Upload
donald
View
50
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Border and Transportation Security (BTS). Class 2 C-TPAT and CSI Concept, Technologies, and Vulnerabilities. C-TPAT. - PowerPoint PPT Presentation
Citation preview
SMU CSE 8394
Border and Transportation Security (BTS)
Class 2 C-TPAT and CSI
Concept, Technologies, and Vulnerabilities
SMU CSE 8394
C-TPATIn November 2001, Customs initiated C-TPAT – Customs-Trade Partnership Against Terrorism – to improve the security of containers as they move through the global supply chain
Under C-TPAT, Customs officials work in partnership with private industry, reviewing supply chain security plans and recommending improvements
In return, C-TPAT members receive the benefit of a reduced likelihood that containers traveling along their supply chains will be inspected for WMDs.
SMU CSE 8394
C-TPAT– First thing to Note . . .
C-TPAT is a general agreement on a Security Process
It addresses . . .
Security Guidelines (defined by
C-TPAT)
Security Plan
(defined by each
member)
C-TPAT Complian
ce Evaluatio
n.
Validation
Process
SMU CSE 8394
C-TPAT Has Guidelines for . . .
1. Importers2. Air Carriers3. Sea Carriers4. Rail Carriers5. Licensed Brokers6. Air Freight Consolidators/Ocean Transportation
Intermediaries, and NVOCCs (1)
7. U.S. Marine Port Authority/Terminal Operators8. Foreign Manufacturers
a) Warehouse Security Recommendations
b) Status Verification Interfacec) FAST Application Information. (2)
(1) Non-vessel Operating Common Carrier(2) This program allows U.S./Canada and U.S./Mexico partnering importers expedited release for qualifying commercial shipments.
SMU CSE 8394
C-TPAT Process for ImportersImporter Security Recommendations for C-TPAT
Contains a list of suggestions for establishing, improving, or amending, security procedures along the entire supply chain. Each set of recommendations applies to a specific segment of the import chain such as a carrier, broker, importer, or warehouse and is meant to serve as only a guide and not as an established standard
C-TPAT Agreement to Participate Voluntarily Required voluntary agreement that shows a company's commitment to complete the appropriate Security Questionnaire within 60 days and participate in C-TPAT.
SMU CSE 8394
C-TPAT Importers’ Security Profile1. Provide an executive summary outlining the process
elements of the security procedures currently in place. At minimum, address: – Security Program– Personnel Security– Service Provider Requirements - Product suppliers,
Carriers, Forwarders
2. Indicate that the specific detailed procedures noted above are available to Customs in a verifiable format at an identified location– Include an assessment of your security processes– As well as information on what changes you envision
making to correct identified weaknesses.
• Facilities security• Theft prevention• Shipping & receiving
controls• Information security
controls - integrity of automated systems
• Internal controls - process established for reporting and correcting problems.
• Pre-employment screening & periodic bkgnd reviews
• Employee training on security awareness and procedures
• Internal codes of conduct
• Internal controls - process established for reporting and managing problems related to personnel security
• Written standards for physical plant security
• Quality controls• Financial assessment
process• Internal controls to
select service providers• Profiles of Tier 1
suppliers maintained and available for review
• Indicate if your service providers participate . . .
SMU CSE 8394
C-TPAT – Focus on CSIAnnounced in January 2002, the Container Security Initiative addresses security vulnerabilities created by the ocean container trade
Two issues 1) WMDs in a container could destroy a port 2) WMDs slipping into the country could destroy a place
HENCE – CSI allows U.S. Customs to screen containers at CSI-designated foreign seaports.
SMU CSE 8394
Rationale for CSIOcean-going cargo containers are a critical link in the system of global tradeWith the rise of the “just-in-time” delivery system and increased efficiencies in maritime transportation, the U.S. and world economies have become increasingly reliant on the cargo container to transport their goodsApproximately 90 percent of the world’s trade moves by cargo containerAbout 49 percent of U.S.-bound containers arrive from the top 10 international ports shown in Table 1.
SMU CSE 8394
Rationale for CSIOcean-going cargo containers are a critical link in the system of global tradeWith the rise of the “just-in-time” delivery system and increased efficiencies in maritime transportation, the U.S. and world economies have become increasingly reliant on the cargo container to transport their goodsApproximately 90 percent of the world’s trade moves by cargo containerAbout 49 percent of U.S.-bound containers arrive from the top 10 international ports shown in Table 1.
SMU CSE 8394
C-TPAT’s Security Architecture• C-TPAT identifies
– Procedural and physical changes to “heighten security”
– Continuous monitoring / updating to maintain it
• CSI identifies– Procedures to qualify and evaluate supply-
chain security as it pertains to shipping containers
– Continuous monitoring / updating to maintain itWhat’s missing?
SMU CSE 8394
C-TPAT’s Security Architecture• Technology
– How can warehouses, depots, and containers be secured
– What must be secured– What should we measure / detect / report
• Infrastructure– What is required to enable a secure
architecture– Who provides it / controls it / or maintains it
Our challenge . . .
SMU CSE 8394
Customs Commissioner Robert C. Bonner asked importers to tighten the security of their supply chains . . .
. . . “security measures must serve a greater purpose” Companies should expand the "security perimeter" of the U.S. by assuring their vendors and transportation means are "airtight."
Dedola International (Nov 28/01)
Compelling Problem – Border Security
U.S. Borders are inundated with Imports
Import levels impact HomeLand Security & may delay processing at the port of entry
SMU CSE 8394
Today’s Short-comings in CSI Security
• Current systems are designed to foul the “dumb criminal”
• They are not “hardened” to foul “smart, well-funded” criminals
• Opportunistic• Insider• “Grab-and-run”
mentality• Timing Delivery-
oriented
• “Idealistic”• Outsider & insider• “Send-a-message”
mentality• Timing Impact-
oriented.
SMU CSE 8394
Security Architecture for CSI
• Now that we understand • the concepts behind C-TPAT and CSI• the security methods introduced• the “terrorist characteristics”
• We will identify processes, technologies, and architecture necessary to give “teeth” to CSI.
SMU CSE 8394
Security Architecture – “Thought Lab”
SRCWhat do we need here to ensure only legitimate goods are loaded
Transport
How can we be sure nothing
“slipped in”
DST How can we maximize the likelihood of a high-detection hit-rate.
SMU CSE 8394
Security Architecture – “Thought Lab”
SRCIdentify the conditions needed hereConsider
• Trusted Agent – at each Vendor or Port• Mechanism to ensure that once loaded and
secured, opening a container is detected 100% and reported
• Infrastructure to ensure the “mechanism” cannot be compromised – cloned / mutated.
15 minDiscussion
SMU CSE 8394
Security Architecture – “Thought Lab”
Consider• Mechanism to ensure opening any part of a
container is detected 100% and reported• Infrastructure to ensure the “mechanism’s”
ability to report cannot be compromised – jammed / faked.
Identify the conditions needed here
Transport
15 minDiscussion
SMU CSE 8394
Security Architecture – “Thought Lab”
Consider• Mechanism to clearly and reliably indicate
container compromise to inspector or inspecting station
• Infrastructure to ensure customs inspector can identify compromised containers quickly
• Infrastructure to analyze possible breeches and to report them for up-stream analysis and reporting.
DST What does Customs need 15 min
Discussion
SMU CSE 8394
End of Current LessonThe purpose of the Thought-experiment was to
1. Identify an architecture to support CSI2. Identify technology characteristics to support
rapid and reliable detection3. Identify the impacts to infrastructure
An extension to our exercise is to determine cost impacts – ultimately, someone has to pay for it – so minimizing cost is a winning goal
Think of what may be lost through cost-minimization.