190 likes | 410 Views
Border and Transportation Security (BTS). Class 2 C-TPAT and CSI Concept, Technologies, and Vulnerabilities. C-TPAT.
E N D
Border and Transportation Security (BTS) Class 2 C-TPAT and CSI Concept, Technologies, and Vulnerabilities CSE 8394
C-TPAT In November 2001, Customs initiated C-TPAT – Customs-Trade Partnership Against Terrorism – to improve the security of containers as they move through the global supply chain Under C-TPAT, Customs officials work in partnership with private industry, reviewing supply chain security plans and recommending improvements In return, C-TPAT members receive the benefit of a reduced likelihood that containers traveling along their supply chains will be inspected for WMDs. CSE 8394
Security Guidelines (defined by C-TPAT) Security Plan (defined by each member) C-TPAT Compliance Evaluation. C-TPAT– First thing to Note . . . C-TPAT is a general agreement on a Security Process It addresses . . . Validation Process CSE 8394
C-TPAT Has Guidelines for . . . • Warehouse Security Recommendations • Status Verification Interface • FAST Application Information. (2) • Importers • Air Carriers • Sea Carriers • Rail Carriers • Licensed Brokers • Air Freight Consolidators/Ocean Transportation Intermediaries, and NVOCCs (1) • U.S. Marine Port Authority/Terminal Operators • Foreign Manufacturers • Non-vessel Operating Common Carrier • This program allows U.S./Canada and U.S./Mexico partnering importers expedited release for qualifying commercial shipments. CSE 8394
C-TPAT Process for Importers Importer Security Recommendations for C-TPAT Contains a list of suggestions for establishing, improving, or amending, security procedures along the entire supply chain. Each set of recommendations applies to a specific segment of the import chain such as a carrier, broker, importer, or warehouse and is meant to serve as only a guide and not as an established standard C-TPAT Agreement to Participate Voluntarily Required voluntary agreement that shows a company's commitment to complete the appropriate Security Questionnaire within 60 days and participate in C-TPAT. CSE 8394
C-TPAT Importers’ Security Profile • Facilities security • Theft prevention • Shipping & receiving controls • Information security controls - integrity of automated systems • Internal controls - process established for reporting and correcting problems. • Pre-employment screening & periodic bkgnd reviews • Employee training on security awareness and procedures • Internal codes of conduct • Internal controls - process established for reporting and managing problems related to personnel security • Written standards for physical plant security • Quality controls • Financial assessment process • Internal controls to select service providers • Profiles of Tier 1 suppliers maintained and available for review • Indicate if your service providers participate . . . • Provide an executive summary outlining the process elements of the security procedures currently in place. At minimum, address: • Security Program • Personnel Security • Service Provider Requirements - Product suppliers, Carriers, Forwarders • Indicate that the specific detailed procedures noted above are available to Customs in a verifiable format at an identified location • Include an assessment of your security processes • As well as information on what changes you envision making to correct identified weaknesses. CSE 8394
C-TPAT – Focus on CSI Announced in January 2002, the Container Security Initiative addresses security vulnerabilities created by the ocean container trade Two issues 1) WMDs in a container could destroy a port 2) WMDs slipping into the country could destroy a place HENCE – CSI allows U.S. Customs to screen containers at CSI-designated foreign seaports. CSE 8394
Rationale for CSI Ocean-going cargo containers are a critical link in the system of global trade With the rise of the “just-in-time” delivery system and increased efficiencies in maritime transportation, the U.S. and world economies have become increasingly reliant on the cargo container to transport their goods Approximately 90 percent of the world’s trade moves by cargo container About 49 percent of U.S.-bound containers arrive from the top 10 international ports shown in Table 1. CSE 8394
Rationale for CSI Ocean-going cargo containers are a critical link in the system of global trade With the rise of the “just-in-time” delivery system and increased efficiencies in maritime transportation, the U.S. and world economies have become increasingly reliant on the cargo container to transport their goods Approximately 90 percent of the world’s trade moves by cargo container About 49 percent of U.S.-bound containers arrive from the top 10 international ports shown in Table 1. CSE 8394
C-TPAT’s Security Architecture • C-TPAT identifies • Procedural and physical changes to “heighten security” • Continuous monitoring / updating to maintain it • CSI identifies • Procedures to qualify and evaluate supply-chain security as it pertains to shipping containers • Continuous monitoring / updating to maintain it What’s missing? CSE 8394
C-TPAT’s Security Architecture • Technology • How can warehouses, depots, and containers be secured • What must be secured • What should we measure / detect / report • Infrastructure • What is required to enable a secure architecture • Who provides it / controls it / or maintains it Our challenge . . . CSE 8394
Compelling Problem – Border Security U.S. Borders are inundated with Imports Import levels impact HomeLand Security & may delay processing at the port of entry Customs Commissioner Robert C. Bonner asked importers to tighten the security of their supply chains . . . . . . “security measures must serve a greater purpose” Companies should expand the "security perimeter" of the U.S. by assuring their vendors and transportation means are "airtight." Dedola International(Nov 28/01) CSE 8394
Today’s Short-comings in CSI Security • Opportunistic • Insider • “Grab-and-run” mentality • Timing Delivery-oriented • Current systems are designed to foul the “dumb criminal” • They are not “hardened” to foul “smart, well-funded” criminals • “Idealistic” • Outsider & insider • “Send-a-message” mentality • Timing Impact-oriented. CSE 8394
Security Architecture for CSI • Now that we understand • the concepts behind C-TPAT and CSI • the security methods introduced • the “terrorist characteristics” • We will identify processes, technologies, and architecture necessary to give “teeth” to CSI. CSE 8394
Security Architecture – “Thought Lab” DST How can we maximize the likelihood of a high-detection hit-rate. • SRC • What do we need here to ensure only legitimate goods are loaded Transport How can we be sure nothing “slipped in” CSE 8394
Security Architecture – “Thought Lab” • SRC • Identify the conditions needed here 15 min Discussion • Consider • Trusted Agent – at each Vendor or Port • Mechanism to ensure that once loaded and secured, opening a container is detected 100% and reported • Infrastructure to ensure the “mechanism” cannot be compromised – cloned / mutated. CSE 8394
Security Architecture – “Thought Lab” • Identify the conditions needed here • Transport 15 min Discussion • Consider • Mechanism to ensure opening any part of a container is detected 100% and reported • Infrastructure to ensure the “mechanism’s” ability to report cannot be compromised – jammed / faked. CSE 8394
Security Architecture – “Thought Lab” DST What does Customs need 15 min Discussion • Consider • Mechanism to clearly and reliably indicate container compromise to inspector or inspecting station • Infrastructure to ensure customs inspector can identify compromised containers quickly • Infrastructure to analyze possible breeches and to report them for up-stream analysis and reporting. CSE 8394
End of Current Lesson The purpose of the Thought-experiment was to • Identify an architecture to support CSI • Identify technology characteristics to support rapid and reliable detection • Identify the impacts to infrastructure An extension to our exercise is to determinecost impacts – ultimately, someone has to pay for it – so minimizing cost is a winning goal Think of what may be lost through cost-minimization. CSE 8394