safety and security measures. Successful

security is a combination of the physical, procedural and operational measures, and is

layered. Also note that the security measures have an added value in aiding in the safety

measures employed in the port, as well as deterring smuggling.

2.3.1 100% Screening

The 2007 Implementing Recommendations of the 9/11 Commission Act required

that 100% of maritime cargo entering the U.S. be screened by 2012. [23] Recognizing

that 100% screening was costly and cumbersome, an alternate approach is continually

being considered. This approach includes a risk-based method of cargo “screening”, to

include CSI, C-TPAT and an expansion of the PSI5. It was further determined that the

technology and infrastructure level to fully scan 100% of the maritime cargo was there,

but not to the scale needed.

The Congressional Budget Office (CBO) recognized that there are challenges to

scanning and imaging all U.S. bound containers. The challenges include cost, disruption

of the supply chain and refusal of host countries to comply. [24] Further, the CBO

recognized that the first and second challenges could be addressed, but the third must be

addressed, as host nations could require scanning and imaging U.S. exports to the same

degree. Two options were identified. One is scanning and imaging 100% of the

5 A voluntary international initiative to stop the m ovem ent o f W M D s, com ponent materials and delivery system s w ithout jeopardizing U .S. sovereignty.

19

containers at the 453 ports shipping to the U.S., which would be too costly and require an

increase of CBP’s budget by up to 25%. The second option would be to focus screening

of the 121 foreign ports that handle 97% of the containers destined to the U.S. The

remaining 3% of the containers from the other ports would have to be routed through the

121 ports to be screened. This could reduce costs over the first option by about 60%.

Recognizing that 100% screening is unfeasible, DHS should look at solutions that

do not hamper the supply chain. [23] The Heritage Foundation article recommends that a

combination of procedural security measures, in conjunction with the screening to date,

be implemented in lieu of 100% screening. This includes enhancing CSI, C-TPAT and

PSI, reevaluating the feasibility of the 100% screening requirement and international

partnerships, especially where foreign ports maintain security measures comparable to

that of the U.S. The screening measures can be human via physical inspection or

technological, such as VACIS (CBP’s vehicle and cargo inspection system) and radiation

portal monitors, or a combination thereof.

2.3.2 Physical Security

Physical security at ports is layered and divided into concentric security rings that

interact physically and operationally to protect and restrict access to assets within the

port. [25] Typically, major ports use a 5 ring system that includes the following:

20

Table 2.1 - Port Security Rings

Security Ring Components of the Ring External security ring Coordination with intelligence and law

enforcement operations both inside and outside of the port perimeter (or MTSA area6)

Perimeter security ring Physical security measures, such as fencing and gates to provide access control, intrusion detection, lighting, waterside security measures and control areas for drug, explosives and WMD detection. Procedurally, it includes access control policies and procedures, vetting and badging

Inner security ring Port’s MTSA area and includes security patrols and a 24/7 operations center, where human (patrols) and technological (e.g. CCTV and cyber) security measures are monitored

Site and asset-specific security ring(s)

Protection of specific buildings or critical assets, such as power substations, IT systems, communications buildings and administrative building holding sensitive information

Vessel security ring Independent of and in addition to the port’s security measures. Involves searching items on and to be loaded on the ship for malicious or illegal intent, waterside security and conducting arrival and departure inspections.

By dividing the port areas into concentric security rings, access can be more

progressive and restrictive as access to interior rings would require a greater level of

vetting and protection. For example, a trucking company salesperson would only require

access to the port office, which would likely be within the perimeter security ring, while a

truck driver carrying a container to a ship would likely need access to a site-specific

security ring to offload the container for loading onto a ship.

To expand upon the above information, the physical components of security are

also focused on preventing access to the port, protecting and hardening the landside and

6 Area o f the port defined and regulated by the M aritim e Transportation Security A ct o f 2002 , PL 107-295 , 2002

21

waterside facilities to withstand an attack (e.g. IED), and observing and detecting

intrusions from both the land and water. In today’s environment, drones, as with

railroads, are used for security and surveillance purposes, but could also be used in an

attack mode.

Closed circuit television (CCTV), which is a staple of physical security measures

employed, is most effective when it is monitored so that an intrusion can be seen in “real

time” and recorded to aid in investigations and legal procedures. Lighting is important to

the effective use of CCTV. To compensate for less than desirable lighting, motion

sensing and alarmed systems to detect intrusion and activate the cameras are used.

Infrared cameras are also effective when lighting levels are low in a port.

Not always thought of, but x-ray machines and radiation detectors are

technological enhancements that allow the screening of containers as they enter or exit a

port. CBP uses its VACIS to x-ray the containers and are either fixed portals at port entry

and exit points or truck mounted and portable. Radiation portal monitors (RPM) and

detectors are also used by CBP. In 2016, RPMs were used at the top 26 sea ports of

entry. [26]

Waterside security measures are much like that for the landside except that they

cannot be fenced or gated. They include CCTV, intrusion detection and patrols. The

latter is often by the USCG, local marine police and security, and private security. Divers

are also used to inspect the underside of vessels for sabotage, smuggling, etc. Waterside

intrusion has more of a potential of becoming an issue when a port handles cruise and

cargo ships. For example and in the Port of Boston, which is the busiest container port

in New England, the cruise terminal berth is approximately 500’ across the channel from

22

the container ship berth at Conley Terminal, which handles approximately 600 containers

a day.

Infrastructure protection and hardening and system redundancy are also

important. Although layered security is intended to keep the “bad actors” out, nothing is

100% effective. By identifying the critical infrastructure in the port, physical measures to

protect and harden the infrastructure may be necessary. This issue is one of the reasons

DHS has developed a list of critical infrastructure vital to the U.S. and its economy, and

the USCG has developed and implemented Maritime Security Risk Assessment Model

(MSRAM) to mitigate the risk in U.S. ports and waterways, and prioritize resources for

port security operations.

Physical security components are costly. DHS, through the U.S. Coast Guard,

administers the Port Security Grant Program to assist ports, government agencies and

industries operating in ports develop and fund security improvements. This helps

enhance the security posture in and around the port. A condition of the PSGP is the

requirement for an Area Maritime Security Plan (ASMP) and Area Maritime Security

Committee (AMSC) to manage security in the port area.

2.3.3 Regulatory and Procedural

Regulatory and procedural security measures include vetting personnel and

companies, and criteria for cargo targeting and inspection involved in the security of the

supply chain. This process commences with the manufacturer and exporter, continues

through the ground transportation system and into the port, where the container is loaded

onto the vessel for onward movement to the U.S. port. These processes are regulatory in

nature, such as those of the U.S. Department of Homeland Security (DHS) and other U.S.

23

Government agencies, as well as the international community and host nations. There are

many U.S. and international regulatory and procedural security measures and programs.

They include, but are not limited to:

• CBP’s Cargo Security Initiative (CSI)

• CBP’s Customs Trade Partnership Against Terrorism (C-TPAT)

• DHS’s Secure Freight Initiative (SFI)

• Proliferation Security Initiative (PSI)

• Transportation Worker Identification Credential (TWIC)

• USCG Maritime Security Risk Management Model (MSRAM)

• USCG International Port Security Program (IPSP)

• International Maritime Organization’s (IMO) International Ship and Port Facility

Security (ISPS) Code7

The host nation programs must be acceptable and must adhere to the requirement

of U.S. and/or international maritime security standards. The programs are many and

diverse and will not be discussed herein. However, the level of oversight of the U.S.

government in foreign ports and comparison of the foreign nation’s programs to that of

the U.S. will be considered as part of the framework to be developed.

Programs that include risk assessment tools, such as the USCG’s MSRAM or

other risk assessment tools and models are beneficial. This will also address similar

programs globally, such as with the European Union (EU), and in Australia, New

Zealand, China and Japan that provide similar risk assessments and, thus, theoretically

7 The ISPS C ode ensures that vessels and port facilities o f IMO member states im plem ent security standards that 1) contain detailed security-related requirements for governm ents, port authorities and shipping com panies and 2) guidelines on how to meet those requirements.

24

minimize risk. [2] Chapter III, Literature Search, will discuss risk assessment

methodologies that address maritime risk.

2.3.4 Regulatory and Operational

Operations that involve land and water-side security elements, such as the U.S.

Coast Guard, host nation security elements similar to that of the USCG, state, local or

regional harbor patrols and host nation harbor patrols, are regulatory in nature. This

could include Navies in international waters and in areas of known threats and piracy.

[27]

A port’s MARSEC (maritime security) level sets security measures or protocols

as the threat increases and generally impacts access to the port, inspection and scrutiny.

Operationally, CBP’s 24-hour and the USCG’s 96-hour notice of arrival (NOA) rules will

determine the conditions for loading and unloading of the ships, respectively. AIS is

used to monitor and track ships at sea as to, among other things, the ship’s identification,

and its position, course and speed - much like an airplane’s “black box”. [28] The IMO’s

Safety of Life at Sea (SOLAS) requires ships to have AISs on international voyages,

which heightens the visibility of the vessel.

Partnerships among nations, companies and organizations have been described as

the most effective manner in which maritime security can be maintained. The

International Maritime Organization (IMO), and in particular its SOLAS/ISPS Code, is

but one of the many organizations that promote safety and security at sea. Also for

Malaysia, which is one of the 9 Straits of Malacca littoral states, the Malaysian Maritime

Enforcement Agency (MMEA) is that country’s coast guard. It is tasked to provide

safety of vessels. Another partnership in the region is the Malacca Straits Coordinated

25

Patrol (MALSINDO). It was created in 2004 by Malaysia, Singapore and Indonesia to

suppress piracy within each state’s territorial seas. [7]

A geographically focused example of cooperation among governments is the

Regional Cooperation Agreement on Combating Piracy and Armed Robbery against

Ships in Asia (ReCAAP). Established in 2006, it is a regional government-to-

government agreement to promote and enhance cooperation to combat piracy and

robbery against ships in Asia. It consists of 20 countries, to include the U.S. ReCAAP

established an Information Sharing Center (ReCAAP ISC) for the purpose of information

sharing, capacity building to strengthen its network of information sharing and

cooperative arrangements to promote cooperation to share information and best practices.

[28]

From the discussion herein, regulatory and procedural security measures are

essentially the same and intertwined. You will note that some initiatives and programs

are addressed as both procedural and regulatory. For the purpose of this research,

procedural will involve vetting companies, people and cargo and regulatory will address

the ship’s operations.

2.3.5 Cyber

In addition to the “traditional” methods of compromising maritime and port

security, cyber attacks have become an increasingly probable method of compromise.

This includes the navigation and tracking of ships, port operations, vetting and tracking

containers and their cargo; the latter two being major security methods of mitigating risk.

The “NotPetya” cyber attack of the Maersk Group in 2017 was considered a watershed

event making the maritime transportation industry know that it is real. [29] The article

26

also concluded that cyber attacks must be taken seriously, cyber defenses must be able to

deal with the creativity of the hackers and that automating or innovating processes further

the exposure.

Operationally, cyber attacks could interrupt navigation and tracking ships at sea

by hacking into the automated identification system (AIS) and navigation GPS.

Physically, CCTV could be hacked to shut the system down or provide false indications.

Access control could be compromised. Procedurally and for C-TPAT, as an example,

hacking pre-vetting of the stakeholders of the international supply chain, to include

transportation carriers and manufacturers, to render false approvals could occur. Just

think of how the rest of the regulatory and procedural security measures employed in the

intermodal maritime supply chain could be compromised.

When looking at navigation and cyber threats, hacking or jamming the global

navigation satellite systems (GNSS) could impact operations in ports and navigation in

constricted waterways. [30] GNSS is the interoperability and compatibility among

satellite navigation systems, such as modernized GPS. [31] This creates a problem, as

these threats move rapidly making it difficult to trace intrusions and, if state sponsored,

could use spoofing to affect navigation at sea. All of this could “mask” the true location

and speed of a ship.

Cyber security is a complex problem, in part because it involves the public and

private sector. [32] The private sector stakeholders look at the investment involved, and

current security measures are focused on the physical. Going forward, solutions should

focus on investing in cyber security, protecting infrastructure, especially that which is

cyber focused, prioritizing risk and reducing cyber vulnerabilities. Being invisible to the

27

casual observer, cyber vulnerabilities are a challenge. [33] This is true for the vessel and

facility operators. Assessing risk will involve determining the systems that are cyber

system dependent, vital to operations, interconnectedness of the systems and

consequences of an exploitation. Aboard ship, cyber system standards should be

developed and implemented to reflect the environment in which they operate.

Recent developments in intermodal container maritime container tracking are a

deeper investment in tracking technology by two of the three largest international

container lines. [34] This will be accomplished by providing more real-time information

to allow greater visibility in-transit over the current electronic data interchange and other

methods with greater reliability.

2.4 APPROACH

The information in this section is a description of the issues associated with the

intermodal maritime container supply chain, threats and vulnerabilities, and security

measures. The analysis and framework to be developed will subjectively look at the

presence or absence of security measures and exposure to threat and, ultimately,

minimizing the risk of a WMD being smuggled into the U.S. It will not look at what

should be done physically, procedurally and with regard to regulations to improve

security. The risk components and assessment model, which will be developed in

Chapter V, are intended to be used by stakeholders in route selection in whole or in part.

Although not a separate component, the all-encompassing cyber threat will be

subjectively factored in the components in the framework.

28

A value added will be the possible use of the framework to monitor and manage

drug smuggling and other criminal, non-terrorist activities.

29

III. LITERATURE REVIEW

From the information in Chapter II, it has been determined that there is no single

solution when it comes to determining the risk of maritime transportation in the ports, at

sea and in the intermodal container supply chain from the manufacturer to the sea port of

departure (SPOD). In addition to getting a handle on the security programs and measures

in place and threats and vulnerabilities, how the risk of compromising maritime

intermodal containers is assessed must be determined. This section will look at risk

assessment approaches, frameworks, etc. that are focused on maritime intermodal

containers, maritime security risk assessment methods in general and other risk

assessment methods that could be adapted to the risk associated with maritime intermodal

containers. The risk assessment process will also be looked at in general to understand

the penchants of the industry and academia with regard to quantitative and qualitative

methods.

As stated previously, the Rail Corridor Risk Management System (RCRMS) was

considered for adaptation for this research. However and from many discussions with

railroad and industry experts and practitioners over several years on a non-attributed

basis, RCRMS was found to be so complex and data intensive, the large and small

railroads were begrudgingly using it and looking for alternatives. As with RCRMS,

available risk assessment methods can be either costly, cumbersome to operate or both.

As stated previously, the purpose of this endeavor is to develop a risk assessment method

that is easy to use and understand, thereby providing timely results, and does not

consume extensive resources to conduct. The following sections will look at some of the

30

government and industry risk assessment methods and independent research. The review

will be primarily on the applicability and mechanics of the models, what they consider

and, ultimately, how they would affect end-to-end supply chain security, to include from

manufacturer to foreign ports, at sea and at U.S. ports to the ultimate user.

3.1 GOVERNMENT APPROACH TO RISK ASSESSMENT

The Government Accountability Office (GAO) in its report on supply chain

security and assessing the risk from foreign ports has indicated that CBP and the USCG

have models that address risk at foreign ports and of the cargo carried on the ships. [2] In

this process, the USCG model provides for operating decisions for its International Port

Security Program (IPSP). CBP developed a model to further its 100% scanning

requirement, but the model was not implemented. This creates doubt with regard to the

viability of some Container Security Initiative (CSI) ports abroad.

For U.S. ports, the USCG’s Maritime Security Risk Assessment Method

(MSRAM) enables the USCG and maritime stakeholders to perform scenario-based risk

assessments to support risk management involving critical infrastructure and key

resources (CI/KR) in and around port areas and facilities. MSRAM utilizes a

combination of target and attack modes in terms of threats, vulnerabilities and

consequences, and measures the risk from a local, national and international level. In

addition to the traditional methods (e.g. landside and waterside) the attack modes

considered include cyber threats. [35] The benefit of MSRAM in this research is the

relative surety of the physical security measures in place at U.S. ports and foreign ports

where similar risk assessment models are used and verified. A disadvantage of MSRAM

31

and its availability to industry is that the assessment results are classified. The concept of

MSRAM is an adjunct to the USCG International Port Security Program that assesses the

security of foreign ports.

DHS has an overall approach to assessing risk. Risk analysis is more developed

in the insurance and financial industries and less in homeland security. This is, in part,

because of the dynamic nature of terrorism and lack of a historical database for terror

attacks. Therefore and through 2007, the risk analysis methods have been primarily

probabilistic assessments relying, in part, on intelligence. [36] DHS recognizes that

terrorism risk analysis and assessments do not exist in a vacuum, but rather it looks at

mitigation measures to “buy down” risk. DHS looks at this process as part of the

Homeland Security Grant Program (HSGP) to understand the return on investment (ROI)

of investments in security, make the risk allocation process transparent and develop a

long term strategy for assessing, mitigating and managing risk. The methodology is

general in nature focused on funding and phased to reflect the level of funding, and built

g

upon the widely accepted risk equation R = T x V x C.

The U.S. Army’s CARVER targeting method was developed for and used by U.S.

Army Special Forces during the Vietnam War for mission planning and validation, and

target analysis and selection. [37] CARVER is an acronym for Criticality, Accessibility,

Recuperability, Vulnerability, Effect and Recognizability, which are the factors in target

selection in the analysis. It is a subjective analysis that utilizes a range of values from 1

to 10 to determine effectiveness.

This method of analysis has been adapted for civilian and government use and the

protection of assets, and determination of vulnerability. For example, the U.S.

8 R = Risk, T = Threat, V = Vulnerability and C = C onsequence.

32

Department of Agricultures (USDA) and U.S. Food and Drug Administration (USFDA)

adapted the CARVER model for the food and agriculture sector. This adaptation reflects

terrorists’ goals to inflect mass casualties and create economic and psychological

impacts. [38] In this instance, its principles will be considered in the assessment and

mitigation of, and protective measures for the supply chain to reduce the risk associated

with the delivery potential of a WMD or its components to U.S. shores. This will be

discussed in greater detail in Chapter V.

Also for the U.S. Army, Rand Corporation^ Arroyo Center developed a

vulnerability assessment method guide to assist in the identification of adversary, friendly

and other stakeholder strengths and weakness to, among other things, exploit adversary

vulnerabilities. [39] This is the premise and focus of this research. The Vulnerability

Assessment Method Pocket Guide (VAMPG) folds existing military methods already

being used into the process, such as CARVER, and identifies steps to further the targeting

of adversary facilities. They are: understanding the mission and operational environment,

determining the desired end state, developing the operational approach and assessing

effectiveness. It provides a comprehensive look at military targeting in a holistic manner.

VAMPG, like CARVER, is a subjective analysis method with ranges of values to

determine effectiveness.

3.2 RISK ASSESSMENT APPROACHES

Over the years, there have been many approaches to assessing risk developed that

could be used. They were and are based on, among other things, the reason for the

assessment, terrorist intent, what is to be protected and cost effectives. [40] They include

33

CARVER + Shock for military special operations, Operations Risk Management (ORM)

for military uses, Risk Analysis and Vulnerability Assessment (RAVA) for federal

government non-military uses and Threat, Vulnerability, Risk model (TVR) for the

computer industry. When looking at risk and as protective measures increase, softer

targets, such as those that impact economies, create fear and commercial targets become

more attractive. [41] This could be a guiding factor for a terrorist to ship a WMD in a

container to affect mainstream America.

Past experience and as evidenced from this research, has shown that risk

assessment approaches, models and techniques have been, what appears to be more

focused on the process of determining risk, rather than the benefit (the model has) of

minimizing and mitigating risk on a “real time” basis. This has resulted in complex and

resource intensive models that transportation providers cannot use for a myriad of

reasons. Cost, resource and data intensiveness, and computer and analytical expertise are

just a few of the reasons the industry is hesitant to use them. They need immediate

assessments and not a long, drawn out process, as there may be a need to respond to an

immediate threat.

Risk assessments have been researched and developed, and methodologies

published in text and reference books, and scholarly papers. The literature search

conducted herein substantiates the proclivity for complicated analytical models and, thus,

the need for a simple model representing industry and supply chain expertise as it

addresses security and risk. The following paragraphs present a discussion of maritime

and other risk assessment models found in the literature search that could shed light on

34

the process and, thus, an approach to this research that is appropriate for the intended

thesis to make the framework simple and “user friendly”.

Brian Bennett in his book on understanding terrorism and protecting critical

infrastructure and personnel discussed the CARVER model. [38] The discussion, in

addition to presenting the USDA/USFDA model, promoted the CARVER concept to look

at methods of attack or compromise and associated vulnerabilities and gaps. Bennett

finds the CARVER model a good decision matrix that shows the interrelationships

among assets, threat, vulnerabilities and protection measures.

Rutgers University conducted a U.S. Department of Transportation funded

research project to develop a probabilistic risk analysis (PRA) to quantify the likelihood

and consequences of a crude oil release accounting for route and train-specific

characteristics. [42] The research design approach was to be able to use the PRA results

in a GIS decision support tool. This research was the result of the 2013 Lac Megantic

Bakken crude oil train derailment and FRA’s 2015 rule for the safe transportation of

flammable liquids by rail. This employs an analytic model measured by the product of

probabilities and consequences of an oil release incident and several conditions and

parameters, to include FRA class of track, signalization and freight densities. One

deliverable of the research was a GIS-enabled decision support tool that automates the

analytical procedures.

Karim Vellani in his text on strategic security management [43], discussed

qualitative and quantities risk assessments. His assessment is that qualitative risk

assessments are best when historical information or metric data is unavailable. This, on

the surface, ignores the benefit of a subjective or qualitative analysis based on subject

35

matter experts, which is a premise of the U.S. Army’s CARVER model. His quantitate

approach is an analytical model that that looks at loss event probability and frequency

based on Risk = Threat + Vulnerability. He does, however, discuss specialized risk

assessment methodologies that address specific industries, assets and threats. The

CARVER model is one of them.

In a book on transportation security utilizing intelligent transportation systems

(ITS), the authors discuss several methods of assessing risk critical to transportation

infrastructure. [44] The first model, the Blue Ribbon Panel Method, utilizes a

quantitative approach and was developed for bridges and tunnels. It is based on

probability of risk of an infrastructure element, occurrence, vulnerability and asset

importance. A fault-tree analysis is also discussed, which is both a quantitative and

qualitative method, and is focused on infrastructure failure due to a deliberate attack. It

represents a graphical and algebraic Boolean relationship between fault events caused by

an unwanted occurrence. Next the book discusses using a simulation analysis that

evaluates different response plans or could be applied to courses of action, which could

be enhanced by animation to train first responders. The Monte Carlo method of analysis

is introduced to determine mathematical solutions where there are multiple, changing

factors. It is a multi-variant approach using random numbers to create a statistical

distribution based on the influences of the variable. The last model discussed is the

Weibell Hazard Model, which is used to estimate changing hazards based over time. It is

based on the statistical distribution based on shape, scale and location of the variables.

Like many other models discussed herein, with the possible exception of the fault-tree

analysis, they are not simple and require sophisticated mathematical and/or statistical

36

analysis. The fault-tree analysis may not be as analytical as the others, but is not simple,

which is the intent of this research.

In a paper on maritime transportation system (MTS) vulnerability assessment,

Berle et. al. determined that there were no methods that specifically assessed MTS risk.

[45] This document further stated that supply chain risk assessment frameworks only

considered anticipated threats and not those that were unforeseen. The paper presented

the concept of transferring the principles of a safety-oriented Formal Safety Assessment

(FSA) to a maritime supply chain Formal Vulnerability Assessment (FVA). The concept

was based on the ability of the maritime transportation system to endure and recover from

a disruption and to cope with low probability, high impact events. The framework looked

at failure modes, such as transportation and internal operations/capacity, and elements

across the maritime transportation system impacted by the failures, such as terminals and

intermodal connections. The above paper states that there is limited research on overall

maritime supply chain vulnerability and, thus, security. It suggests that future research be

framed to identify generic vulnerability in critical infrastructure in ports. It is a

subjective approach and relies on subject matter experts (SME) and experiential

information and data, and that “quantification” is via major or minor or no impact

determinations.

Subsequent to the Exxon Valdez oil spill in 1989, concern was expressed by the

stakeholders in Prince William Sound, to include the USCG, regarding the safety and

potential risk associated with the transportation of oil (in Prince William Sound). [46] A

probabilistic model was developed to address the risk and provide measures to reduce

them. The model was built based on a simulation of the oil transportation system in

37

Prince William Sound, data analysis and expert judgement addressing subjective

assessments for input into the probabilistic model. This model, as presented, loosely

parallels the subjectivity in the U.S. Army CARVER model, but with a more complex

analysis and numeric outcomes.

An analysis of security risk in the global container supply chain (GCSC) was

conducted by Bachkar et. al. in 2013 using the analytical hierarchy process (AHP). [47]

The objectives of the research was to formulate an AHP framework to address and

mitigate risk, prioritize and evaluate risk, and validate the assumptions based on SME

judgements. The paper cites previous research by Kumar et. al. that identifies six

common risk criteria associated with GCSC risk. [48] They are: measurement,

environment, personnel, material, method and machine. The AHP in the Bachkar et. al.

research, consisted of five steps: structuring the decision problem, collecting input data,

calculate relative priorities of the decision elements, derive decision alternative values

and validate the decision process. The process uses a subjective assessment of conditions

with a measurement scale to evaluate the six criteria. The results of the analysis showed

that 1) the findings were consistent with previous studies on container security and 2) the

most critical risk factor was personnel citing that security measures need to ensure that all

participants in the supply chain must be trusted.

The United Nations (UN), in a 2006 report, introduced a security risk assessment

and management framework to shift the focus of maritime security from facilities to the

supply chain and reflect the global scope of the transportation network. [49] The

document reviewed the current layered approach to security and suggested alternative

risk assessment methods to reflect the complexity of the integrated global transportation

38

network. The complex regulatory environment and operating scenarios are key

considerations and challenges, as well as an opportunity to secure the supply chain. It

cites several U.S. and international regulations and programs, to include the ISPS Code

and its AIS requirement, CBP’s CSI and C-TPAT, and USCG’s MARSEC (maritime

security) level and MTSA requirements as part of the process.

The UN report further discussed event and fault tree analyses as possible methods

of identifying and assessing risk paralleling the ISPS accepted MARSEC levels of 1

(minor) to 3 (major) as rating scale values. In its research, the UN observed several

issues regarding regulatory risk that could have an impact on the framework. They

include regulatory risk being reactive, that there is no established framework for risk

assessment outside of government regulations and that few countries have undertaken

comprehensive regulatory assessments. When looking at issues surrounding current risk

assessment methods, several stood out to the UN in its research. They include

understanding the impact of terrorist events on the supply chain, inadequacy of traditional

approaches to modelling threats, vulnerabilities and risk (e.g. probabilistic) and

quantifying cost/benefits among the supply chain stakeholders. The UN report

framework is based on three sources of risk: environment, which addresses external

sources (e.g. terrorists); organizational, which addresses uncertainty in the supply chain;

and network-related, which addresses interactions between organizations and the supply

chain. The latter includes uncertainties associated with trading with non-complaint

partners. A balanced approach is sought to address the efficiency in a deregulated

environment with the security requirements from an increasingly regulated environment.

39

Maritime security has become a major concern. A central issue is how to enhance

security while not adversely affecting efficiency. In addressing the issue, there are three

cornerstones for effective maritime security management: quality, risk, and business

continuity management. The major objective of the empirical research conducted was to

identify factors important to effective maritime security. A conceptual model was

developed by Thai that included 13 dimensions (e.g. structured security policy,

stakeholder communications and management buy-in) and 24 associated factors (e.g.

clear definition of risk levels, resources and contingency planning). [50] The model was

tested with the result being that the findings supported the validity of the 24 factors and

that security incident handling and response are regarded as the most important, along

with risk assessment, risk-based security mitigation strategies and plans, and management

commitment. The Thai model used an involved and detailed statistical model to report

on the research results. It is not simple and is resource intensive requiring extensive data

and appears to be more process focused than providing the industry with a “hip pocket”

assessment than can be used anywhere at any time to address threats and vulnerabilities

to protect the supply chain.

In looking at risk assessment models for aviation transportation, the

preponderance of models found focused on checkpoint risk. Because of the limited scope

of this, any method used would be inappropriate for a global risk assessment framework.

In a document by the RAND corporation, the TSA Risk Management Analysis Tool

(RMAT) was evaluated for its validity and applicability to address TSA’s risk assessment

needs for the commercial air transportation system. [51] RMAT is an analytical

simulation model that is comprised of two conceptual models; adversary and defender.

40

The model is data intensive with about 4300 input variables. Of the results of the

evaluation, the reliance on a large number of uncertain parameters and conceptual models

would not be suited for strategic decision making regarding risk mitigation. This is

consistent with the premise of this research that complex and data intensive models are

not in the best interest of minimizing risk.

3.3 MARITIME APPLICATION OF THE CARVER MODEL

In the literature search, no models were found that fully and comprehensively

addressed the physical, operational and procedural assumptions to be used in an

experiential risk assessment model. It appears that risk assessments for the maritime

container supply chain and environment, and ports in general, are subjective in nature

following the principles of the AHP framework. This leads to the attractiveness of the

CARVER model as the basis of the model developed herein, as the practitioners are the

SMEs, which lends to the validity of the approach. We can also see that the UN report

considered a subjective approach to assign values to assess risk, as did the government

and other models and analysis frameworks reviewed, which further validates the

subjective, rather than objective, approach to framework development.

As stated herein, quantitative modeling would likely be complex and overshadow

the intent to assess risk as part of route and port selection criteria. It is also inconsistent

with the intent of the framework to be developed, which is simplicity. As we learned

from the railroad industry with RCRMS, as discussed in Chapter I, practitioners do not

want to be overcome by complicated, cumbersome and costly models. Therefore, a risk

assessment model that is experiential, intuitive and easy to operate, and that is helpful in

41

port and route selection would be beneficial. The model should reflect the layered

approach to security and provide a risk assessment that can become established outside

that which is government regulation focused. For these reasons, the U.S. Army

CARVER model was selected for adaptation for the intermodal container maritime

supply chain risk assessment framework.

The U.S. Army CARVER model is suitable as a framework where there are no

apparent methods to simply, subjectively and efficiently address intermodal maritime

container risk. This framework is, for all practical purpose, limited in scope and

conceptual in nature to address a thesis focusing on the assessment process and

components that measure risk from a practical and operational perspective. This research

applies a case study approach that can be useful in the early phases of research where

there may be no prior theories or previous work and is intended to be theory building,

rather than testing. [52]

The Maritime CARVER framework uses a simple and subjective approach that is

based on subject matter experts (SME). Traditional risk techniques and models are often

data intensive focusing on severity and probability and, although beneficial, often result

in modeling methods that are intractable. The Maritime CARVER framework, on the

other hand, uses a small number of data that is readily available, as it is part of the

intermodal maritime container supply chain process. Probability and severity are

introduced subjectively by the SMEs, based on their experience, as they assign the

numeric values based on the conditions in the tables. This provides for a manageable

assessment process and not one that is intractable because of extensive data requirements

and analysis.

42

Therefore, the intent of this research is to develop a framework that is focused on

assessing risk from a practitioner’s perspective and, thus approach, and not one that is

analytically and theoretically driven.

43

IV. INTERMODAL CONTAINER SUPPLY CHAIN

Before an assessment method can be determined, an understanding of how a

container gets from a foreign manufacturer to the consumer in the U.S. Figure 4.1 is a

graphical representation of the flow depicting the permutations in the supply chain based

on, among other things, the role of the exporter and importer, transportation modes used,

modal transfers, areas posing constraints in the flow, characteristics of the ports and their

operations, and other transportation nodes.

Foreign U.S.

Landside W atersid e Landside

Exporter wm\ H H I A | 1

A |

Intermodal Railroad

Load Center Port

Key: Alternate links land maritime

Might be single or multiple entities

% *1canals „ .

< • ■ • \ A Anchor

ages

:<■ ■ ■ \ /•

Risk areas- vessel enters and exits during transit

Load Center Port

Intermodal Railroad

Importer

Figure 4.1 Intermodal Maritime Container Supply Chain

The analysis will look at the foreign landside flow, in-transit operations via

international and U.S. waters and, then, approaching and at U.S. ports and inland flow.

44

First, an overview of the links and nodes comprising the supply chain will be

presented. The nodes will consist of the physical facilities associated with the

manufacture of the goods to be shipped, transfer points (node to node) and ports. The

links will be the movement by rail, truck and/or ship from node to node. Finally, the

supply chain will undoubtedly have constraints along the way, which includes canals and

straits, and anchorages, where ships may remain for periods of time. Although straits and

canals are physical and geographic features, they will be treated as a link. Areas of

compromise, such as known piracy, will also be considered as part of the route

determination process.

4.1 FOREIGN LANDSIDE

Let’s start with the foreign landside component of the supply chain, as shown in

Figure 4.2. Note that, although the figure depicts a movement from manufacturer and/or

exporter by truck to an intermodal rail yard, feeder port or load center port, rail may also

serve the manufacturing facility and proceed directly to the load center port.

Feeder Port

Intermodal Railroad

Inland Trucker

Load Center Port

Manufacturer

Exporter

Figure 4.2 Intermodal Maritime Container Supply Chain (Foreign Landside)

45

A product is manufactured in a factory at an overseas location say in China, and is

shipped to the U.S. via Shanghai, which is the busiest container port in the world. [53]

An exporter is used by the manufacturer on its behalf to sell its goods to a customer in

another country; the U.S. in this case. From a customs perspective, it is the agent for the

manufacturer who makes the necessary customs declarations.

From the factory, the intermodal container is either loaded onto a truck (inland

trucker) or rail car (intermodal rail) and is brought to a feeder port or directly to the load

center port like Shanghai for the long haul. In the former case and by truck, the container

is loaded onto a feeder ship9 for transport to the load center port. In this case, the

container is handled 3 times; at the manufacturing facility, at the feeder port and, then, at

the load center port. If the latter and by truck, the container is brought directly to the load

center port and transloaded onto the ship. The container is handled twice; at the

manufacturing facility and load center port.

Using rail, a container can be handled 3 times when using feeder ports; at the

manufacturing facility, at the feeder port, and finally at the load center port. This

assumes that the manufacturing facility and the ports have railheads. If not, the

containers are handled 5 times; at the manufacturing facility, at intermodal facilities near

the manufacturing facility and feeder port, feeder port and at the load center port. When

transporting directly to the load center port, the intermodal maritime containers are

handled 2 times when there is a railhead in the manufacturing facility and load center

port. If the manufacturing facility and load center port do not have railheads, intermodal

yards will be required. In this case, the container will be handled 4 times.

9 A seagoing vessel with an approxim ate capacity o f carrying 300 - 1000 tw enty-foot equivalent units (T E U ) for the purpose o f consolidating intermodal containers at a central container terminal to be loaded onto larger vessels for long haul maritime voyage.

46

The following table summarizes the number of times an intermodal maritime

container could be handled from manufacturing facility to load

Table 4.1 - Handling of Maritime Intermodal Containers Landside Foreign

Transportation Node Rail Truck Rail and

Truck To load center port via feeder port

At manufacturer 1 1 1 At intermodal yard 1 At intermodal yard 1 At feeder port 1 1 1 At load center port 1 1 1 Total times handled 3 3 5

To load center port direct ly At manufacturer 1 l 1 At intermodal yard 1 At intermodal yard 1 At load center port 1 l 1 Total times handled 2 2 4

4.2 WATERSIDE

Continuing the movement of the intermodal containers to the waterside of the

supply chain, you are looking at the movement from the feeder to load center ports and,

then, to a U.S. load center port and onward movement to smaller or feeder ports. Figure

4.3 is a graphic representation of the links and involved nodes in this phase.

47

Feeder Pori

..M A

U.S. Load Center Port

Canals, Anchorages and Straits

V A

Canals. Anchorages and Straits l .S. Feeder

Port

Load Center Port

Figure 4.3 Intermodal Maritime Container Supply Chain (Waterside)

The feeder ships would traverse open waters, and could pass through canals and

straits, be close to land, and sit at anchorage awaiting entry into ports and/or passage

through straits or canals. From the load center port, the intermodal container will be

stowed in a line haul vessel that will transit an ocean and/or sea to its destination in the

United States. Based on the port of origin and port of destination, the vessel could

transit canals, pass through straits and be close to land, and remain at anchorage for a

period of time (e.g. Gatun Lake prior to transiting the Gatun Locks of the Panama Canal).

Although the handling of the containers is not the primary issue when at sea,

compromising the container contents is what the risk is. When passing through a canal or

strait, the ship is close to land and could be accessed with relative ease. In a strait, the

vessel could be approached by what would appear to be a harmless small boat that could

deliver a WMD or WMD materials or operatives or both. The same goes for ships at

anchor. Think of the USS Cole, when at anchor in Yemen's Aden harbor, which was

bombed by what appeared to be a harmless small boat.

48

The Strait of Malacca, which connects the Pacific and Indian Oceans, is of

strategic importance to global commerce and is heavily utilized with nearly 100,000 ships

transiting it annually. [27] Being less than 2 miles across, it is subject to piracy and

accidents, such as the collision between the USS McCain and the tanker Alnic MC in

2017. It was reported that rerouting around the Strait of Malacca would be costly and

add considerable time to the voyage. This, like with ships at anchor, could provide a

situation where small boats could approach the larger ships relatively unnoticed.

A potential vulnerability of vessels at sea, is when a ship or small boat could

transfer people and/or material much in the same manner as naval vessels refuel and

resupply at sea (connected replenishment [CONREP]). [54] The ships would hold a

steady course and speed in the vicinity of 15 knots to affect the transfer. Safety is an

issue and the transfer would be conducted accordingly, but given the intent of terrorists,

safety would not be much of a concern if they wanted to transfer WMDs or WMD

material. At this point, the 2 vessels would be side-by-side and not easily identified as 2

separate ships by automated identification systems (AIS) used to track ships. This could

be further exacerbated by one or both of the vessels not having AIS transceivers on board

or not having them activated.

Once the vessel offloads at the U.S. load center port, it could be loaded onto a

feeder vessel or barge to a smaller U.S. port. Since the security protocols (e.g. USCG

and CBP) are rigorous at U.S. load center ports, the risks associated with handling the

container and shipping it “inland” via feeder ship, rail or truck are perceived to be

minimal. A risk, albeit small, exists when the ship remains at anchor before entering the

U.S. load center port.

Rather than considering the number of times a container is handled, like landside,

this phase will address the potential for compromising a container at sea, through canals

and straits, and at anchorage. For Table 4.2, below, it will be assumed that, at anchorage,

a ship will be either awaiting passage through a canal or strait or in U.S. waters awaiting

entry into the load center port. Each are at potential risk of compromise for the reasons

described herein. Routing assessed will be a combination of the waterside constraints

that may be encountered.

Table 4.2 - Routing Considerations of Maritime Intermodal Containers at Sea

Waterside Component/Constraint Waterside Routes

A B C D Open ocean 1 1 1 1 Thru a canal 1 1 Thru a strait 1 1 At anchorage 1 1 1 1 Total components/constraints 2 3 3 4

The route designations (A, B, C and D) in the table are randomly labeled to show

reflect the components and constraints that could be encountered.

4.3 U.S. LANDSIDE

Once the vessel leaves anchor and enters the U.S. load center port, the intermodal

maritime container will be transferred to a feeder vessel, rail and/or truck in the reverse

order as that in the foreign landside discussion. In the feeder vessel case, the container

will be drayed to another pier assumedly in the same port. If destined to rail, the

container will either be transferred to a rail car, if there is an intermodal yard within the

port, or to a truck, if the intermodal yard is not within the port. If offloaded directly to

50

truck, the container will only be handled once before it reaches its final destination. This

portion of the supply chain flow is graphically depicted in Figure 4.4, below.

Feeder Ship

Intermodal Railroad

Inland Trucker

Inland Trucker

Inland Trucker

Intermodal Railroad

Inland Trucker

U .S. Feeder Port

U .S. Load Center Port

Importers

Figure 4.4 Intermodal Maritime Container Supply Chain (U.S. Landside)

Table 4.3 shows the number of times the container will be handled. The rail

move is based on a railhead in the port. The combined rail and truck move is based on an

intermodal railhead outside of the port and where the container will be transferred to

truck for its final leg of the journey. Although unit container trains are common, efficient

and cost-effective, the sole move by truck requires the least handling (of the container).

Table 4.3 - Handling of Maritime Intermodal Containers Landside Foreign U.S.

Transportation Node Truck Rail Rail and

Truck To feeder port via load center port

At U.S. load center port 1 1 At feeder port 1 1 At port intermodal yard 1 1 At intermodal yard 1 1 Total times handled 2 2 4

To final destination At the U.S. load center port 1 1 1 At port intermodal yard 1 At intermodal yard 1 Total times handled 1 1 3

51

The intermodal maritime containers will be randomly inspected and/or targeted

for inspection once offloaded in the first U.S. port and transferred to rail or truck. This is

in addition to the vetting and security measures undertaken to and in the foreign port, and

in transit at sea. The supply chain container flow for the risk assessment will end once

clearance is received and the intermodal maritime container leaves the final transfer point

at the port for the haul inland.

4.4 CONTAINER FLOW RISK FACTORS

In analyzing the risk associated with the container flow, risk factors would be looked

at as potential “points” where risk could be heightened or mitigated. Background on the

risk or mitigation “points” to be considered in the assessment are summarized and

discussed, where needed, below:

• Vetting o f the foreign manufacturer and exporter

This could be problematic because the exporter may have acquired the goods in a

domestic marketplace and then became the exporter of record. There can be several

scenarios to this option. Many exporters, especially in Asia, are essentially the equivalent

of the export departments of firms that do not have the organization to support their own

export business. These are not just tiny firms scattered throughout Asia, but could be run

in the names of substantial firms, such as Fuji in Japan.

• Vetting o f maritime transportation company

When discussing international shipping companies, the container trades are

dominated by relatively few firms. It is common knowledge that a vast majority of the

52

traffic moves among those carriers, such as Hapag Lloyd, Evergreen, NYK, COSCO,

Maersk, and NOL/APL.

• Number o f times containers are handled from manufacturer to foreign feeder

and/or load center port

This reflects “chain of custody” and number of times an intermodal maritime

container is handled (loaded, transloaded and offloaded) from foreign manufacturer to the

load center port. It includes rail, truck and feeder vessel to the container ship for the

ocean voyage.

• Physical and human security measures at feeder port and/or load center port

Physical and human security measures vary widely insofar as sophistication and

attention to detail is concerned. It includes perimeter and access control, cameras and

intrusion detection, lighting, etc. supplemented by law enforcement and regulatory

enforcement. A major concern is whether the feeder service crosses an international

boundary or not. If not, it can be assumed that this could be lax and that security will be

deferred to whatever load center port at which the containers are transloaded.

• CBP, USCG and other U.S. government oversight at foreign load center ports or

similar oversight by a foreign government, and at U.S. load center port

If the container crosses an international boundary, then the issues include the presence of

U.S. CBP, implementation of CSI (Cargo Security Initiative) and the due diligence of the

native customs service at the load center port. Also, CBP’s C-TPAT (Customs Trade

Partnership Against Terrorism) vetting is a factor, as well as USCG’s in transit rules [55]

and Ship Security Alert System (SSAS). These programs are not the total population of

DHS security programs on maritime and shipping security, but are key components.

53

• Ship’s routing traversing known piracy areas and passing through straits and

canals

This involves the potential for cargo being “tainted” without the knowledge of the

ship’s crew and/or the possibility that one or more of the crew members might be

compromised (insider threat).

• Ship remaining at anchorage fo r a period o f time, how many times at anchorage

and where.

There may be three vessels that could lie at anchorage: foreign feeder, line haul

vessel, and U.S. feeder. The major concern would be with the former (foreign feeder)

because of the potential lack of security supervision and oversight, but the latter (U.S.

feeder) cannot be excluded from concern.

• Number o f times a container is handled from U.S. load center port to inland

destination, to include via a feeder port

This is the same as the number of times a container is handled at foreign ports, but in

reverse order.

• Physical and human security measures at U.S. load center port and feeder port

Procedurally, this is within the customs territory of the U.S. involving among others

CBP, USCG and TSA, which makes the issue a domestic matter akin to that of an

intermodal freight train or a container traveling the highway. Physically, it includes

perimeter and access control, cameras and intrusion detection, lighting, etc.

54

• Vetting o f U.S. importer and consignee

This is a complicated matter, as CBP and TSA have several measures in place to

insure that the importer and consignee are trusted. CBP’s C-TPAT is just one program

that vets the importer or consignee.

It is not uncommon that the importer may not be the final user/consignee. This is

where the matter could become murky depending upon whether the final consignee has

the resources to operate as an importer or not. If not, it is common for a customs broker

to be named as the importer of record. There are two other potential scenarios for this: a

large firm, including trading companies, engaging in trade with subsidiaries importing

their product even though the ultimate customer is a U.S. firm that is the ultimate user

and using a foreign affiliate as the importer of record. There is an industrywide concern

about the intelligence gathering activities of competitors causing the consignee to

purposely not wanting to be the importer of record. This is so that trade secrets and

strategies are not divulged to competitors.

55

V. ASSESSMENT METHODOLOGY

The objective of this research and this chapter is to develop a simple methodology

that would assess the risk of route choices and supply chain partners from foreign to U.S.

ports. The risk in this endeavor is focused on the ability of terrorists to transport weapons

of mass destructions (WMD) and/or material to make them in intermodal maritime

containers destined to U.S. ports and inland destinations. A value added to this research

is the potential application of this process to the smuggling of drugs and other contraband

via intermodal maritime containers, which also have terrorist links.

The original focus of this research was to adapt and retool the Federal Railroad

Administration’s (FRA) Rail Corridor Risk Management System (RCRMS) to the risk

associated with the transport of intermodal maritime containers. This initial approach

was taken because many of the 27 factors in RCRMS have similarities in operation and

physical characteristics that could be adapted to maritime environment. Based on

personal institutional knowledge of the subject, and discussions with railroad industry

experts and after additional research, it was determined that, because RCRMS was too

costly and time consuming to run and many railroads balked at or did not have the

resources to run the risk model, this methodology would not be appropriate and is not

being pursued.

In analyzing the risk, the following factors will be looked at as potential “points”

where risk could be heightened or mitigated. The risk or mitigation “points “, which

were discussed in Chapter 2, to be considered in the assessment are:

Vetting of foreign manufacturers, exporters and land and maritime

transportation companies, and, to a lesser degree, U.S. land and maritime

transportation companies, importers and consignees. This is because once the

intermodal maritime container and its contents reach U.S. ports, they have

been vetted, inspected and protected (e.g. tamper proof seals) extensively and

pose a reduced risk.

Number of times the intermodal maritime containers are handled from

manufacturer to foreign feeder and/or load center ports.

Physical and human security measures at foreign and U.S. ports.

CBP, USCG and other U.S. government, international and host national

oversight of the supply chain and at the foreign ports.

Tracking the ships by technological methods, such as automated identification

systems (AIS), GPS, etc.

Shipping lanes/routes traversing known piracy areas and passing through

straits and canals.

Ships remaining at anchorage for a period of time, how many times and

where.

Number of times intermodal maritime containers are handled from U.S. load

center port to inland destination, to include via a feeder port. Although the

framework will not address the inland movement once reaching the U.S., it is

something that should be kept in mind.

57

The assessment methodology is developed based on these individual “points” or

processes in the intermodal maritime container flow (e.g. foreign manufacturer to load

center port) and the movement in its entirety (to the U.S. port of entry).

5.1 CARVER METHOD

For the assessment, an adaptation of the U.S. Army’s CARVER method of target

analysis is proposed. [37] CARVER was developed and used by U.S. Army Special

Forces in mission planning and validation, and target analysis. This method of analysis

has been adapted for civilian and government use and the protection of assets, and

determination of vulnerability (e.g. the U.S. Department of Agricultures’ adaptation for

the food and agriculture sector.) [56] In this instance, its principles will be used to assess

the mitigation and protective measures in the supply chain to reduce the risk associated

with the delivery potential of a WMD or its components to U.S. shores. CARVER is an

acronym for Criticality, Accessibility, Recuperability, Vulnerability, Effect and

Recognizability, which are the factors in target selection in the analysis.

Before adapting the CARVER factors to this maritime risk model, let’s look at the

original description of them from FM 34-30, Appendix D.

• Criticality - Target value with regard to whether or not destruction or damage

would have a significant impact.

• Accessibility - Ability of the operational elements to reach and attack the

target/asset.

• Recuperability - Measured in time, it is how long it takes for the adversary to

recover from the attack on the target.

58

• Vulnerability - The ability of the operational element to successfully attack

considering the target’s defensive measures.

• Effect - Potential impact on the military, political and economic environments,

and psychological and sociological impacts at the target and beyond.

• Recognizability - The extent at which the target can be recognized in all weather

conditions and seasons, and geographic characteristics.

The CARVER model sets criteria describing the factors’ impacts on the assets and

assigns a value from 1 - 1 0 that reflects the affect the attack and resulting damage. The

lower numbers reflect lesser impacts and the higher numbers reflect higher impacts. For

example and for Vulnerability, the lower numbers reflect more hardened and protected

targets requiring greater targeting measures and, perhaps, weapons. At the higher end,

less detailed targeting and lesser weapons could successfully compromise the target.

The following is a re-creation of Figure D -l, Completed CARVER Matrix, from

FM 34-36, Appendix D, to depict the end result of a targeting analysis. The total

represents the relative desirability of the potential target to be used in target selection

among many targets.

Table 5-1. CARVER Matrix from FM 34-36, Appendix D

lulk Electric Power Supply Potential Targets C A R V E R Total Fuel Tanks 8 9 3 8 5 6 41 Fuel Pumps 8 6 2 10 5 3 34 Boilers 6 2 10 4 5 4 31 Turbines 8 6 10 7 5 9 45 Generators 4 6 10 7 5 9 41 Condensers 8 8 5 2 5 4 34 Feed Pumps 3 8 5 8 5 6 33 Cir. Water Pumps 9 8 5 8 5 4 33 Generator Step Up Transformer

10 10 10 9 5 9 53

59

The score of 53 out of a possible score of 60 would indicate that the generator

step up transformer would be the primary target within the bulk electric fuel supply

facility when prioritizing the attack based on probability of success and maximum

impact. Now and when considering the bulk electric fuel supply facility against other

targets, say a highway bridge on a major arterial, an aggregate score of the components

comprising the facility should be considered. In this instance, the aggregate target value

would be 39.

5.2 FORMULATION OF MARITIME RISK ASSESSMENT FRAMEWORK

Taking the concept and principles of CARVER, a risk assessment method can be

developed to address the security of transporting intermodal maritime containers. The

first thing will be to identify the “assets” to be considered in the analysis. They would be

from the physical security measures at the ports to the vetting of the manufacturer and

exporter to U.S. government and international security measures employed at foreign

ports and at sea. The potential “points” where risk could be heightened or mitigated,

presented in Section 5.1, will be used as the basis of the framework. Note that the greater

likelihood of placing a WMD or WMD material in a container is prior to entering the

foreign port and when being loaded on the ship.

5.2.1 Discussion of Model Factors

Given the potential “points” where risk could be heightened or mitigated in the

process, the following is an adaptation of the CARVER model factors to address the

shipment of intermodal maritime containers to the U.S. The framework will be

developed from a “targeted” perspective, rather than “targeting” as in the U.S. Army’s

CARVER model. The factors or “points” are based on a given capability and resolve of

60

terrorists to compromise an intermodal maritime container from the foreign manufacturer

to its inland destination in the U.S., and U.S., international and host nation measures to

thwart the terrorist. The components of the model are discussed below.

• Chain of custody - This factor involves the surface transportation from the

foreign manufacturer to the load center port, including via feeder ports, to the first

or subsequent U.S. ports via the number of times the container is handled. As

with the TSA’s regulation on chain of custody, [57] the more times the rail car

(or container in this case) is handled the greater the risk. The risk extends from

the surface modes to the handling of the intermodal maritime containers to and

from ships (e.g. feeder ship to a long haul vessel) and, to a lesser degree, on the

ships during the voyage. This is because, in part, the ships are not easily

compromised when at sea given tracking technology and difficulty in gaining

access to ships at speed. Also and based on the security measures in place prior to

arriving at a U.S. port, the risk of intermodal maritime containers will be

significantly lessened. Therefore, this factor will be limited to the landside and

water transport from the foreign manufacturer to load center port and not the at

sea portion of the supply chain.

• Approach (to targeting and monitoring) - For the operations to and through the

originating ports, this factor is based on Table 2 of GAO-13-764 (Figure 1.1) and

is focused on the examination of container shipments based on participation in

CBP’s Cargo Security Initiative (CSI) and targeting approach, and other U.S.

government and international security measures. In theory, governments

participating in CSI and accompanying stringent targeting measures the lesser the

61

risk would be. U.S. CBP’s targeting approach is via in-country personnel,

regional hubs, remote relying on host governments and NTC-C (National

Targeting Center-Cargo) relying on in-country personnel for high risk shipments

and U.S.-based personnel for low risk shipments. [2] This provides an indication

of the involvement of CBP in inspecting and vetting the intermodal maritime

containers before loading them on a ship.

• Routing - This factor is the ocean voyage, which could also contribute to a

container being compromised. The proximity of the ships to land, especially in

known piracy areas, is another consideration, as would the physical features of

canals and straits and how they could lend to the possible ease of accessing a ship.

On the other hand, canals and straits can lend to the ease of monitoring and

observing ships. Although a remote possibility, connected or underway

replenishment (UNREP-U.S. Navy), as described previously, could provide an

opportunity to compromise an intermodal maritime container while at sea.

• Vetting - This factor is based on the vetting of the parties and cargo in the supply

chain. The first is the thoroughness of vetting, whether of the manufacturer,

exporter or shipping line and surface transportation providers. Then the strength

and weakness of U.S. government security initiatives, like CBP’s Cargo Security

Initiative (CSI), Customs Trade Partnership Against Terrorism (C-TPAT) and 24-

hour Advance Cargo Manifest Declaration Rule will be a consideration. When at

sea, adherence to U.S. and international rules and regulations will be the basis.

This includes the USCG’s Automated Identification System (AIS) and 96-hour

advanced notice of arrival (NOA) regulation (33 CFR 160.212), and CBP’s Smart

62

Box Initiative and Automated Targeting System (ATS). Cyber threats could also

compromise the vetting process, as would insider threats involving personnel

involved in the process.

• Exposure - This factor focuses on the vulnerability of the physical facilities

involved in the movement of the intermodal maritime containers, to include ports,

intermodal yards, etc., based on the physical and human security measures in

place. This includes, but is not limited to, perimeter and access control, intrusion

detection, cameras, lighting, terrain and geographic features, and the human

elements of the security measures. Cyber security for the tracking of the vessels

and its contents at sea in the harbors and ports, and managing container seals are

also considerations. Insider threats could also compromise the physical security

measures in place and increase the risk of compromise.

• Regulatory - This factor involves the U.S, international and host nation (State)

regulatory processes governing port and maritime security, and the transportation

of intermodal maritime containers. While each nation or State has its own

regulations governing maritime transportation and operations, the International

Maritime Organization (IMO), because maritime transportation is global, has

enacted conventions and treaties that embrace those of the individual nations or

States. [58] When looking at intermodal maritime containers, IMO’s Safety of

Life at Sea (SOLAS) convention and its International Ship and Port Facilities

Security Code (ISPS Code) is particularly relevant. State signatories to IMO

Conventions and treaties, such as the Mutual Recognition Agreement (MRA), are

considered fully compliant with U.S. regulations governing maritime facilities,

63

transportation and operations. [59] Therefore, this factor will look at the host

nation or State’s compliance with IMO conventions and treaties involving the

transportation of intermodal maritime containers.

As background, it is understood that U.S. maritime security is layered

starting with the origin of the container and follows it through its voyage to and

into the U.S. port. For example, CBP’s 24-hour Advance Vessel Manifest Rule,

Mutual Recognition Agreement (MRA) and Automated Target System (ATS),

and USCG’s International Port Security Program (IPSP) and 96-hour notice of

arrival (NOA) regulation [60] are overlaid with IMO’s treaties and conventions

for greater security.

5.3 MARITIME CARVER FRAMEWORK FACTORS

To use the new CARVER input variables, above, criteria and values, they must be

identified and defined. Again and based on the potential “points” where risk could be

heightened or mitigated, the following will allow the assessment of risk for the individual

factors and, then, the supply chain, as a whole. The following tables are to be used in the

CARVER matrix to determine segment or route acceptability with regard to risk.

5.3.1 Chain of Custody

Table 5-2. Chain of Custody Conditions and Values

Condition Value Combined rail and truck to feeder port via intermodal yards 9 - 10 Combined rail and truck to load center port via multiple intermodal yards

7 - 8

Combined rail and truck to load center port via intermodal yard 5 - 6 Direct rail or truck to feeder port from foreign manufacturer 3 - 4 Direct rail or truck to load center port from foreign manufacturer 1 -2

64

Note that once the ship is loaded, whether at the feeder or load center port, and

until it offloads at its destination, the container will not be “handled” and the chain of

custody will be with the ship’s officers and company officials.

5.3.2 Approach

5.3.2.1 Targeting Landside

Table 5-3. Approach (to targeting) Conditions and Values

Condition Value No coordinated or fully developed targeting approach by host nation government

9 - 10

Remote targeting approach via host nation governments and MRAs in place

7 - 8

Targeting approach is via CBP’s NTC-C for high risk shipments with in-country personnel and U.S. based CBP for non-risk shipments

5 - 6

Regional targeting approach by CBP personnel to examine containers 3 - 4 In-country targeting approach by CBP personnel to examine containers 1 -2

5.3.2.2 Targeting Waterside

Table 5-4. Approach (to targeting and monitoring) Conditions and Values

Condition Value Approach based on compliance with host nation programs only 9 - 10 Approach based on compliance with international programs only 7 - 8 Approach based on compliance with host nation and international programs

5 - 6

Approach based on compliance with U.S. and international programs 3 - 4 Approach based on compliance with U.S., host nation and international programs, rules and regulations

1 -2

Note that this table is for ships that have left port and before they reach the first

U.S. port, and is based on the application of the programs, rules and regulations

addressed in the Regulatory model factor.

65

5.3.3 Routing

5.3.3.1 Routing (ocean voyage)

Table 5-5. Routing Conditions and Values (ocean voyage)

Condition Value Ocean voyage with passage through strait and/or canal with anchorage 9 - 10 Ocean voyage with passage through strait and canal 7 - 8 Ocean voyage with passage through strait or canal 5 - 6 Ocean voyage with anchorage 3 - 4 Ocean voyage only 1 -2

Note that the routing also is for both the voyage from feeder ports and load center ports.

5.3.3.2 Routing (surface transportation)

Table 5-6. Routing Conditions and Values (surface transportation)

Condition Value Direct rail or truck or combined rail and truck greater than 500 miles 9 - 10 Combined rail and truck 300 - 500 miles 7 - 8 Combined rail and truck 300 miles or less 5 - 6 Direct rail or truck 300 - 500 miles 3 - 4 Direct rail or truck 300 miles or less 1 -2

Note that the conditions and values are based on 300 miles as the maximum distance that

can be accomplished in one day.

66

5.3.4 Vetting

Table 5-7. Vetting Conditions and Values

Condition Value No or insufficient vetting of the supply chain parties 9 - 10 Vetting of a minority the supply chain parties (e.g. manufacturer, exporter/importer, consignee, transportation companies and commodity) by other means, excluding CSI, C-TPAT and other approved means

7 - 8

Vetting of some, but not a majority of the supply chain parties (e.g. manufacturer, exporter/importer, consignee, transportation companies and commodity), by way of CSI, C-TPAT and other means

5 - 6

Vetting of a majority of the supply chain parties (e.g. manufacturer, exporter/importer, consignee, transportation companies and commodity) by way of CSI, C-TPAT and other approved means

3 - 4

Comprehensive vetting of the supply chain parties (e.g. manufacturer, exporter/importer, consignee, transportation companies and commodity) by way of CSI, C-TPAT and other approved means

1 -2

5.3.5 Exposure

5.3.5.1 Exposure (landside to/from and at ports)

Table 5-8. Exposure Conditions and Values (landside to/from and at ports)

Condition Value No or minimally coordinated physical and human security measures in place

9 - 10

Some, but not a majority, of the active physical security measures in place with some of the accompanying human security measures in place

7 - 8

Some, but not a majority, of the active physical security measures in place with accompanying human security measures in place

5 - 6

A majority of active physical security measures in place with accompanying human security measures in place

3 - 4

Active physical security measures in place, to include perimeter and access control, intrusion detection, cameras, lighting and cyber security, with accompanying human security measures in place

1 -2

67

5.3.5.2 Exposure (at sea)

Table 5-9. Exposure Conditions and Values (at sea)

Condition Value Less than comprehensive physical and procedural security measures at port of departure and/or arrival, virtually no onboard security on the vessel, and passing a known areas of concern (e.g. piracy)

9 - 10

Less than comprehensive physical and procedural security measures at port of departure and/or arrival and minimally robust onboard security on the vessel, and passing a known areas of concern (e.g. piracy)

7 - 8

Less than comprehensive physical and procedural security measures at port of departure and/or arrival, robust onboard security on the vessel, and passing a known areas of concern (e.g. piracy)

5 - 6

Comprehensive physical and procedural security measures at port of departure and/or arrival, minimally robust onboard security on the vessel, and not passing a known areas of concern (e.g. piracy)

3 - 4

Comprehensive physical and procedural security measures at port of departure and/or arrival, robust onboard security on the vessel, and not passing a known area of concern (e.g. piracy)

1 -2

5.3.6 Regulatory

Table 5-10. Regulatory Conditions and Values

Condition Value Country is unwilling to meet IMO conventions and treaties applicable to voyages to U.S. ports

9 - 10

Country is trying, but is unable to meet IMO conventions and treaties applicable to voyages to U.S. ports

7 - 8

Country is working towards meeting IMO conventions and treaties applicable to voyages to U.S. ports

5 - 6

Country meets IMO conventions and treaties applicable to voyages to U.S. ports, but vessel may not

3 - 4

Country is a signatory to IMO conventions and treaties applicable to voyages to U.S. ports

1 -2

5.4 MARITIME CARVER ASSESSMENT PROCESS

When populating the Maritime CARVER matrix, any of the supply chain partners

could do so, which is the intent of this framework. However, the parities that would be

68

most vested in the process and most likely to perform the task using the Maritime

CARVER framework, are the U.S. importer and container lines (e.g. Maersk).

The process, in which the Maritime CARVER will be undertaken, will start with

the development and collection of the input data. Whether formal or ad hoc, the

processes to collect and develop the input information is based on what is needed to vet

the containers and entities (e.g. C-TPAT and CSI), contained in the bills of lading and

ship’s manifest, etc. This provides virtually all of the required input information needed

to “run” the Maritime CARVER prior to or immediately upon sailing. This information

would be visible to the other supply chain partners, as well as government agencies, such

as CBP and the USCG. The Maritime CARVER framework process is graphically

presented in Figure D -l, below.

C onduct M aritim e CARVER

A ssessm en t

Expert Input?

M issing Run Multiple

A lternate RoutesInvalid

Solicit Input from Supply Chain

Partners Rerun Route Segm ents

Lowest Im plem ent Route

O ption

Figure 5-1. Maritime CARVER Framework Process

The steps involved in the process start with the development of the input

information for the Maritime CARVER and end with the selection and implementation of

the best routing options. The steps are as follows:

Development of input data - The information developed by the U.S. importer

and/or container line, will be based on the information readily available from the

documentation required to ship the containers to the U.S.

Input data validity - Most supply chain partners will have the expertise to provide

a majority, if not all of the input information. The first decision point is when the

entity performing the assessment determines if the input information is expertly

developed or if information from other supply chain partners/experts is required.

If the latter, the appropriate expert(s) should become involved in the process

before the assessment is conducted.

Conduct Maritime CARVER Assessment - Once the input data is determined to

be valid and expertly provided, the CARVER assessment should be conducted.

Missing or invalid data - Should a supply chain partner encounter a changed

condition (e.g. recent terrorist activity) or be made aware of or discovers missing

or invalid information (e.g. a factor is skewed and self-serving or left out), a

reassessment should be performed. This is the next decision point and could

involve the entire route, one or more route segments and/or CARVER factors.

For the reassessment, like the initial assessment, expert input data is essential.

Also, how the changed conditions or invalid or missing information could impact

other factors or segments within the route should be considered.

Run multiple alternate routes - This task would take the reassessment reflecting

changed conditions and missing and invalid information or the initial assessment,

if not impacted, and look at multiple routing options to select the route with the

least risk whether in total or to reflect skewed segments.

70

• Select lowest risk routing option - This is the third decision point and where the

parties vested in the process choose the most appropriate route based on the

process to this point. Although this process and research is solely based on

security, other factors could be considered in selecting the optimum route, to

include supply chain duration and cost.

Other than the U.S. importer and container line, other entities may be involved in

the assessment process, includes, but is not limited to the following entities.

• Port authorities and operators

• Land and maritime transportation providers

• Manufacturers and suppliers

• Exporters and freight forwarders

Although not part of the supply chain, government agencies, such as CBP and the USCG,

are involved in the overall process and provide oversight. They would be logical

agencies to monitor the assessment process or even require that it be part of the vetting

process. The latter would ensure that the assessment process is expertly prepared and the

information used is valid.

5.5 MARITIME CARVER FRAMEWORK SIMULATION

Once the conditions and values are determined, a CARVER risk matrix is

developed much in the same manner as the original developed by the U.S. Army. The

matrix to be created will be used to select ports, routes, transportation providers and

importers and exporters to minimize the risk. Like with the U.S. Army CARVER matrix,

the maximum value of any one component will be 60. The analysis conducted can be

71

used in a manner that would prioritize any segment of a route, such as avoiding a strait or

canal, and/or to choose one route over another.

For this discussion, an example has been developed using synthesized data

representing a realistic shipping route from a foreign manufacturer to a U.S. load center

port. From the World Shipping Council, about 38% of the TEUs10 shipped in 2013 were

from Asia to North America. [61] To develop the framework, let’s look at a container

ship sailing from Shanghai to Houston, TX through the Panama Canal. The analysis is

detailed in the sections below. Note that the values selected in each case are based on the

experience of those performing the analysis and subjectiveness of the components and

conditions in the tables. This approach allows for a de facto weighting of the factors and

resulting numeric values by experts. An interview protocol to guide the transportation

professional/ expert in “running” the framework is presented in Appendix A.

5.5.1 Maritime CARVER Analysis Route Segments

The routing for this analysis is based on China Shipping route designation AAE2

[62] with ports of call in Hong Kong, Chiwan, Ningbo and Shanghai in China, Pusan,

South Korea, and Houston, TX and other U.S. ports and is presented in Figure 5.1, below.

ftisan' M nhllr

Nln9bo" AAE2 Service Miim chlwane.

Hong Kong

Figure 5.2 - Simulation Example Routing Map

10 A 20-foot equivalent unit (T E U ) the m easurem ent o f intermodal containers stow ed in container ships. D im ensions are 20' long by 8' tall by 8 ’ w ide.

72

For the purpose of this analysis, let’s assume that the containers depart Shanghai

via a feeder ship and is tranloaded at Pusan onto a larger ocean going container vessel.

This is a variation on the AAE2 service for the purpose of this example. The route is as

follows:

• Manufacturer to Shanghai - Assume that land transportation is direct via truck

from the manufacturer to the port to be loaded onto a feeder ship. The length of

the truck haul is 400 miles.

• Shanghai to Pusan - The smaller feeder ship to Pusan is to be transloaded to the a

larger container ship heading east to the Panama Canal

• Pusan to the Panama Canal - This route is the ocean voyage along known

shipping lanes via the East China Sea and Korea Strait.

• Passage through the Panama Canal - This includes the container ship remaining at

anchor off Balboa before passing through the canal.

• Panama Canal to Houston, TX - This includes passing between Mexico and

Cuba, and Galveston, TX and Bolivar Peninsula, and up the Houston Ship

Channel.

5.5.2 Assumptions and Basis of Analysis

• The manufacturer, exporter and foreign trucking firm are CBP C-TPAT vetted

and the containers have been CSI cleared.

• The container is handled 2 times in the foreign landside move; at the

manufacturer and then at the feeder port.

• The route from the feeder port in Shanghai to the load center port in Pusan is via

the East China Sea and Korea Strait, and proceeds directly to the pier in Pusan (no

73

anchorage). There are no anticipated problems with passing through the Korea

Strait because of its width and depth. [63] The feeder ship does not pass through

a canal.

• From Pusan, the container vessel passes through the Korea Strait and south of the

Japanese mainland. The ship then crosses the Pacific Ocean to Panama Bay off

Balboa, Panama where it remains at anchorage until it cleared to enter the canal at

Miraflores Locks.

• In Gatun Lake, the container vessel will likely remain at anchorage for a period of

time before it is cleared to enter Gatun Locks for passage through the Port of

Colon to the Caribbean Sea.

• The route then proceeds to the Gulf of Mexico via the Yucatan Channel [64] to

Houston.

• The container ship travels through the narrow passage between Galveston and the

Bolivar Peninsula and up the Houston Ship Channel to its final destination;

Barbours Cut Container Terminal. It is assumed that, because of USCG

management of this area, no significant risk is anticipated. The ship is not

expected to be at anchor for any length of time in Galveston Bay.

• The containers are offloaded at Barbours Cut Container Terminal and loaded onto

rail via the near-dock rail ramp. The Union Pacific Railroad is the originating

railroad and interchanges the unit container train11 with the Burlington Northern

Santa Fe Railroad in Dallas/Fort Worth who, in turn, delivers it to their final

destination in Kansas City.

11 A unit train is a dedicated train carrying the sam e com m odity (containers in this instance) that is transported to the sam e destination from the same origin (Barbours Cut Container Terminal to Kansas City in this case.).

74

• The consignee (and importer in this case) and the Union Pacific Railroad and

Burlington Northern Santa Fe Railway are CBP C-TPAT vetted.

5.5.3 Maritime CARVER Analysis Framework “Run”

Given the routing and parameters, above, and CARVER matrix methodology the

following is an analysis of the route simulation presented above.

Route Segment 1 - Manufacturer to Shanghai

Chain of Custody - A value of 4 is assigned (Table 5-2). This is because the

transportation from the manufacturer to the feeder port is direct via a Chinese trucking

firm (containers handled 2 times).

Approach (to targeting) - A value of 6 is assigned (Table 5-3). This is because

both Shanghai and Pusan have a NTC-C targeting approach.

Routing - A value of 4 is assigned (Table 5-6). This is because the truck

transport, albeit direct, is 400 miles from manufacturer to feeder port.

Vetting - A value of 2 is assigned (Table 5-7). This is because the manufacturer,

exporter and Chinese trucking company have been properly vetted.

Exposure - A value of 2 is assigned (Table 5-8). This is because the port of

Shanghai is considered to have an extensive physical security program supplemented by

policing and human surveillance.

Regulatory - A value of 2 is assigned (Table 5-10). This is because the port of

Shanghai, foreign manufacturer and Chinese trucking firm are considered to be in

compliance with governing U.S., host nation and international regulations.

75

Route Segment 2 - Shanghai to Pusan

Chain of Custody - A value of 4 is assigned (Table 5-2). This is because the

containers will be loaded onto the ship in Shanghai and offloaded in Pusan (containers

handled 2 times), plus the chain of custody will be with the ship’s officers and company

officials during the sea voyage.

Approach (to targeting and monitoring) - A value of 2 is assigned (Table 5-4).

This is because the voyage is in international waters between China and Korea, both

major trading partners with the U.S., and in compliance with U.S., host nation and

international programs.

Routing - A value of 4 is assigned (Table 5-5). This is because the feeder vessel

sails directly to Pusan, but traverses the Korea Straits, which is wide and considered safe.

The vessel does not pass through a canal or remain at anchorage during the trip.

Vetting - A value of 2 is assigned (Table 5-7). This is because the maritime

transportation company and port workers (at both ports) have been properly vetted in

accordance with U.S. standards.

Exposure - A value of 4 is assigned (Table 5-9). This is because the ports of

Shanghai and Pusan are considered to have extensive physical security programs

supplemented by policing and human surveillance. The onboard security measures, as

with most ships, are not as robust as that needed to repel an attack, but the vessel is

sailing near China, Korea and Japan, which is not an area of known concerns, such as

piracy.

Regulatory - A value of 2 is assigned (Table 10). This is because all of the

components of the supply chain from vetting at the ports prior to departure and during the

76

voyage are considered to be in compliance with applicable U.S. and international rules,

regulations and programs.

Route Segment 3 - Pusan to Panama Bay/Canal

Chain of Custody - A value of 4 is assigned (Table 5-2). This is because the

container will have been offloaded from the feeder ship and loaded onto the line haul

vessel (containers handled 2 times), plus the chain of custody will be with the ship’s

officers and company officials during the sea voyage. Also, the container will be stowed

on the ship and, as in all segments, have a “tamper p roof’ locks.

Approach (to targeting and monitoring) - A value of 2 is assigned (Table 5-4).

This is because the voyage is in international waters between Korea and the Panama

Canal and in compliance with U.S., host nation and international programs.

Routing - A value of 4 is assigned (Table 5-5). This is because the line haul

vessel sails directly from Pusan to Panama Bay and remains at anchor awaiting passage

through the canal. Other than the Korea Straits, which is wide and considered safe, there

are no other constraints to the trip. Plus, the voyage will be along established sea lanes

far out at sea.

Vetting - A value of 2 is assigned (Table 5-7). This is because the maritime

transportation company and its crew, and cargo have been properly vetted by this stage of

the voyage.

Exposure - A value of 4 is assigned (Table 5-9). This is because the port of

Pusan is considered to have an extensive physical security program supplemented by

policing and human surveillance. The onboard security measures, as with most ships, are

77

not as robust as needed to repel an attack, but the vessel is not passing any areas of

known concerns, such as piracy.

Regulatory - A value of 2 is assigned (Table 5-10). This is because all of the

components of the supply chain from vetting at the ports prior to departure and during the

voyage are considered to be in compliance.

Route Segment 4 - Transiting the Panama Canal

Chain of Custody - A value of 2 is assigned (Table 5-3). This is because the

containers will be stowed on the ship and will not be handled during this segment of the

voyage, plus the chain of custody will be with the ship’s officers and company officials

during the sea voyage.

Approach (to targeting and monitoring) - A value of 2 is assigned (Table 5-4).

This is because the voyage will be within the Republic of Panama and in compliance with

U.S., host nation, international programs and the Panama Canal Authority (ACP) rules

and regulations.

Routing - A value of 8 is assigned (Table 5-5). This is because, although the

ship will essentially not be on an ocean voyage in this segment, it will navigate the

approximate 50 mile canal system. It will pass through 3 sets of locks, Culebra Cut and

likely remain at anchorage in Gatun Lake awaiting passage through Gatun Locks into the

Caribbean Sea. All of which is close to land and subject to potential interdiction.

Vetting - A value of 2 is assigned (Table 5-7). This is because the maritime

transportation company, the ship and its crew, cargo and documentation will be

scrutinized by the ACP prior to its traversing the canal.

78

Exposure - A value of 4 is assigned (Table 5-8). The Panama Canal is

considered to have an extensive physical security program supplemented by policing and

human surveillance. Despite this and because of the proximity of the ship to land for

nearly 50 miles and takes about 8 - 1 0 hours to cross, [65] physical and human security

measures may not be as effective as if the ship were stationary in a port or at sea.

Regulatory - A value of 2 is assigned (Table 5-10). This is because compliance

with U.S., international and host nation regulatory programs and agreements are

supplemented by compliance with those of the ACP to pass through the canal.

Route Segment 5 - Panama Canal to Houston, TX

Chain of Custody - A value of 2 is assigned (Table 5-3). This is because the

containers will be stowed on the ship for this segment and unloaded at a port subject to,

among other requirements, the SAFE Port Act, [66] and Maritime Transportation

Security Act [67] and required TW IC12. Further, chain of custody is addressed by TSA

for the containers transferred from the ship to rail. [9]

Approach (to targeting and monitoring) - A value of 2 is assigned (Table 5-4).

This is because the voyage will be within “reach” of the USCG, “examining” the

containers prior to departure and in transit is essentially complete, and compliance is now

more with U.S. than with international requirements.

Routing - A value of 4 is assigned (Table 5-5). This is because the ship will pass

between the Yucatan Peninsula and Cuba, through the narrow cut between Galveston and

the Bolivar Peninsula and, then, up the Houston Ship Channel. Although the latter 2 are

in U.S. waters and within the “reach” of the USCG, the physical constraints and being

close to land increase the risk.

12 Transportation W orker Identification Credential (T SA /U SC G )

79

Vetting - A value of 2 is assigned (Table 5-7). This is based on all vetting being

complete and that the ship cannot enter the port (anchored off Galveston in this case)

unless and until the 96-hour advanced notice of arrival is received and approved by the

USCG.

Exposure - A value of 4 is assigned (Table 5-8). This is partly based on the

layered physical and human security measures in place at the Port of Houston and along

the Ship Channel. Like the Panama Canal the chosen value is also based on having to

pass between the Yucatan Peninsula and Cuba, through the narrow cut between

Galveston and the Bolivar Peninsula and, then, up the approximate 50 mile long Houston

Ship Channel. The USCG, CBP and other law enforcement along the ship channel

mitigate the risk.

Regulatory - A value of 2 is assigned (Table 5-10). This is based on compliance

with U.S. and international regulatory programs and agreements will have been met

before entering the Houston Ship Channel.

Note that, of the value ranges available for each condition, the higher value is

selected. This is because security errs on the side of caution lending to the assignment of

the higher value available. Based on the Maritime CARVER risk matrix in Table 5-11,

there is equal risk between the segments from the manufacturer to the Port of Shanghai,

and transiting the Panama Canal. The least risk would be experienced in the segments

from Pusan to the Panama Canal, and Panama Canal to Houston. If you were to compare

this route to another shipping route to Houston, the trip would likely be westerly and

potentially passing through the Suez Canal, Straits of Hormuz and Malacca. The risk for

this route would in all probability be higher.

80

Table 5-11. Maritime CARVER Risk Matrix for Shanghai to Houston

Shanghai to Houston, TX

Route Segment C A R V E R Risk No.

Manufacturer to Shanghai 4 6 4 2 2 2 20

Shanghai to Pusan 4 2 5 2 4 2 19 Pusan to Panama Bay/Canal 2 2 4 2 4 2 16

Transiting Panama Canal

2 2 8 2 4 2 20

Panama Canal to Houston 2 2 4 2 4 2 16

Component Risk Number 2.8 2.8 5.0 2.0 3.6 2.0

Combined Route Risk Number 18

81

VI. CASE STUDY

6.1 INTRODUCTION

To validate the framework developed in Chapter V, intermodal container

shipments from a major German chemical producer will be used on a non-attributed

13basis. The information was provided by the German chemical company’s Director of

International Distribution.

The commodities produced and shipped include dyes, pigment and organic

intermediates; textile fibers; reprographic chemicals; surfactants and their precursors;

engineering polymers; and specialty fluoro compounds. They are packaged in steel,

plastic or fiber drums with plastic liners or polymers in corrugated cardboard or plastic

containers with plastic liners. Many of the products are either hazardous or prohibited

aboard aircraft, or were of relatively low value making airfreight not cost effective.

There are approximately 8,000 shipments per year transported with an equal distribution

between 20’ and 40’ containers resulting in approximately 12,300 TEUs annually. Bulk

shipments and those in ISO-tanks14 are outside the scope of this discussion.

The routing is from the chemical manufacturer in Germany through ports in

Germany, Netherlands and Belgium to primarily east coast ports in the U.S. The

container lines used include Hapag-Lloyd, Evergreen, Atlantic Container Line (ACL),

Sea-Land and Nedlloyd. The chemical manufacturer ships in intermodal maritime

13 The information was provided on a non-attributed basis because of, am ong other things the proprietary nature o f the data and sensitivity with regard to supply chain security. 14 A tank container designed and built to ISO (International Organisation for Standardisation) standards to carry hazardous and non-hazardous liquids in bulk.

82

containers. The routing from the manufacturing plants to the ports in Europe is presented

in the Table 6-1 in the following section.

6.2 SUPPLY CHAIN CHARACTERISTICS

This section details the supply chain and routing used for validating the

framework. The case study involves a German chemical manufacturer that ships from

ports in Hamburg and, Rotterdam, Netherlands and Antwerp, Belgium using several

container lines. Information obtained from the German chemical manufacturer is

provided in Appendix C and was provided on a non-attributed status.

The U.S. destinations are on the East, Gulf and West Coasts with multiple ports of

call after the first one, which is the Port of New York/New Jersey (NY/NJ). The

shipments are in maritime intermodal containers with volumes as discussed previously.

Transportation to the European ports is via truck, rail and barge with direct or

intermodal movements to the ports. The routing from the manufacturing plants to the

ports in Europe is presented in the Table 6-1, below.

Table 6-1. Container Routing at Origin

Origin Plant Seaport of Loading Land Mode Frankfurt Hamburg Rail haul from Frankfurt

to Hamburg Rotterdam, Netherlands

River barge from the plant on the Main River near confluence of the Rhine; then to Rotterdam

Wiesbaden Rotterdam, Netherlands

Trucked to the plant at Frankfurt and transferred to barge to Rotterdam

Cologne Antwerp, Belgium Trucked from plant to port

Hanover Hamburg Trucked from plant to port

83

Graphically, the routing is shown in Figure 6-1, below.

NY/NJ Norfolk Charleston Oakland

Port o f Hamburg

FIGURE KEY «...... Maritime <----- Truck •* Rail

NY/NJ Baltimore Savannah Houston

P ort o f R otterdam

Chester Richmond

Port o f Antwerp

. . . ~

German Manufacturer

Frankfurt

German Manufacturer

Hannover

German Manufacturer

Wiesbaden

German Manufacturer

Cologne

Figure 6-1. Origin Supply Chain Schematic

Table 6-2, below, presents the specifics of the routes utilized from the

manufacturer to the European port. The route miles are approximate from origin to

destination city.

Table 6-2. Distance Tables from Manufacturer to Port

Origin City Destination City Mode Miles Frankfurt Rotterdam Barge 280 Frankfurt Hamburg Rail 310 Wiesbaden Frankfurt Truck 30 Hanover Hamburg Truck 100 Cologne Antwerp Truck 140

The U.S. ports to which the intermodal maritime containers are destined are

summarized in Table 6-3, below. Note that to the Port of Houston will require a longer

84

voyage around the Florida Straits into the Gulf of Mexico and to the Port of Oakland will

also require transiting the Panama Canal. Transportation to the inland destinations from

the U.S. ports is by rail, truck, coastal feeder vessel or in combination.

Table 6-3. U.S. Destination Ports and Inland Destinations

Origin Port Arrival Port

Inland Final Destinations16 Mode to Final Destination

Hamburg NY/NJ Fairfield, NJ; Providence, RI; Chicago; Kansas City; other customer direct locations in PA, DE, NJ, and NY

Providence containers transloaded to barge or coastal feeder vessel16; Chicago and KC by COFC; all other, via truck

Norfolk Charlotte Truck Charleston Charlotte and Spartanburg Truck Oakland Customers Truck

Rotterdam NY/NJ Fairfield, NJ; Providence, RI; Chicago; Kansas City; other customer direct locations in PA, DE, NJ, and NY

Baltimore Customers in MD, PA, and VA; some to St. Louis

St. Louis by COFC; all other by truck

Savannah Charlotte and Spartanburg Truck Houston Houston and Galveston Truck

Antwerp Chester, PA

Customers in PA Truck

Richmond, VA

Charlotte Truck

Figure 6-2, below, graphically depicts the route the ship would take from

Hamburg to Oakland. Note that the route in this case study takes the ship between the

Yucatan Peninsula of Mexico and Cuba. An alternate route that takes the ship through

the Windward Passage east of Guantanamo Bay and west of Haiti, and either east

(Jamaica Channel) or west of Jamaica. This route is less desirable because it is close to

15 Fairfield, C hicago and Charlotte are distribution center locations; Providence, Spartanburg, Houston and Charlotte are manufacturing plants. 16 H apag-Lloyd operates a sm all containership feeding sm aller ports from its load center at N ew Y ork/N ew Jersey.

85

land traversing areas of potential interdiction and compromise. Further, the chosen route

provides the flexibility to stop at other ports, especially in the Gulf of Mexico, such as

New Orleans and Houston.

Hamburg

F ra n k fu r t

O a k la n d

U N I T E D S T A T E S O F A M E R I C A T U R K E Y

Charleston

E G Y P T

SUOAN

Figure 6-2. Map Depicting Ocean Voyage

For this assessment and the validation of the model, the onward

transportation inland from the U.S. ports to the final destinations will not be addressed.

This is, in part, because the assessment methodology developed is focused on the security

measures in place, whether physical, procedural or human, and that they must be

completed before the intermodal maritime container can be offloaded at the first U.S. port

reached.

6.3 ROUTE SEGMENTS

For this analysis and validating the framework, the Frankfurt to Hamburg to

Oakland route is selected. This is, in part, because there is a multimodal component from

a chemical manufacturer in Frankfurt-am-Main to the port of Hamburg, a lengthy sea

voyage and passage through the Panama Canal. The route, from Frankfurt to Hamburg,

accounts for 4,700 TEUs or 38% of that shipped by the chemical manufacturer. The

86

Frankfurt chemical manufacturing facility accounts for 8,700 TEUs exported or 71% of

the manufacturer’s total. The route is as follows:

• Frankfurt to Hamburg - Direct rail access from the chemical manufacturing plant

in Frankfurt to Hamburg, where there is rail unloading in the port. The rail haul is

approximately 310 miles.

• Hamburg to U.S. East Coast - Routing is via the Elbe River to the North Sea

through the Strait of Dover (between England and France) and English Channel,

and across the Atlantic Ocean. Then once reaching the East Coast, the first U.S.

stop will be at the Port of New York and New Jersey (NY/NJ) and then

intermediate ports at Norfolk, VA and Charleston, SC.

• U.S. East Coast to Panama Canal - From Charleston, the route then proceeds

south around Florida via the Strait of Florida into the Gulf of Mexico and Yucatan

Channel between Mexico and Cuba to the Caribbean Sea and then the Panama

Canal.

• Panama Canal - Transit the Panama Canal via Gatun Locks, Gatun Lake and and

Pedro Miguel and Miraflores Locks to the Pacific Ocean at the Port of Balboa in

Panama City.

• Panama Canal to Oakland - From the Port of Balboa, the routing is up the West

Coast of Mexico and Central America, and the U.S. through the channel under the

Golden Gate Bridge to San Francisco Bay to Oakland.

87

6.4 ASSUMPTIONS AND BASIS OF ANALYSIS

In validating the framework developed in the previous chapters, assumptions were

made to reflect the Maritime CARVER factors based on the handling of the containers,

routes and modes taken, and ports through the maritime intermodal container flow. They

are:

• The chemical manufacturer, exporter and railroad operator are all CBP C-TPAT

cleared and the shipments are CSI approved. Germany, which is part of the

European Union, is a “signatory” to the Mutual Recognition Agreement (MRA)

between the U.S. and EU’s Authorized Economic Operator Program. [68] This

assures that the security requirements of the German customs agency are the same

or similar to that of CBP and, thus, making the German security requirements

acceptable to the U.S.

• Between the manufacturer and Port of Hamburg, the intermodal maritime

containers are handled twice; once loading the rail cars at the manufacturing plant

in Frankfurt and once unloading from the railcar to be queued up for loading on

the ship.

• The Port of Hamburg is one of the 61 ports that CBP coordinates with regarding

container examinations. CBP’s targeting approach in Hamburg is via in-country

personnel. [2]

• The voyage from Germany to the first U.S. port, Port of NY/NJ in this case, is

relatively simple and does not transit potentially dangerous or constricted areas.

The container ship will transit the English Channel and Straits of Dover.

The handling of the intermodal maritime containers at the first U.S, port, NY/NJ,

will be limited to offloading the containers destined to/through the port to their

inland destinations and repositioning the containers within the ship for vessel

stability and loading of domestic containers destined to Norfolk, Charleston or

Oakland.

The Port of Hamburg is one of the approximate 150 ports the USCG vets under

the International Port Security Program (IPSP). [67] [69] The intent of the IPS

Program is to inspect the ports of the U.S. maritime trading partners to verify

compliance with international security regulations.

The container ship is likely to remain at anchorage for a period of time at the Port

of Colon before entering Gatun Locks and again in Gatun Lake before it is cleared

to enter the Pedro Miguel and Miraflores Locks for passage to Panama Bay off

Balboa and, then, the Pacific Ocean.

Because of USCG operations, no significant risk is anticipated from the Port of

NY/NJ to and around the Florida Straits into the Gulf of Mexico. From the Gulf

of Mexico through the Yucatan Channel to the Panama Canal is also considered

to have nominal risk, however, passing between Mexico and Cuba could impose

some, albeit minor, risk.

The container ship could remain at anchor awaiting entry into all U.S. ports, but

not for any significant length of time or posing any significant risk.

The intermodal maritime containers will be offloaded in Oakland and transferred

to truck for delivery to customers inland.

89

6.5 MARITIME CARVER ANALYSIS

Given the routing and parameters, above, and CARVER matrix methodology

developed and discussed in Chapter V, the following is an analysis of the route to

validate the risk framework.

6.5.1 Route Segment 1 - Frankfurt to Hamburg

Chain of Custody - A value of 2 is assigned (Table 5-2 in Chapter V). This is

because the containers are directly loaded onto rail cars at the manufacturer and

transported to the load center port in Hamburg where they are offloaded and loaded

directly onto the ship (containers handled 2 times).

Approach (to targeting) - A value of 2 is assigned (Table 5-3 in Chapter V).

This is because, among other things, Hamburg is one of the 61 ports that CBP

coordinates with in-country inspectors and Germany is part of the MRA between the U.S.

and EU’s Authorized Economic Operator Program, which also includes international

regulations (e.g. IMO’s SOLAS).

Routing - A value of 8 is assigned (Table 5-6 in Chapter V). This is because the

rail transport, albeit direct, is over 300 miles from manufacturer to the load center port.

This determination is made based on the longer the distance the more chance the train

and its contents could be compromised. This is, in part, due to the train operating speeds,

number of times the train may stop and opportunities for an unwanted person to board or

compromise the train.

Vetting - A value of 2 is assigned (Table 5-7 in Chapter V). This is because the

manufacturer, exporter and railroad have been properly vetted, via, among other things,

CSI and C-TPAT, which is a condition of the MRA between the U.S. and EU’s

Authorized Economic Operator Program.

90

Exposure - A value of 2 is assigned (Table 5-8 in Chapter V). This is because

the Port of Hamburg is inspected under the USCG IPSP and is a part of the MRA

between the U.S. and EU’s Authorized Economic Operator Program. Further the port has

an extensive physical security program supplemented by policing and human surveillance

consistent with being one of the 61 CBP ports and is part of the CBP C-TPAT and MRA.

Regulatory - A value of 2 is assigned (Table 5-10 in Chapter V). This is because

the Port of Hamburg, German manufacturer and railroad are in compliance with

governing U.S., host nation and international regulations and programs, as evidenced by

Germany being a signatory of the MRA between the U.S. and EU’s Authorized

Economic Operator Program.

6.5.2 Route Segment 2 - Hamburg to First U.S. Port (NY/N.T)

Chain of Custody - A value of 2 is assigned (Table 5-2 in Chapter V). This is

because that, once the containers are loaded onto the ship in Hamburg, the containers will

not be handled until reaching the sea port of destination and the chain of custody will be

with the shipping line and its ship’s officers.

Approach (to targeting and monitoring) - A value of 2 is assigned (Table 5-4 in

Chapter V). This is because the voyage is in international waters between Germany and

the U.S. (trading partners), both of which are in compliance with U.S. and international

programs (e.g. IMO’s SOLAS), and are “signatories” of the MRA. This greatly enhances

the maritime supply chain security.

Routing - A value of 4 is assigned (Table 5-5 in Chapter V). The voyage is via

the Strait of Dover and through the English Channel. Although Table 5-5 assigns a value

of 5 or 6 when passing through a strait or canal, the Strait of Dover, which is about 21

91

miles across, is not in “hostile waters” and lends to a lower Routing value. Also and

based on the activity at the Port of NY/NJ, the vessel may remain at anchorage off the

coast for a period of time. This would yield a value of 3 or 4.

Vetting - A value of 2 is assigned (Table 5-7 in Chapter V). This is because

Germany is a “signatory” of the MRA between the U.S. and EU’s Authorized Economic

Operator Program assuring compliance with U.S. and international programs, which

includes CSI and C-TPAT and other vetting programs.

Exposure - A value of 4 is assigned (Table 5-9 in Chapter V). This is because

the ports of Hamburg and NY/NJ maintain comprehensive physical security programs

supplemented by policing and human surveillance (.e.g. Port Authority of New York and

New Jersey Police Department and U.S. Coast Guard presence). Since several shipping

lines are used and onboard security measures vary from shipping line to shipping line, the

higher value of 4 (“ .. .minimal onboard security.. .”) is used because of the possible

inconsistencies. Plus and as stated in Routing, the voyage does not traverse any know

hostile area.

Regulatory - A value of 2 is assigned (Table 5-10 in Chapter V). This is because

Germany is a “signatory” of the RMA, which acknowledges that the supply chain, from

vetting the manufacturer, railroad and at the ports prior to departure and during the

voyage, is considered to be in compliance with applicable U.S., host nation and

international rules and regulations.

6.5.3 Route Segment 3 - U.S. East Coast to Panama Canal

The voyage from the Port of NY/NJ to and through Norfolk and Charleston is

within or close to U.S. territorial waters. As such, many of the requirements applicable to

92

the first U.S. port of entry (e.g. USCG 96-hour notice of arrival rule) do not apply.

Therefore, this route segment will not include entry into the ports of Norfolk and

Charleston. Entering the Port of Oakland, however, will be included in Segment 5

because the voyage will have traversed international waters; Gulf of Mexico, Caribbean

Sea, Panama Canal and Pacific Ocean.

Chain of Custody - A value of 4 is assigned (Table 5-2 in Chapter V). This is

because the containers will be handled to either offload or relocate them within the ship

before loading domestic containers and continuing the voyage to Norfolk, Charleston and

Oakland. Further, the containers destined to inland endpoints from the Port of NY/NJ in

Table 6-2 will be offloaded and transloaded to truck or rail adding chain of custody

partners. But and since this assessment does not address the onward transportation to the

final inland destinations, only the risk to the containers and impact of handling within the

ship is considered. This is because the principles and procedures of TSA’s chain of

custody regulation (49 CFR 1580) are employed. Also, domestic containers could be

loaded potentially, but it is unlikely that the containers that remain on the ship will be

compromised.

Approach (to targeting and monitoring) - A value of 2 is assigned (Table 5-4 in

Chapter V). This is because operating in U.S. ports and territorial waters does not pose a

substantial risk. This is, in part, because the intermodal maritime containers and supply

chain from Germany would have been properly vetted prior to entry into the first U.S.

port.

Routing - A value of 8 is assigned (Table 5-5 in Chapter V). This is even when

the table shows a value of 9 or 10 for a vessel that passes through a strait (Florida Strait

93

and Yucatan Channel) and/or canal with anchorage (off the Port of Colon before entering

the Panama Canal). Other reasons for the lower value are that the Yucatan Channel

between Mexico and Cuba is about 135 miles wide, the route is not in “hostile waters”

and is along established sea lanes. Also, there is significant USCG presence along the

East Coast, Gulf of Mexico and Caribbean Sea, to include locations in Key West, Puerto

Rico, Guantanamo Bay and the Bahamas.

Yetting - A value of 2 is assigned (Table 5-7 in Chapter V). This is because the

ship has already been cleared (exporters, containers, crew, etc.) to enter the first U.S. port

and the containers loaded at the other U.S. ports are domestic and comprehensively

vetted. Also, a major portion of the voyage from NY/NJ to the Panama Canal is in or

close to U.S. territorial waters.

Exposure - A value of 2 is assigned (Table 5-9 in Chapter V). This is because

the ports are in the U.S. and are regulated, in part, by the USCG, DHS/CBP and

DHS/TSA; require a Transportation Worker Identification Credential (TWIC) to work in

the ports; and have extensive physical security programs supplemented by policing and

human surveillance to comply with DHS and other agency rules and regulations. Also,

the onboard security measures are heightened because of USCG operations in and around

U.S. territorial waters.

Regulatory - A value of 2 is assigned (Table 5-10 in Chapter V). This is because

all of the components of the supply chain from vetting in Germany, which is a

“signatory” of the MRA between the U.S. and EU, along the voyage and into the first

U.S. port are complaint with U.S. and international rules, regulations and programs.

94

6.5.4 Route Segment 4 - Transiting the Panama Canal

Chain of Custody - A value of 2 is assigned (Table 3 in Chapter V). This is

because the containers will be stowed on the ship and will not be handled during this

segment of the voyage. Plus the chain of custody will remain with the ship’s officers and

company officials’ control during the sea voyage. Also security along the canal is

heightened.

Approach (to targeting and monitoring) - A value of 2 is assigned (Table 5-4 in

Chapter V). This is because the voyage will be within the Republic of Panama and in

compliance with U.S., international programs (e.g. International Maritime Organization)

and the Panama Canal Authority (ACP) rules and regulations. Plus, the Ports of Colon

(Atlantic Ocean/Caribbean Sea side of the canal) and Balboa (Pacific Ocean side) are

among the 61 ports that CBP coordinates and inspects with in-country inspectors and is

one of the 150 countries with MRAs with the U.S.

Routing - A value of 8 is assigned (Table 5-5 in Chapter V). This is because the

ship will navigate the approximate 50 mile canal system, pass through 3 sets of locks,

Culebra Cut (considered a strait because of its characteristics) and likely remain at

anchorage in Gatun Lake awaiting passage through the Pedro Miguel and Miraflores

Locks into the Pacific Ocean. All of which is close to land and, although protected by

security and protective measures, could allow unwanted individuals to board the ship;

possibly undetected. The lower value used is because of the security measures entering,

transiting and exiting the canal.

Vetting - A value of 2 is assigned (Table 5-7 in Chapter V). This is because the

ship and its contents have already been cleared to enter the first U.S. port and operate in

95

U.S. territorial waters. Also, the maritime transportation company, the ship and its crew,

cargo and documentation will be further scrutinized by the ACP prior to its traversing the

canal.

Exposure - A value of 6 is assigned (Table 5-8 in Chapter V). The Panama

Canal is considered to have an extensive physical security program supplemented by

policing and human surveillance. Despite this and because of the proximity of the ship to

land for nearly 50 miles, moving at slow speeds and takes about 8 - 1 0 hours to traverse,

[65] physical and human security measures may not be as effective as if the ship was

stationary in a port or moving at sea. Hence the higher value than in the table.

Regulatory - A value of 2 is assigned (Table 5-10 in Chapter V). This is because

Panama, as one of the 150 countries with a MRA with the U.S., assures compliance with

U.S. and international, as well as host nation and ACP regulatory policies and programs.

6.5.5 Route Segment 5 - Panama Canal to Oakland

Chain of Custody - A value of 2 is assigned (Table 5-3 in Chapter V). This is

because the maritime intermodal containers will be stowed on the ship for this segment

and offloaded at the Port of Oakland with minimal handling (at the port). There, the

container will be offloaded and transferred directly to truck for inward movement to the

final destination. TSA, along with CBP, is responsible for the containers transferred from

the ship to truck. [9]

Approach (to targeting and monitoring) - A value of 2 is assigned (Table 5-4 in

Chapter V). This is because the containers have been vetted and inspected prior to arrival

in the first U.S. port and, in transit from them (the U.S. ports), they are continually

monitored by the USCG and CBP. Plus, Mexico is one of the 150 countries with a MRA

96

(with the associated U.S. and international regulations and programs) with the U.S. and

the voyage from Panama to Oakland, will be in U.S. and international waters. Although

in international waters off the coast of Central America and Mexico, the vessel will be

within the “reach” of the USCG.

Routing - A value of 2 is assigned (Table 5-5 in Chapter V). This is because,

once the ships transits the Panama Canal, it will be on the open ocean until it reaches the

San Francisco Bay, but within reach of the USCG. There (San Francisco Bay) and based

on the activities at the Port of Oakland, the vessel may remain at anchorage off the coast

for a period of time. This, however, is not expected to increase the risk, so the lower

Routing value is appropriate. Also, the USCG has a large presence in the Bay Area.

Vetting - A value of 2 is assigned (Table 5-7 in Chapter V). This is based on the

fact that the required vetting has been completed allowing the ship to enter the port in

accordance with the USCG’s 96-hour advanced notice of arrival rule. This includes

being in international waters from Panama to Oakland.

Exposure - A value of 2 is assigned (Table 5-9 in Chapter V). This is partly

based on the layered physical and human security measures in place at the Port of

Oakland and in San Francisco Bay. Although the ship will have to pass through the

narrow one mile strait or channel under the Golden Gate Bridge that connects the Pacific

Ocean and San Francisco Bay, exposure is limited. This is due, in part, to the USCG,

CBP and other law enforcement along the ship channel that mitigate the risk. Onboard

security measures are expected to be heightened when transiting the canal and remain in

place at that level until the ship reaches Oakland.

97

Regulatory - A value of 2 is assigned (Table 5-10 in Chapter V). This is based

on verified compliance of the shipping line and supply chain with U.S. and international

regulatory programs, as evidenced by the MRAs, before entering the Port of Oakland.

Note that, of the value ranges for each condition, the higher value is selected.

This is because security errs on the side of caution lending to assigning higher values.

6.6 DISCUSSION OF ANALYSIS

The model “run” in this chapter is summarized in Table 6-4, below, and shows

that transiting the Panama Canal is the riskiest part of the supply chain. This is, in part,

due to the ship being at anchor, operating in constricted areas and sailing at slow speeds;

all conditions where the ship could be boarded and/or cargo compromised. The

CARVER component that can be considered the most critical in the analysis is Routing,

which is consistent with the Panama Canal rating.

Table 6-4. Maritime CARVER Risk Matrix for Frankfurt to Oakland Route

Frankfurt via Ports of NY/N. , Norfolk and Charleston to Oakland Route Segment C A R V E R Risk

No. Manufacturer in Frankfurt to Port of Hamburg

2 4 8 2 2 2 20

Port of Hamburg to Port of NY/NJ 2 2 4 2 2 4 16

Port of NY/NJ to Panama Canal 4 4 6 2 2 2 20

Transiting Panama Canal 2 2 8 2 6 2 22

Panama Canal to Oakland 2 2 2 2 2 2 12

Component Risk Number 2.4 2.8 5.6 2.0 2.8 2.4

Combined Route Risk Number 18.0

98

For Segment 2, which is the transatlantic voyage, the value is low because the

segment is well into the voyage allowing sufficient time for the proper follow-up vetting,

to include for the maritime intermodal containers loaded in the US ports. Also, Segment

2 is low because it is within easy reach of the England and European coastline with

European navy and coast guard monitoring and protection.

It can be concluded from this analysis that the route is a relatively low risk one

with regard to risk based on, among other things, the extensive vetting and compliance

with U.S. and international rules, regulations and programs in place. Specifically:

• Germany is a “signatory” of the Mutual Recognition Agreement between the U.S.

and the EU guaranteeing a rigorous security program that is consistent with that

of the U.S and international maritime community (e.g. IMO’s SOLAS). Further,

physical and human security, as part of the agreement process, must also be

consistent with that of the U.S. and international community, which enhances

security.

• The Port of Hamburg is one of the 61 ports that CBP has in-country CSI

inspectors and is one of the 150 ports that are inspected under the USCG

International Port Security Program.

• The move from the chemical manufacturer in Frankfurt to the Port of Hamburg is

minimally handled (chain of custody) and is loaded and unloaded within the

manufacturing facility and port, respectively.

• The route other than through the Panama Canal is relatively unrestricted and does

not traverse areas of known or undue danger and risk.

99

• The supply chain, to include manufacturer, railroad and port operator, are CBP C-

TPAT vetted, which is consistent with the provisions of the MRA between the

U.S. and EU.

• The container shipping lines are known entities that have been vetted and where

trust has been built.

• Enroute vetting furthers the scrutiny under which the supply chain and shipping

line and its crew are subject to. All must be in order before the USCG can permit

entry into the first U.S. port in accordance with the 96-hour notice of arrival rule.

• Global Positioning Satellite (GPS) navigation and tracking provides awareness of

a ship’s location, speed, direction, etc., which allows a ship to be monitored as to

anomalies enroute and any unscheduled stops or deviations in routes.

From the framework “run” and discussion, it can be concluded that the Frankfurt

to Oakland route is relatively safe and the chance of a WMD being smuggled into the

U.S. is small. The German chemical manufacturer may want to compare this port and

route to the others it uses and, possibly, modify its supply chain, if a higher risk exists

from routes or from other ports. This includes that land based transportation to the ports.

To consider other routes, the German chemical manufacturer or any member of the

supply chain could run the framework for multiple alternative routes, based on its

characteristics and choose one based on overall risk, as well as determine if any one

segment on any route is riskier than another.

If for example, the framework developed with the synthesized data in Chapter V

provides the same commodities, packaging and quantities as the case study in this

chapter, the German manufacturer supply chain in this analysis would pose an equal risk,

100

as both have a combined route risk number of 18.0. This is determined by, among other

things, looking at the CARVER matrices for both. The riskiest CARVER combined

route, for the synthesized data route and case study, is 5.0 and 5.6, respectively.

Transiting the Panama Canal is the riskiest in both cases. All things being equal and not

considering cost, either route provides a safe choice for the supply chain stakeholders.

Other factors that are not cost related that could have an impact on routing includes trade

agreements, overall transit time, delivery timing, and port and harbor efficiencies.

From this analysis and to be further discussed in Chapter VII, other routes from

other countries may not be as “safe” as this one by virtue of, among other things, country

of origin, supply chain partners, known areas of danger, route, and security programs and

participation.

Based on building the framework in Chapter V and the case study in this chapter,

it is anticipated that the assessment could be performed in an estimated 8 to 16 hours.

This estimate of time is based on the following:

• An initial telephone conversation with the supply chain partners ( 1 - 2 hours)

• Developing the input data and completing the interview protocol form ( 2 - 4

hours)

• A supplemental telephone conversation with the supply chain partners to clarify

the input data provided ( 1 - 2 hours)

• Performing the CARVER assessment ( 4 - 8 hours)

This time estimate is based on the fact that the input data to be used in the

assessment is readily available from the information developed for the required shipping

documents, operational route planning, and complying with procedural and regulatory

101

requirements. It is anticipated that the amount of time to complete the route assessment

should be on the lower end of the estimated range.

Once the assessment is complete and routing decision made, changes would take

less time for “mid-course” corrections and modifications to reflect changed conditions,

such as heighted tensions or credible threats along the designated route. Further, the

Maritime CARVER framework is developed so that anyone in the supply chain can make

changes to reflect 1) changed conditions and 2) check the assumptions of other supply

chain partners. For future consideration, Maritime CARVER assessment could be made

part of the procedural and regulatory requirements by, among other agencies, CBP before

the container is loaded onto the ship.

Capturing uncertainty lends to a deterministic approach to the framework. It is

intended that the framework be run by individuals and/or organizations that have a vested

interest in the intermodal containers and commodities shipped. In this case and for the

thesis of this research, it will likely be the U.S. importer or container line. However, this

does not mean that the other supply chain partners cannot be involved in or prepare the

assessment.

Individuals and organizations are likely to view things differently, which could

result in different assessments of the same routes and segments within. Therefore, input

determination validity could be a concern. Experience and expertise in all phases of the

supply chain is necessary for the assessment to be effective. This means that supply

chain partners could be involved via oversight and lending their particular expertise to

those performing the assessment. This is particularly important when evaluating routes

or segments within either initially or as conditions change, as can be expected in today’s

102

ever changing threat environment. For future study and research, containers representing

multiple supply chains are loaded on one vessel should be considered.

It is important to recognize that the individuals or organizations performing the

assessments may not possess experience in a particular expertise needed to complete it

effectively. This leads to an assessment process that reflects many things, to include

oversight to ensure that the assessment is not self-serving, the input information is

expertly developed and cascading effects reflect the possibility that a security profile or

risk in one segment could affect that of another. A goal of this research is that the

Maritime CARVER framework be adopted by CBP as part of its 24 hour documentation

requirement prior to loading (a container).

The above discussion leads to the topic of weighting a route or segment within a

route based on extenuating conditions and situations, and experience. Traversing the

straits of Hormuz is an example where weighting could be considered based on threat

level in the region. The Maritime CARVER framework is built upon the reliance of the

industry experts subjectively weighting their choice of conditions and numeric values

found in the tables. Based on numerous runs of a segment or route, a database could be

developed that yields weighting factors that reflect a history of the experts subjectively

“weighting” CARVER conditions and numeric values. This “weighting” could also

reflect incidents and conditions that the experts may or may not subjectively factored into

their selection of numeric values over multiple years and “runs”. This is definitely suited

for future research and study.

103

VII. APPLICATION OF FRAMEWORK TO INDUSTRY

The Maritime CARVER framework is a tool that can be used to select routes that

are less risky and identify route segments that pose risk. It can be used to ensure that the

manufactures, transportation companies and exporters/importers (collectively referred to

as supply chain partners or industry) are properly vetted, which represents the security of

the supply chain. It will also help the supply chain partners select ports that have security

measures (physical, human and cyber) that are robust and consistent with that which is

required at U.S. ports and international maritime security programs.

This section will address how the industry can use the framework and what

benefits it will have. Specifically, it will look at how the supply chain partners choose

and government organizations protect the supply chain and, thus, minimize the risk of a

WMD landing on U.S. shores for onward movement inland. Note that the model can be

adapted and used to minimize the risk of smuggling contraband or a range of criminal

activities associated with the maritime intermodal container industry. Specifically and

with regard to the industry, the following will be considered and discussed as they apply

to the supply chain.

• Route selection to, among other things, avoid, where possible, areas of known

threats (e.g. piracy) and constraints, such as canals and straits.

• Choosing ports that are secure, to include the land and maritime transportation to

them from the manufacturers.

• Choosing manufacturers, exporters and freight forwarders, based on geographic

location and trustworthiness with regard to security.

104

• Choosing land transportation routes and carriers that are trustworthy and provide

the most direct routes to the port. This also applies to coastal routes from feeder

to load center ports.

• How the framework can be an asset to U.S. government (e.g. CBP and USCG)

and the intermodal maritime security community (e.g. IMO), as an invaluable tool

to address security gaps.

• How, unlike the railroad’s RCRMS, this framework will be easy to operate in a

timely manner and not be resource intensive and cost prohibitive.

• Although a factor, cost will not be addressed in the framework because it (the

framework) is solely focused on security and impact of deterring WMDs landing

on U.S. shores.

The ultimate goal of this research and framework is to develop a simplified

methodology to address and minimize the risk of a WMD, drugs and other contraband

landing on U.S. shores. Further consideration and a value added of this framework to the

industry is that it could be extended to detect tainted foodstuffs (e.g. produce from South

America) and, thus, the potential to “weaponize” items in the food chain.

7.1 ROUTE SELECTION

Although the route used to validate the model is relatively safe one, route

selection can be useful in avoiding, among other things, areas of known piracy and the

potential for the intervention, by individuals or groups who may want to further a

geopolitical agenda. Respectively, examples include the Strait of Malacca and off of the

coast of Somalia, and the Suez Canal and Strait of Hormuz. And one cannot rule out

105

criminal activity, such smuggling drugs and other contraband and, perhaps, there could

be a link between the two to further terrorism.

Although direct routes are more desirable than circuitous ones or ones that have

intermediate stops in foreign ports, an indirect route may be chosen to avoid areas of

potential conflict and intervention. Also, the framework could be “run” to determine the

impact of stopping at intermediate non-U.S. ports to determine if there is additional or

unwarranted exposure to risk. Further, the industry should focus on routes that are

protected to the greatest extent possible by coast guards and navies. The Strait of

Malacca comes to mind where there is a cooperative effort among the bordering nations

there to protect shipping.

One should not forget the land-based and maritime feeder transportation from the

manufacturer to the foreign port. The framework can be used to evaluate the risk to the

port vis-a-vis distance and routing, number of times the containers are handled, and

delays and stoppages. All of these could provide an opportunity for the maritime

intermodal containers to be compromised. Also and with regard to the route, tracking via

AIS is important, especially when far out to sea, in potentially hostile waters and when

1 7traversing straits and canals. AIS, like an airplane’s black box and geo-fencing on land,

can determine the location and speed of a vessel and is one of the considerations in the

routing component of the framework.

Any supply chain member could “run” the framework to determine if the route

and the security measures of the ship’s crew and shipping company are sufficient to

protect the intermodal container that has, theoretically, been fully vetted prior to the

17 G eo-fencing is a virtual boundary system used to track transportation vehicles and alert when they deviate from designated routes and geographic areas. It is a GPS based system and can trigger specific actions to prevent further deviation.

106

voyage. If not, multiple routes could be “run” in a simple, timely and cost-effective

manner.

7.2 PORT SELECTION

When selecting ports, ones that are USCG inspected via the IPSP and where CBP

targets and inspects locally through CSI and other means are a better choice than ones

that do not have as rigorous a security program as the U.S., thus increasing the

vulnerability. Also, the ISPS Code, which is a provision of SOLAS, is intended to ensure

that maritime operations and port facilities of IMO member countries are employing the

highest possible standards of security. Considering the above, all of which are principles

of the Mutual Recognition Agreements (MRA), the industry should select ports that

provide the maximum security possible. This could result in a different manufacturer and

supply chain being selected if a port is not up to standards and allowable risk.

For the manufacturer in Frankfurt-am-Main, there are several ports that are

relatively equidistant that maintain the highest security that could be shipped through.

They all maintain the highest security and are recognized as such. This is not always the

case. For example, the same chemicals that are manufactured in Frankfurt-am-Main and

destined to the U.S. East Coast are shipped through a port that does not have effective

security. The risk would be high. Therefore, the ultimate user of the chemical, importer,

exporter and/or maritime transportation company would be faced with the decision of

using this manufacturer and a different port. Cost could be an issue in that the price of

the chemicals and/or transportation may be higher.

107

7.3 CHOOSING MANUFACTURERS, IMPORTERS/EXPORTERS AND FREIGHT FORWARDERS

The importance of the framework to the industry is the ability to quickly assess

the importance of the manufacturer, importers/exporters and freight forwarders being

vetted through the various CBP and international (e.g. IMO) regulatory processes and

programs. Much like ports, the manufacturers, importers/exporters and freight

forwarders should be selected based on assessed risk and what could be considered a

“threat profile”.

Unless there is a valid reason, a supply chain partner not properly or CBP C-

TPAT vetted should be questioned and, if necessary, an alternate partner chosen. This

applies to the transportation provider from the manufacturer to port, as they can also be

C-TPAT vetted. The more supply chain partners that are C-TPAT vetted the more secure

it (supply chain) is. Also, the history of a manufacturer, importer/exporter and freight

forwarder with regard to CBP CSI inspections and compliance with CBP’s 24-hour

manifest rule is important. A history of requiring further inspection, not or just making a

ship because of the 24-hour manifest rule should “raise eyebrows”.

The framework, in its subjective assessment, identifies the programs and

conditions that are important to minimizing risk when considering vetting and

compliance with regulatory processes. The framework could be used by the end user,

especially if there is an issue with a given importer and exporter, and manufacturer. The

framework will help the end user determine if it is worth the risk using an importer and

exporter, or manufacturer, especially if others are available. The framework provides the

tools to assess this simply.

108

7.4 POINT OF ORIGIN INLAND AND COASTAL MARITIME TRANSPORTATION

In a previous chapter, it was stated that a major portion of the risk to intermodal

containers is at the manufacturer when loading the container and continues through the

land and water transportation to the load center port. Vetting of the supply chain under

CBP’s CSI and C-TPAT is an initial hurdle that is intended to minimize the risk of a

container being compromised. This should address much of the risk from the

manufacturer to the port. However, there is a risk associated with the transloading from

truck to rail, truck to feeder vessel and, then, truck, rail or feeder vessel to the ship in the

load center port.

The more a container is handed there are more parties involved in the chain of

custody; hence greater the risk of compromise. This could result in a container handled

numerous times by several different parties involved in chain of custody. This situation

is from manufacturer to truck to rail to ship in the load center port with the container

handled 3 - 4 times depending on whether or not the container is loaded directly onto the

ship when arriving in the port. Further and with truck and rail, they may be operating at

slow speeds or even stopped due to, among other things, traffic (e.g. freight density for

rail). When a truck or train are operating at slow speeds, the easier it would be to

compromise it. The feeder vessels could experience similar operating conditions.

Given all of the above, the framework would allow any supply chain partner to

easily determine if there is a better and more secure route to help alleviate this condition.

Because of the available land and coastal vessel routes and providers to a particular port,

the framework may suggest a different port or even manufacturer providing the same

product.

109

7.5 GOVENRMENT AND MARITIME COMMUNITY BENEFITS

When it comes to risk analysis and assessment, government agencies, in particular

that of the U.S., employ risk assessment models. Academia and consultants are also

involved, as they usually develop the models for the government. As such and more

often than not, the models are complex, theoretical, highly analytical, costly to “run”,

time consuming and data intensive, as is discussed in Chapter III, Literature Review. The

users of the framework and target “audience” are the practitioners that are the subject

matter experts (SME) with regard to the supply chain; operations, including targeting and

inspections; the vetting process; and physical, human and cyber security measures. They

are not analysts in the typical sense, mathematicians or engineers or scientists. The

simplified framework will allow the SMEs to spend less time on analysis and focus more

time performing their assigned jobs, such as resource and asset protection, transportation

operations, security, law enforcement and operations management either directly or

indirectly, based on the extent security is involved.

Government benefits, as with the maritime community, are that the framework

provides a “seat of the pants” approach to maritime intermodal container security that is

based on the expertise of the supply chain partners and governmental regulations and

programs that are focused on security. This makes it incumbent upon the government

regulators, compliance inspectors, etc. to understand the specific programs, the proper

application of them and underlying principles as they relate to security.

To the maritime community, the risk assessment framework focuses on, among

other things, loss prevention. If a ship or any of its cargo is compromised, the viability of

the importer, the shipping line, maritime intermodal company, among others, is

110

jeopardized. Further and if a WMD lands on the U.S. shores, transported inland and is

“deployed”, the liability would be astronomical and could reach back to the maritime

partners in the supply chain for not providing proper security. Since the maritime

community is “stuck” with an intermodal container delivered by rail, truck or feeder

vessel that may be improperly vetted, the framework would allow them to assess the risk

of the container based on their expertise, experience and understanding of the

transportation flow from manufacturer to port.

If a container were compromised in a port or “deployed” in a foreign or even U.S.

port, the repercussions could impact the overall operation of the port, to include cruise

ships and ferries. The latter two could have unintended results with regard to fear and

economic impact beyond what the terrorist may have intended.

7.6 BENEFIT OF “EASE OF USE”

A major benefit of the Maritime CARVER framework to the industry is the

ability to perform route analyses simply and cost-effectively, unlike the FRA sponsored

RCRMS for the railroad industry. The party “running” the assessment can simply apply

their institutional knowledge of the supply chain and security measures in place to

determine the values to be used in the analysis If the party “running” the framework

does not have the expertise to make the subjective assumptions, they can reach out to the

other partners in the supply chain to provide the information. Since none of the

information that is used in this framework is sensitive, as per TSA, USDOT and others,

let alone classified, it can be obtained easily for the framework. However, some of the

I l l

information may be proprietary, but may be sharable if not, in many cases, already being

shared among the supply chain partners.

In the supply chain, it will be known if the manufacturer and/or exporter or both

parties, as well as the and land and feeder vessel transportation providers, are C-TPAT

cleared, or whether or not the intermodal containers are CSI approved or “tagged” for

further inspection. It will also be known if the port being used is one of the 61 approved

by CBP for inspection protocols and the port is secure via, among other things, the USCG

IPSP and IMO ISPS programs. Plus, CBP’s 24-hour manifest rule is an additional layers

vetting of the container. This extends to the sea voyage and whether or not it passes areas

of known piracy and/or potential conflict, or through straits or canals. Finally, tracking

via USCG, IMO and other tracking requirements, among other methods, AIS is an

additional way of ensuring that the vessel is safe and proceeding as planned.

These parameters and conditions are all easy to determine and the basis of the

subjective evaluations of the security measures to be used in selecting the values in the

framework. Hence, they, when applied properly, provide the supply chain partners with

an easy snapshot of the risk involved in the supply chain, a given port and viability of the

route with regard to security.

7.7 SECURITY VS. COST FOCUS

The intent of the framework is to provide the industry with a simplified model

that could help any partner in the supply chain select an exporter/importer, route, port or

even manufacturer that would minimize the risk of a WMD being “smuggled” in one of

their intermodal containers to the U.S. The framework would also be a benefit to

112

governments, regulatory agencies and the security of the U.S. as a whole. An added

benefit would be the use of the framework, as mentioned several times previously, to

counter U.S. and international law enforcement (e.g. U.S. Drug Enforcement Agency and

CBP, and INTREPOL) combat smuggling drugs, conventional weapons and other

contraband, as well as the efficacy of a product and preventing any opportunity to taint a

product shipped.

As with most anything, cost and cost/benefit are always an issue. When goods

and commodities are shipped, a part of the price to the consumer is the transportation

cost. If a circuitous route is chosen because of risk, the price of the goods or products

would likely be increased. Or, if the product is a commodity, the supply chain partners

could absorb the cost.

The Army’s CARVER model, which is the basis and inspiration for this

“maritime version” of the CARVER model, is mission and operations oriented; not cost.

It looks at methods of attacking a target providing options that reflect risk. In the U.S.

Army CARVER model, resources are looked at with regard to selecting targets and

probability of success. The same basic principles apply to the Maritime CARVER

framework. It looks at methods of mitigating risk in the vetting, inspection, physical

security measures and processes, and routes taken. The model is security focused.

Although a consideration in route selection, consumer pricing, etc., cost herein is

the subject of further study. Insurance could enter into further study, as premiums are

based on loss history and relative risk and ways to mitigate them. The magnitude of

potential cost impacts is not known at this time, based on this research. Risk and risk

tolerance will govern supply chain partner selection, operations and route selection and

113

determine the impact on costs. This framework provides ways to mitigate risk that

would, with further study, let the supply chain partners evaluate the risk with the cost

considerations, if any.

114

VIII. SUMMARY AND CONCLUSIONS

The risk of a maritime intermodal container being compromised for illicit

purposes is real. The supply chain has many “moving parts” that require an experienced

and expert approach to risk assessment. Vetting is the process of scrutinizing the supply

chain members and commodities being shipped and is the first line of defense. Next, are

the physical, human and cyber security measures at the manufacturing facilities, in the

ports and along the transportation routes. Finally, the cooperation among all parties in

the supply chain, governments and international community is the overarching “entity” to

assure risks are minimized. Success in minimizing the risk is the combined efforts of the

three.

8.1 SUMMARY OF FINDINGS

The security process for maritime intermodal containers destined to the U.S. is

multifaceted and multilayered, and the ways in which a container could be compromised

are vast. There are many U.S. and international programs to combat terrorism and

criminal activity in the maritime environment, but the many jurisdictions and programs

make the process difficult and cooperation essential. It is also labor intensive relying on

information technology, which as evidenced in the news, is under attack. Based on the

port and country, physical security complemented by human security measures range

from robust to weak and must be addressed. This inconsistency, along with vetting and

inspections, makes it imperative that the supply chain partners understand where the risks

are requiring informed decisions.

115

In the development of the Maritime CARVER framework, existing models and

methods, whether developed specifically for maritime risk or not are, for the most part,

complex and analytic in nature and not user-friendly to the practitioner. In the literature

search, the U.S. Army CARVER targeting model seemed like a simple approach that

could be used to employ the expertise of the supply chain partners to assess risk. The

literature search also found a small number of approaches to risk using the CARVER

approach and technique, which is an indicator of the value of its simplicity. The

difference between the U.S. Army and Maritime CARVER risk assessment is that the

Army uses the model to “target” an objective, whereas the framework in this research and

approach is that the supply chain components are being “targeted”.

The Maritime CARVER framework is a simple, subjective approach to assessing

risk, based on the expertise of the industry and supply chain partners, resulting in a

numeric and comparative framework for lay people to assess and prioritize risk in the

decision making process. It is based on the retooling of the CARVER components (e.g.

Criticality and Effect) to reflect the maritime supply chain environment and security

measures and components (e.g. Chain of custody and Routing). Like the U.S. Army

CARVER model, this methodology allows the practitioner to look at the supply chain as

a whole or its individual links and nodes. This allows any supply chain partner to change

one or more links or nodes to reduce the risk while not scuttling the entire supply chain

network.

From the framework development in Chapter V to the case study in Chapter VI,

it can be seen that the conditions and range of values allows a practitioner or subject

116

matter excerpt (SME) to quickly assess risk. From the research and assessment “runs”, it

can be concluded that:

• Risk is most probable during the packing and loading of the containers at the

manufacturer along with the handling of the containers from the manufacturer to

the load center port. This is, in part, because there will potentially be different

parties involved with many people all of whom should be “trusted” and properly

vetted.

• Transiting straits and canals, and operating near hostile areas (e.g. off the coast of

Somalia and, perhaps, off the coast of Cuba) is where the next level of risk arises.

This is because they are known and potential threat areas and require operating at

slow speeds and even remaining at anchor for a period of time.

• Routing poses the least risk relatively speaking because of navigation aids and

tracking, and that the ships are far out to sea in international waters. This makes it

difficult for other than a comprehensively coordinated effort to compromise a

ship.

• The framework is a simple and subjective approach that will provide a reasonable

assessment of risk to be used as a part of the decision making process for

selecting ports, routes and supply chain partners.

• In addition to port security, there is a comprehensive and layered level of vetting

the supply chain partners and commodities shipped go through, to include where

they are shipped from. The Maritime CARVER framework was built on these

premises.

117

8.2 CONCLUSIONS OF THE BENEFITS OF THE FRAMEWORK

The benefits of the model to industry and governments are simple. It provides a

simple and user friendly model that a ship’s captain, manufacturer’s distribution

manager, consignee, CBP Port Director, etc. can use to assess risk of the supply chain

and its segments. It would also allow a “mid-course” correction, if an event or incident

requires the diverting of any part of the supply chain and its transportation network.

The assessment would allow the supply chain partners to work with the regulators

on security risk and issues and “game” alternate routes in “real time”. Unlike RCRMS

for the railroad industry, the framework would avoid timely and costly assessments in

support of decision making and as part of route selection.

The concern of the railroad industry of not having the resources, in terms of cost,

time and personnel, to commit to preparing a RCRMS risk assessment for the FRA for

certain categories of hazmat is something the maritime industry will probably not want.

This is important, as it is not out of the realm of possibility that some U.S. governmental

agency will require a risk assessment of the supply chain be prepared as part of a

regulatory, vetting and inspection process to deter and/or detect a WMD, drugs or other

contraband being smuggled into the country. In addition, the IMO or other country could

have similar requirements either separately or in conjunction with the U.S.

8.3 RECOMMENDATIONS AND WAY FORWARD

Now that we understand the risk associated with the maritime intermodal

container supply chain and available alternatives and their advantages and disadvantages,

what further research would benefit the U.S. and its population and the world as a whole?

118

Although there are many avenues for further research and study, several can be

considered as important, based on today’s risk. They include:

• The cost and economic impacts and how they could influence route and supply

chain partner selection to mitigate the risk. This could include consumer impacts

and insurance. This is also a consideration when evaluating the profitability and

viability of a supply chain partner or route.

• A significant portion of the vetting, security measures, and monitoring and

navigation are technology and cyber based. Further research into how cyber

attacks and compromises could impact the risk associated with the maritime

intermodal container supply chain and security measures to be employed should

seriously be considered.

• This method and the framework are not exclusive to deterring WMDs from being

smuggled into the U.S. and detecting their presence. It could be used, with

modification, to deter and detect drugs or other contraband. Future research

should look at the particulars of drugs and other contraband and ways of detecting

them, and the associated vetting processes and procedures, etc. Either a separate

framework, based on the Maritime CARVER model, or combining the two is a

possibility that should be explored. However, the differences must be understood

that may or may not preclude a uniform approach and framework, as the approach

and method(s) may not be as similar or different as initially anticipated.

• Further and, perhaps, sponsored research by the industry (e.g. Maersk or

International Maritime Organization) or a government agency (e.g. DHS) could

look at more and diverse routes to provide a more global perspective. This would

bring into play all of the areas and conditions in the framework for diverse

conditions and global issues.

• Data obtained from the Maritime CARVER “runs” could be compiled to establish

patterns and trends, and be used as a foundation for further intermodal maritime

container routing and supply chain analyses and assessment frameworks and

techniques.

• The framework could be developed for a dashboard application to be used on

PCs, tablets and iPads for easy use in the field and at sea to provide a “field

expedient” assessment.

The research represented by this dissertation is fundamentally theory building,

rather than theory testing. Having established the Maritime CARVER framework for

selecting ports, as well as service providers, in addition to assessing the relative risk of

various routing configurations, a next step could be to assess what methodologies are

being employed under various scenarios. To effectively do this, a survey methodology

could be developed to assess, as separate initiatives:

• From a policy standpoint, how seriously importers regard the chain of custody for

their supply chains;

• If they have a legitimate concern, how they go about certifying the efficacy of

such chain of custody; and

• How those approaches extend to the selection of ports of loading, engaging trade

intermediaries (customs brokers and freight forwarders), and selecting providers

of transportation services.

120

The assessment of risk within the greater realm of international trade is a

mammoth undertaking in that there are tens of thousands of importers, a similar large

number of exporters, and thousands of permutations of transportation providers and trade

intermediaries. The manner in which these may be configured will remain problematic,

both for the managers of the respective supply chains, and the government regulatory

authorities, as well.

121

IX. REFERENCES

[1] Implementing Recommendations o f the 9 /11 Commission Act o f 2007, PL 110-53.

[2] "Supply Chain Security: DHS Could Improve Cargo Security by Periodically Assessing Risks from Foreign Ports,(GAO-13-764)," Government Accountability Office, 2013.

[3] "49 CFR 172.820, Additional planning requirements for transportation by rail," 2008.

[4] Appendix D to Part 172, Rail Risk Analysis Factors.

[5] G. Gordon and R. R. Young, "Hazmat Routing: Alternate Routing Risk Analysis, Joint Rail Conference, American Society of Mechanical Engineers and Mineta Transportation Institute," 2016.

[6] 49 CFR 15 and 1520.

[7] N. Khalid, "Security in the Straits of Malacca," Asian-Pacific Journal, vol. 4, no. 6, 2006.

[8] "2000 - 2015 U.S. Waterborne Container Trade by U.S. Customs Port (Series)," U.S. Department of Transportation, Maritime Division , [Online]. Available: https://www.marad.dot.gOv/resources/data-statistics/#TradeStatistics. [Accessed 2018].

[9] 49 CFR 1520 and 1580 Rail Transportation Security, 2008.

[10] H. Willis and D. Oritiz, "Evaluating the Security of the Global Containerized Supply Chain," RAND Corporation, 2004.

[11] R. Young, M. Peterson, L. Novak, M. Flannery Hayes and F. and Tillotson, "Limiting the Worldwide Flow of Weapons and Their Components Through Established Maritime Transport," Journal o f Transportation Security, vol. 7, no. 1, pp. 27-43, 2014.

[12] "Products and materials that are commercial in nature with civil applications but have the potential to be weaponized and found in 15 CFR 774," University of Oklahoma, [Online]. Available: (http://www.ou.edu/exportcontrols/advice_for_researchers/Examples_Dual_Use. h tm l. [Accessed 2018].

[13] J. Band, "Maritime Security and the Terrorist Threat," RUSI Journal, 2002. [14] "Maritime Security: Progress and Challenges with Selected Port Security Programs

(GAO-14-636T)," Government Accountability Office, 2014.

[15] "Supply Chain Security: CBP Needs to Enhance its Guidance and Oversight of High- Risk Maritime Cargo Shipments (GAO-15-294)," Government Accountability Office, 2015.

[16] J. Gallagher, "US looking to private sector for 100 percent screening help," Journal

122

o f Commerce, 2016.

[17] E. Kulisch, "U.S. Lawmakers say with new technology, it's time to inspect all inbound containers," American Supplier, August 2016.

[18] "Scanning and Imaging Shipping Containers Overseas: Costs and Alternatives," Congressional Budget Office, 2016.

[19] "Secure Freight Initiative," Department of Homeland Security, [Online]. Available: https://www.dhs.gov/secure-freight-initiative. [Accessed 2018].

[20] D. Luensmann and B. Compagnoni, Interviewees, Port security and interm odal m aritim e containers. [Interview]. 19 January 2018.

[21] C. Primmerman, "Thoughts on the Meaning of "Asymmetric Threats"," Massachusetts Institute of Technology, Lincoln Laboratory, 2006.

[22] M. Edgerton, in A Practitioner's Guide to Effective M aritim e and Port Security, John Wiley & Sons, Inc., 2013, pp. 52-55.

[23] J. B. McNeill and J. Zuckerman, "The Cargo Screening Clog: Why the Maritime Mandate Needs to be Re-examined," Backgrounder, The Heritage Foundation, no. 2357, 2010.

[24] "Scanning and Imaging Shipping Containers Overseas: Costs and Alternatives," Congressional Budget Office2016.

[25] G. Tsinker and M. McNichols, "Chapter 13, Port Security," in Port Engineering: Planning, Construction, M aintenance, and Security, John Wiley & Sons, Inc., 2004.

[26] "Radiation detectors at U.S. ports of entry now operate effectively, efficiently: New approach improves detection of threat materials while reducing nuisance alarms," Pacific Northwest National Laboratory, 2016.

[27] K. Calamur, " High Traffic, High Risk in the Strait of Malacca," The Atlantic, 21 August 2017.

[28] "Automated Identification System Overview," U.S. Coast Guard, [Online]. Available: https://www.navcen.uscg.gov/?pageName=AISmain. [Accessed 2018].

[29] Zhen Sun, Centre for International Law, National University of Singapore, "Towards a Comprehensive Maritime Security Framework in Asia - Broaden the Mandate of ReCAAP to Cover other Illicit Maritime Activities," in 6th AsianSIL Biennial Conference, 2017.

[30] P. Tirschwell, "Cyber attack highlights maritime security limitations," Journal o f Commerce, 2017.

[31] J. DiRenzo III, N. Drumhiller, F. Roberts, D. Moskoff and W. Kaag, "Chapter 1, Threats to Global Navigation," in Issues in M aritim e Cyber Security, Westphalia Press, 2017.

[32] Alain L. Kornhauser, Department of Operations Research and Financial Engineering, Princeton University,, "Global Navigation Satellite System (GNSS)," [Online]. Available: https://www.princeton.edu/~alaink/Orf467F07/GNSS.pdf. [Accessed 2018].

123

[33] J. DiRenzo III, N. Drumhiller, F. Roberts and L. Ablon, "Chapter 2, Cyber Security in The Maritime Environment," in Issues in M aritim e Cyber Security, 2017.

[34] J. DiRenzo III, N. Drumhiller, F. Roberts, C. T. P. Michel and A. Tucci, "Chapter 6, Cyber Risk in the Maritime Transportation System," in Issues in M aritim e Cyber Security, 2017.

[35] E. Johnson, "Container lines double down on tracking tech," Journal o f Commerce, 2018.

[36] B. Brady, "The Maritime Security Risk Analysis Model," The Coast Guard Journal o f Safety and Security, vol. 64, no. 1, 2007.

[37] T. Masse, S. O'Neil and J. Rollins, "The Department of Homeland Security's Risk Assessment Methodology: Evolution, Issues, and Options for Congress," Congressional Research Service, 2007.

[38] FM 34-36, Special Operations Forces Intelligence and Electronic W arfare Operations, Appendix D, Target Analysis Process, U.S. Department of the Army, 1991.

[39] B. Bennett, Understanding, Assessing, and Responding to Terrorism: Protecting Critical Infrastructure and Personnel, Second Edition, Wiley Publishing, 2018.

[40] C. Schnaubelt, E. Larson and M. Boyer, Vulnerability Assessment Method Pocket Guide, A Tool for Gravity Analysis, RAND Corporation Arroyo Center, 2014.

[41] S. Cupp and M. Spight, "A Homeland Security Model for Assessing US Domestic Threats," Center for Homeland Defense and Security, Naval Postgraduate School, 2007.

[42] B. Hoffman, "Managing Terrorism Risk," Risk Management Solutions, 2003.

[43] Liu, X., Rutgers, The State University of New Jersey, "Development of a Risk Assessment Tool for Rail Transport of Flammable Energy Resources," USDOT Report CAIT-UTC-NC16, 2016.

[44] K. Vellani, "Chapter 6, Risk Assessments," in Strategic Security M anagem ent: A Risk Assessment Guide fo r Decision Makers, Elsevier, Inc., 2007.

[45] R. Fries, M. Chowdhury and J. Brummond, Transportation Infrastructure Security: Utilizing Intelligent Transportation Systems, Wiley Publishing, 2009.

[46] O. Berle, B. Asbjornslett and J. Rice, "Formal Vulnerability Assessment of a maritime transportation system," Journal o f Reliability Engineering and System, Safety, 2011.

[47] J. v. D. J. Merrick, H. J. T. Mazzuchi, J. Spahn and M. Grabowski, "A Systems Approach to Managing Oil Transportation Risk in Prince William Sound," Systems Engineering, vol. 3, no. 3, 2000.

[48] K. Bachkar, K. Won and J. Szmerekovsku, "An Analytical Hierarchy Process framework to Mitigate Security Risk in the Global Container Supply Chain," Journal o f M anagem ent and Engineering Integration, pp. 30-42, 2013.

[49] S. Kumar, H. Jensen and H. Menge, "Analyzing mitigation of container security

124

risks using Six Sigma DMAIC approach in supply chain design/' Transportation Journal, pp. 54-66, 2008.

[50] "Maritime Security: Elements of an Analytical Framework for Compliance Measurement and Risk Assessment, UNCTAD/SDTW/TLB/2005/4," United Nations, 2006.

[51] V. Thai, "Effective maritime security: conceptual model and empirical evidence," M aritim e Policy & M anagem ent, vol. 36, no. 2, pp. 147-163, 2009.

[52] Morral, A.R. et. al., RAND Corporation , "Modeling Terrorism Risk to the Air Transportation System," 2012.

[53] J. Meredith, A. Raturi and K. a. K. B. Amoakao-Gympah, "Alternative Research Paradigms in Operations," Journal o f Operations M anagem ent, vol. 8, no. 4, pp. 297-326, 1989.

[54] "Top 50 World Container Ports, World Shipping Council," 2017. [Online]. Available: http://www.worldshipping.org/about-the-industry/global-trade/top-50-world- container-ports. [Accessed 2018].

[55] GlobalSecurity.org , "CONREP Standard Tensioned Replenishment Alongside Method (STREAM)," [Online]. Available: https://www.globalsecurity.org/military/systems/ship/systems/unrep- stream.htm. [Accessed 2018].

[56] "Automatic Identification System, U.S. Coast Guard Navigation Center," [Online]. Available: https://www.navcen.uscg.gov/?pageName=aismain. [Accessed 2018].

[57] E. Clarke and D. Philpot, "CARVER+Shock Vulnerability Assessment Tool: A Six Step Approach to Conducting Security Vulnerability Assessments on Critical Infrastructure," Government Training Inc., 2011.

[58] 49 CFR 1580, Rail Transportation Security, Transportation Security Administration. U.S. Department of Homeland Security, 2008.

[59] "Introduction (to conventions)," International Maritime Organization, [Online]. Available: http://www.imo.org/en/About/Conventions/Pages/Home.aspx. [Accessed 2018].

[60] J. Ortiz and M. Massey, Interviewees, U.S. Coast Guard Port State Control M anager and M arine Inspector. [Interview]. 29 January 2018.

[61] "33 CFR 160 - Subpart C - Notifications of Arrival, Hazardous Conditions, and Certain Dangerous Cargoes," U.S. Coast Guard National Vessel Movement Center, [Online]. Available: https://www.nvmc.uscg.gov/NVMC/(S(kgxu5fch5fqpmauzmwbzoabk))/Regulation s.aspx. [Accessed 2018].

[62] "Trade Routes - Top Trade Routes (TEU shipped) 2013," World Shipping Council,, [Online]. Available: http://www.worldshipping.org/about-the-industry/global- trade/trade-routes. [Accessed 2018].

[63] "China Shipping North America," [Online]. Available: http://www.chinashippingna.com. [Accessed 2018].

125

[64] "Korea Strait," Encyclopedia Britannica, [Online]. Available: https://www.britannica.com/place/Korea-Strait.

[65] "Yucatan Channel," Encyclopedia Britannica, [Online]. Available: https://www.britannica.eom/place/Caribbean-Sea#ref408313. [Accessed 2018].

[66] "Panama Canal Authority," [Online]. Available: https://www.pancanal.com/eng/general/canal-faqs/physical.html. [Accessed 2018].

[67] Security and Accountability For Every Port Act o f 2006, Public Law 109-347, 109th Congress, 2006.

[68] M aritim e Transportation Security Act o f 2002, Public Law 107 -295 , 107th Congress, 2002.

[69] "EU, US Fully Implement Mutual Recognition Decision, HDS/CBP," U.S. Customs and Border Protection, 2013. [Online]. Available: https://www.cbp.gov/newsroom/national-media-release/eu-us-fully-implement- mutual-recognition-decision. [Accessed 2018].

[70] Navigation and Vessel Inspection Circular (NVIC) 02-05, U.S. Coast Guard, 2005.

126

APPENDIX A. GLOSSARY

ACP Panama Canal Authority

AHP Analytical Hierarchy Process

AIS Automated identification system

AMSC Area Maritime Security Committee (USCG)

AMSP Area Maritime Security Plan (USCG)

ATS Automated Targeting System (CBP)

CARVER Criticality, Accessibility, Recuperability, Vulnerability, Effect, Recognizability (U.S. Army)

CBO Congressional Budget Office

CBP U.S. Customs and Border Protection

CCTV Closed Circuit Television

CI/KR Critical Infrastructure/Key Resources

CSI Cargo Security Initiative (CBP)

C-TPAT Customs Trade Partnership Against Terrorism (CBP)

DHS U.S. Department of Homeland Security

DTRA U.S. Defense Threat Reduction Agency

EU European Union

FRA U.S. Federal Railroad Administration

FSA Formal Safety Assessment

FVA Forma Vulnerability Assessment

GAO U.S. Government Accountability Office

GCSC Global Container Supply Chain

GIS Geographic Information Systems

127

GNSS Global Navigation Satellite system

GPS Global Positioning system

HSGP Homeland Security Grant Program (DHS)

IED Improvised Explosive Device

IMO International Maritime Organization

IPSP International Port Security Program (USCG)

ISO International Standards Organization

ISPS International Ship and Port Facility Security Program (IMO)

JTS Journal of Transportation Security

MALSINDO Malacca Strait Coordinated Patrol

MARSEC Maritime Security level (USCG)

MMEA Malaysian Maritime Enforcement Agency

MRA Mutual Recognition Agreement

MSRAM Maritime Security Risk Analysis Model (USCG)

MTS Maritime Transportation System

MTSA Maritime Transportation Security Act of 2002

NATO North Atlantic Treaty Organization

NNSA National Nuclear security Administration

NO A Notice of Arrival

NTC-C National Targeting Center-Cargo (CBP)

OCONUS Outside the Continental United States

ORM Operations Research Management

PRA Probabilistic Risk Analysis

PSI Proliferation Security Initiative

RAVA Risk Analysis and Vulnerability Assessment

128

RCRMS Rail Corridor Risk Management System

ReCAPP Regional Cooperation Agreement on Combatting Piracy and A Robbery

RECAPP ISC ReCAPP Information Sharing Center

RMAT Risk Management Analysis Tool

RPM Radiation Portal Monitors

RUSI Royal United Services Institute

SFI Security Freight Initiative

SOLAS Safety of Life at Sea (IMO)

SME Subject Matter Expert

SSAS Ship Security Alert System

SSI Sensitive Security Information

TEU Twenty-foot Equivalent Unit

TSA U.S. Transportation Security Administration

TVR Threat, Vulnerability and Risk model

TWIC Transportation Worker Identification Credential (TSA/USCG)

UN United Nations

USCG United States Coast Guard

USDA U.S. Department of Agriculture

USFDA U.S. Food and Drug Administration

VACIS Vehicle and Cargo Inspection System (CBP)

VAMPG Vulnerability Assessment Method Pocket Guide

VSP Vessel Security Plan

WMD Weapon(s) of Mass Destruction

129

APPENDIX B. INTERVIEW PROTOCOL FORM

Maritime CARVER Risk Assessment Interview Protocol for the

Intermodal Maritime Container Supply Chain

INSTRUCTIONS

Please provide the information requested, below , on the nodes (e.g. manufacturer and ports) and links (e.g. surface transportation to ports, voyages and passage through canals and straits) that comprise the intermodal maritime container supply chain. A notes section is provided at the end o f the questionnaire to clarify the information requested. Questions on the questionnaire and information requested should be directed to aary jJordon@ um l.edu.

ENTITY

C om pany/A gency:_______________________ _____________________________ ___________________

Address: ___________________________________________________________________________________

Contact Person: ____________________________________________________________________________

Telephone: _______________________________ Email: ________________________________________

Other Information: ____ __________

SHIPMENT DATA

Commodities: _____

Packaging: ________

Volumes:

Other Information:

130

Maritime CARVER Risk Assessm ent Model Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)

TRIP INFORMARTION

Origin: ________________________________________________________________ _

Port o f Origin: ______________________________________________________________

Port o f Destination: _______ _________________________________________________

Route: ______ ___________________________________________ _

Ship Nam e or T y p e :_______________________________ ________________________

Comments: ___________________ _____________________

M ODEL FACTORS

C - Chain of Custody

To Foreign Load Center Port

M ove to Load Center Port: D irect V ia Feeder Port _ _ _

M ode(s) to Feeder or Load Center Port: Truck R a il Combined Rail and Truck

Estimated number o f times container is handled to Load Center Port: _______

Comments: ________________________ __________________

At Sea

Once the ship is loaded at the foreign feeder port or load center port, and from the U.S. load center port to feeder port, it w ill be considered that the container w ill not be “handled” and the chain o f custody will be with the ship's officers and company officials.

Comments: _________________________ _______________ _______

2

131

Maritime CARVER Risk A ssessm ent Model Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)

From U.S. Load Center Port

M ove to Consignee: Direct Via Feeder Port

M ode(s) from Load Center Port to Consignee: Truck Rail Combined Rail and Truck

Estimated number o f times container is handled from Load Center Port:

Comments:

A - Approach (to targeting and monitoring)

In Foreign Country to/at Load Center Port

CBP approach to targeting: In-county Regional NTC-C Other

Host nation approach: Y es No If yes, meets U .S. requirements? Yes N o

Comments:

At Sea Before Entering U .S. Load Center Port

Compliance with U .S ./ international safety/security rules and regulations: Yes N o

Comments:

R - Routing

Route Description:

Pass through canal: Yes N o Describe:

Pass through a strait: Y es N o Describe:

3

132

Maritime CARVER Risk Assessm ent Model Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)

Pass near area o f known threats (e.g. piracy): Y e s N o Describe: ___

Remain at anchorage: Y e s N o Where and number o f times: ______

Comments: _________________________________________

V - Vetting

CSI vetted: Y e s N o ____

C-TPAT vetted: Y e s N o ____

Other U .S. Vetting measures: Y e s N o Describe:

Host Nation vetting: Y e s N o ____

If yes, meets U .S. standards: Y e s N o

If no, explain vetting procedure: _________

Other vetting standards: Y e s N o

If yes, explain: ______________________

Comments:

133

Maritime CARVER Risk A ssessm ent M odel Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)

E — Exposure

List the PHYSICAL and HUM AN security measures in place at each port, intermodal yard or other transportation node.

Port #1:

Nam e and country: _____________________________________________________________________

Description o f security measures: ________________________________________________________

Port #2:

Nam e and country: _____________

Description o f security measures:

Intermodal Yard #1:

Nam e, location and country: ___

Description o f security measures:

Intermodal Yard #2:

Nam e, location and country: ____

Description o f security measures:

134

Maritime CARVER Risk Assessm ent M odel Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)

Other Transportation N ode # 1 :

Nam e, location, country and type: __________________________________ _

Description o f security measures:

For additional ports, intermodal yards and other transportation nodes, use the Additional Information section at the end o f this questionnaire.

At Sea

Description o f onboard security: ____________________________________________________

Agreement(s) with nation or international security forces:

Other:

Comments:

R — Regulatory

Compliance with U .S. rules and regulations: Y e s No

If no, explain: __________________________________________

6

135

Maritime CARVER Risk Assessment Model Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)

Compliance with international rules and regulations: Y e s N o ____

If no, explain: ________________ ______________ ______________________________

Compliance with host nation rules and regulations: Y es_ No

If no, explain: ___________ ___________________ _________________

Comments:

NOTES:

The follow ing is an explanation o f the information required in each specific section o f the questionnaire when the question requested information requires clarification.

Trip Information:

The origin should be the manufacturer’s location

The route, list the canals and straits to be passed through, and areas o f known threats (e.g. piracy).

Chain o f Custody

When determining transportation modes, m oves by yard tractor (goats) within ports and intermodal yards are not included when deeming the number o f time the container is handled. The number o f times the container is handled will be 1.

Approach

NTC-C targeting is via in-country CBP inspectors for high risk shipments and U .S. Based CBP personnel for non-risk shipments. At sea targeting and monitoring involves insuring that the containers are in compliance with appropriate U .S. and international rules and regulations prior to entering the U .S. Load Center Port.

7

136

Maritime CARVER Risk A ssessm ent Model Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)

Routing

Attention should be given to routes passing through canals, straits and known threat areas, portions o f the voyage that is away from land and U.S., national and international security forces.

Vetting

This factor includes all o f the parties in the supply chain, such as the manufacturer (or originator o f container) consignee, exporter and importer, transportation facilities (e.g. canals, ports and intermodal facilities) and operators and cargo.

Exposure

List the physical and human security measures for all ports, intermodal yards (not in the port) and other transportation nodes though which the maritime intermodal container traverses.

Regulatory

This includes U.S., international and host nation rules and regulations other than vetting and targeting. This includes the USCG 96-hour advanced notice o f arrival (N O A ) requirement, US CBP automated targeting system (ATS), Maritime Transportation Security Act (M TSA), the Safe Ports Act o f 2006, and CBP initiatives and IMO’s International Ship and Port Facility Security Code (ISPS).

8

137

Maritime CARVER Risk Assessm ent Model Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)

ADDITIONAL INFORMATION

9

138

APPENDIX C. CASE STUDY INTERVIEW

The interview protocol was received from the non-disclosed entity on 3/15/18. A

follow-up discussion was conducted on 3/21/18 to clarify the information submitted.

M aritim e C A R V E R R isk A ssessm en t Interview P rotocol for the

Interm odal M aritim e C ontainer Supply Chain

INSTRUCTIONS

Please provide the in form ation requested , b e lo w , on the n odes (e .g . m anufacturer and ports) and link s (e .g . surface transportation to ports, v o y a g es and p assage through canals and straits) that com p rise the interm odal m aritim e container sup p ly chain . A n otes section is p rovid ed at the end o f the questionnaire to c larify the in form ation requested. Q u estion s on the q uestionnaire and inform ation requested should b e d irected to garv gordonta:um I.ed u .

ENTITY

C om p an y/ A g e n cy : t i e r b t ^ C - t o £ > e z > ( j j . z> , ) ___________________________________

A ddress: _____________CcZ-jA/Ocl A d a M A i ______________________ __ _________________

C ontact Person: _____A + , ~ e m U a & S 2> f t l £ aC T S A C £ E £ f t /<& * - /

T elephone: A1 > P . _________________ Em ail: /vl ■ •_____ ___________ _______

Other Inform ation: i N T L O F S P Z C . t A c r y £ > f t & A r t / C £ # £ # ( £ 4 C S ____

AdAJe>(L . f / kc t c .r r /£ S A T f

SHIPMENT DATA

C om m odities:

Packaging:

V olum es:

Other Information:

139

Maritime CARVER Risk Assessment Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)

TRIP INFORMARTION

Origin: ______ _/ o c a~tus *J 5 A G O * *

Port o f Origin:

Port o f Destination:

^ £ <//*»%# 4.^Route:

Ship Name or Type:

Comments:

MODEL FACTORS

C - Chain of CustodyV

To Foreign Load Center Port

M ove to Load Center Port: Direct j / Via Feeder Port____

Modc(s) to Feeder or Load Center Port: Truck Rail \ S Combined Rail and Truck

Estimated number o f times container is handled to Load Center Port: - 3

C om m en ts:__A rrftC tfZ F>_________________________________________________________

At Sea

Once the ship is loaded at the foreign feeder port or load center port, and from the U.S. load center port to feeder port, it will be considered that the container will not be “handled” and the chain o f custody will be with the ship's officers and company officials.

Comments: r ; ? _______________________________________________________________

P U) > 1 & L q y t W i f ^ .oJ.111 bML . P 'V.W l y d \ ) r\fN|. > 6 ? \ j o y a ; _________________________________

2

140

Maritime CARVER Risk Assessment interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)

From U.S. Load Center Portad Cenje

M ove to Consignee: Direct Via Feeder Port S '

Modc(s) from Load Center Port to Consignee: Truck S ' R ail Combined Rail and Truck y

Estimated number o f times container is handled from Load Center Port:

Comments: a U ~ UiTHtd _______________________________________ ________

' ] € e v h / c t y i> K dk > k ( X _ _

l eg A ^ 6 H - { V > .______________________________

A - Approach (to targeting and monitoring)

In Foreign Country to/at Load Center Port

CBP approach to targeting: ln-county y R egional NTC-C- Other

Host nation approach: Yes S N o If yes, meets U.S. requirements? Yes No

Comments:

At Sea Before Entering U.S. Load Center Port

Compliance with U .S./ international safety/security rules and regulations: Yes y ' No

Comments: L/*}$ _ _ _ _ _ _

R - Routing

Route Description:

P ass through canal: Y e s _S_ N o _ D escrib e: ____ <pAaT>Aj6. 5 _____

Pass through a strait: Yes S ' No D escr ib e :__D e / t / t } f ru>d./AjL

3

141

Maritime CARVER Risk Assessment Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)

Pass near area o f known threats (e.g. piracy): Yes S No D escrib e:_____________ ___

__ Remain at anchorage; Yes N o Where and number o f times: fa ^ ^ A K ,e . f / t o r

Lccktiq*J& ' ulfeSC C&fi T~ (/,£> (3n£> P/+rJ4 f* 4 Comments: /y)o»)fc.___________ _____________________________ _________ __________

V - Vetting

CSI vetted: Yes N o ____

C-TPAT vetted: Yes ^ N o ____

Other U.S. Vetting measures: Y e s N o Describe: M >r____________________

KKXCo fJD A r v k >5 ~ ( £ r+ £ e r ri/v l V l n C i r a - W ,___________ ________________________ ______

Host Nation vetting: Y es * / N o ____

If yes, meets U.S. standards: Yes / N o ____

If ncx explain vetting procedure:_____________________________________________________

Other vetting standards: Y e s No \ /

If yes, explain: ___________ _̂________________________________________________ ____________

X ^ O TcH 'iC[-^s. <kU p r y & d i / r f ^ g A ,-ry i Ai nw l t W f o f- ~t6- [ / £ d / y f K o f N v H « * v .............

Comments:

m / a ■____________________________________________________

4

142

Maritime CARVER Risk Assessment Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)

E - Exposure

List the PHYSICAL and HUMAN security measures in place at each port, intermodal yard or other transportation npde.

Port #1:

Name and country: __

Description o f security measures:

A c £ p y d W A V M v . Q t - J f f f d v N ) U f / u N l l l i Q f t CC) tACK -Awftd riyMfKlctVA <Lcfcfcy 4 f ■■ % \ \cuf i - e w ts . <y\ W oc-1-pa.T iw x i t v v ( V s $ ? 'w « n c £ ai\<$ A w W 'f ’S.

Port #2: "

Name and countiy: £oTTe^e t > A - * A _____________________________ __________

Description o f security measures: -fe/g O, <». >w.in a)#z

.............................. ^ .~~T",__ ____________________

Name, location and countiy:

Description o f security measures: fk t t US. C? s ,n

___________________ - M 2 L- O W _______ _______________

Intermodal Yard #2:

Name, location and countiy:

Description o f security measures: r ± k r

(V)046 ' ACl c®yp ;| (VV i) | jyc sk\M>iOf A m-p l A f i k i u w y # p (fv ( y < ? u c v m y

143

Maritime CARVER Risk Assessment Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)

Other Transportation Node # 1 :

Name, location, country and type: /u /d ___ _ ______ ______

Description o f security measures: a\ /A ____________________________________

I For additional ports, intermodal yards and other transportation nodes, use the Additional | Information section at the end o f this questionnaire.

i | At Seai1i | Description o f onboard security: A&r fcOOoiuJ____________________________________________

i P t € S c / . < C ^ U> V a Q C c o sm itA ^ w i-vc . T M f l

Agreement!s) with nation or international security forces: , J

uvWV\q-h»/viV OxcOi fa /tW s :1 Rhvtes <Tat\ t f W f lP / ^ e t j q s Coa S j - a o A ^ .

u H £ r ''v 'U r-1 c d U w o+ C ° Other: m / a _______________________________________________________________________

Comments:

R - Regulatory

Compliance with U.S. rules and regulations: Yes S No

If no, explain: U C 0 (2 ? ̂ ~ 0 fC ~ ̂ C V") - jvQ>/1(Â I

^ <4 i k F r q u v W - C f y j . [ ) > ,ry

144

Maritime CARVER Risk Assessment Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)

Compliance with international rules and regulations: Yes f N o ____

If no, explain: r f - M O C O ?A / > E ( P i \ C C ......... _ ^ I

Compliance with host nation rules and regulations: Yes S N o ____

If no, explain: D & ^ 1 N- ^ c j ^7 CAv qv,\ ^ {

Comments: lo t A*-t a 0/t SAiflkfiiOAt. g,'vi, 4-irl TiSt

T* /t& fo d 't £ » m.Pc/A*J(.£. Aua, P (t ifn/tAA

A c 5 0 Ma/toTn/Aj5 <SoC(4 £xp*a.T>&£

NOTES:

The following is an explanation o f the information required in each specific section o f the questionnaire when the question requested information requires clarification.

Trip Information:

The origin should be the manufacturer’s location

The route, list the canals and straits to be passed through, and areas o f known threats (e.g. piracy).

C hain o f Custody

When determining transportation modes, moves by yard tractor (goats) within ports and intermodal yards are not included when deeming the number o f time the container is handled. The number o f times the container is handled will be 1.

Approach

NTC-C targeting is via in-country CBP inspectors for high risk shipments and U.S. Based CBP personnel for non-risk shipments. At sea targeting and monitoring involves insuring that the containers arc in compliance with appropriate U.S. and international rules and regulations prior to entering the U.S. Load Center Port.

7

145

Maritime CARVER Risk Assessment Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)

Routing

Attention should be given to routes passing through canals, straits and known threat areas, portions o f the voyage that is away from land and U.S., national and international security forces.

Vetting

This factor includes all o f the parties in the supply chain, such as the manufacturer (or originator o f container) consignee, exporter and importer, transportation facilities (e.g. canals, ports and intermodal facilities) and operators and cargo.

Exposure

List the physical and human security measures for all ports, intermodal yards (not in the port) and other transportation nodes though which the maritime intermodal container traverses.

Regulatory

This includes U.S., international and host nation rules and regulations other than vetting and targeting. This includes the USCG 96-hour advanced notice o f arrival (NOA) requirement, US CBP automated targeting system (ATS), Maritime Transportation Security A ct (MTSA), the Safe Ports Act o f 2006, and CBP initiatives and IMO’s International Ship and Port Facility Security Code (ISPS).

8

146

Maritime CARVER Risk Assessment Interview Protocol for the Intermodal Maritime Container Supply Chain (Cont.)

ADDITIONAL INFORMATION

Anrr

9

147

Container Shipping Summary

1. S h ip p e r : A m a j o r G e r m a n c h e m i c a l p r o d u c e r ( n o t n a m e d )

2 . V o l u m e : A p p r o x i m a t e l y 8 0 0 0 s h i p m e n t s p e r y e a r s w i t h a n e q u a l d i s t r ib u t io n b e t w e e n

2 0 ' a n d 4 0 ' c o n t a i n e r s , t h e r e f o r e ~ 1 2 0 0 0 TEUs a n n u a l ly .

3 . C o m m o d i t i e s : D y e s , p i g m e n t s , a n d o r g a n ic i n t e r m e d i a t e s ; t e x t i l e f ib e rs ; r e p r o g r a p h ic

c h e m ic a l s ; s u r f a c t a n t s a n d t h e i r p r e c u r s o r s ; e n g i n e e r i n g p o l y m e r s ; a n d s p e c i a l t y f l u o r o

c o m p o u n d s .

4 . P a ck a g in g : C h e m i c a l s w e r e p a c k a g e d in s t e e l d r u m s , p la s t ic d r u m s , o r f ib e r d r u m s w i t h

p la s t i c l iners; p o l y m e r s in c o r r u g a t e d g a y l o r d s w i t h p la s t ic l in er s . M a n y p r o d u c t s w e r e

h a z a r d o u s a n d p r o h i b i t e d a b o a r d a ircra f t , o r w e r e o f r e la t iv e ly l o w v a l u e t h e r e b y

m a k i n g a ir fr e ig h t u n r e m u n e r a t i v e .

5 . Bulk s h i p m e n t s a n d t h o s e in I s o - t a n k s a r e o u t s i d e t h e s c o p e o f t h i s d i s c u s s i o n

P o in t s o f Origin:

Origin Plant TEUs Seaport of Loading Land M ode Container Line F rankfurt 4 7 0 0 H a m b u r g Rail f r o m F ran kfurt t o

H a m b u r g

H a p a g -L lo y d

E v e r g r e e n

A tla n t ic C o n t a in e r

Line (ACL)

4 0 0 0 R o t t e r d a m River b a r g e l o a d e d a t t h e

p la n t o n River M a in n e a r

c o n f l u e n c e o f t h e Rh ine;

t h e n d i r e c t ly t o

R o t t e r d a m

S e a -L a n d

N e d l l o y d

W i e s b a d e n 8 0 0 R o t t e r d a m T r u c k e d t o p la n t a t

Fran kfurt a n d

t r a n s f e r r e d t o b a r g e

S e e " H a m b u rg "

a b o v e

C o l o g n e 2 3 0 0 A n t w e r p T r u c k e d t o p o r t I n d e p e n d e n t

C o n t a in e r Line

H a n o v e r 5 0 0 H a m b u r g T r u c k e d t o p o r t S e e " H a m b u rg "

a b o v e

A rriva ls in U.S.:

Origin Port Arrival Port

Inland Final Destinations1 Approx TEUs

M ode to Final Destination

H a m b u r g NY-NJ F air f ie ld , NJ; P r o v i d e n c e ,

Rl; C h ic a g o ; K a n sa s City;

o t h e r c u s t o m e r d ir e c t

3 5 0 0 P r o v i d e n c e c o n t a i n e r s

t r a n s l o a d e d t o b a r g e or

c o a s t a l f e e d e r v e s s e l 2;

1 F airf ie ld , C h ic a g o , a n d C h a r lo t t e w e r e d i s t r ib u t io n c e n t e r l o c a t i o n s . P r o v i d e n c e , S p a r t a n b u r g ,

H o u s t o n , a n d C h a r lo t t e w e r e m a n u f a c t u r i n g p la n ts .

2 H a p a g -L lo y d o p e r a t e d a sm a l l c o n t a i n e r s h i p , C /V Y a n k e e C lipp er

148

l o c a t i o n s in PA, DE, NJ, a n d

NY

C h ic a g o a n d KC b y COFC;

all o t h e r , v ia t r u c k

N o r f o lk C h a r l o t t e 5 0 0 T ruck

C h a r l e s t o n C h a r l o t t e a n d S p a r t a n b u r g 1 0 0 0 T ruck

O a k la n d C u s t o m e r s 2 0 0 T ruck

R o t t e r d a m NY-NJ S e e "NY-NJ" a b o v e 2 1 0 0

B a l t im o r e C u s t o m e r s in M D , PA, a n d

VA; s o m e t o S t . L ou is

7 0 0 St. L o u is b y COFC; all

o t h e r b y t r u c k

S a v a n n a h S e e " C h a r le s t o n " a b o v e 1 2 0 0 T ruck

H o u s t o n H o u s t o n a n d G a l v e s t o n 8 0 0 T ruck

A n t w e r p C h e s t e r , PA C u s t o m e r s in PA 5 0 0 T ruck

R i c h m o n d ,

VA

C h a r l o t t e 1 8 0 0 T ruck

149

BIOGRAPHICAL SKETCH OF THE AUTHOR

Gary Gordon is pursuing a Ph.D. in Civil and Environmental Engineering at the

University of Massachusetts Lowell under the guidance of Dr. Chronis Stamatiadis. Gary

received his B.S in Civil Engineering from the University of Massachusetts Lowell (then

Lowell Technological Institute), M.S. in Civil Engineering (transportation concentration)

from the University of Maryland and Master of Business Administration from the

University of Massachusetts Lowell. He is also a graduate of the U.S. Army Command

and General Staff College and U.S. Army Engineer Officer Basic and Advanced, and

Transportation Officer Advanced Courses.

Professionally, Gary has over 40 years of engineering, construction, operations

and safety and security experience in the transportation sector. He is currently Adjunct

Faculty at the University of Massachusetts Lowell teaching courses in transportation

security, critical infrastructure protection and emergency management, and an Adjunct

Professor at the Massachusetts Maritime Academy teaching courses in disaster related

business continuity/continuity of operations and infrastructure protection.

Prior to this, Gary was a former Assistant Federal Security Director-Surface

Transportation responsible for DHS/TSA’s South Central Region headquartered in

Houston, TX. His professional experience also includes Assistant Chief Engineer-Design

& Construction of the former Boston & Maine Railroad/Guilford Rail and transportation

engineering, construction, operations and safety and security consultant. Gary retired

from the U.S. Army Reserve as a Lieutenant Colonel with assignments as an engineering

officer and multimodal transportation operations and management officer.

150

Gary is a registered professional engineer and holds several professional

certifications relating to transportation operations and security, and emergency

management. He is a co-author of Railway Security: Protecting Against Manmade and

Natural Disasters, CRC Press/Taylor & Francis Group, and is published in the areas of

transportation security and emergency management, to include in the Journal o f

Emergency Management. He has also spoken at many technical conferences and is

published in the conference proceedings. He is on the editorial board of the Journal o f

Transportation Security and is also active in many professional organizations, to include

the Society of American Military Engineers and National Defense Transportation

Association.