“The Fragile State of Container Security”

Written Testimony before

a hearing of the

U.S. Senate Governmental Affairs Committee

on

“Cargo Containers: The Next Terrorist Target?”

Stephen E. Flynn, Ph.D.
Commander, U.S. Coast Guard (ret.)
Jeane J. Kirkpatrick Senior Fellow in National Security Studies and
Director, Council on Foreign Relations Independent Task Force
on Homeland Security Imperatives

Room 342
Dirksen Senate Office Building
Washington, D.C.

9:30 a.m.
March 20, 2003

Chairperson Collins, Senator Lieberman, and distinguished members of the Senate Governmental Affairs Committee. I am the Jeane J. Kirkpatrick Senior Fellow for National Security Studies at the Council on Foreign Relations where I recently directed the Independent Task Force on Homeland Security, co-chaired by former Senators Warren Rudman and Gary Hart. In June 2002, I retired as a Commander in the U.S. Coast Guard after 20 years of active duty service. I am honored to be appearing before you this morning on the issue of container security.

On October 12, 2001, I had the opportunity to testify before this committee at its first post 9-11 hearing on homeland security. At that time, I asserted that “the economic and societal disruption created by the September 11 attacks has opened Pandora’s box. Future terrorists bent on challenging U.S. power will draw inspiration from the seeming ease at which America could be attacked and they will be encouraged by the mounting costs to the U.S. economy and the public psyche associated with the ad-hoc efforts to restore security following that attack.”

A year later I joined with former senators Warren Rudman and Gary Hart in preparing our report, “America: Still Unprepared—Still In Danger.” We observed that “nineteen men wielding box-cutters forced the United States to do to itself what no adversary could ever accomplish: a successful blockade of the U.S. economy. If a surprise terrorist attack were to happen tomorrow involving the sea, rail, or truck transportation systems that carry millions of tons of trade to the United States each day, the response would likely be the same—a self-imposed global embargo.” Based on that analysis, we identified as second of the six critical mandates that deserve the nation’s immediate attention: “Make trade security a global priority; the system for moving goods affordably and reliably around the world is ripe for exploitation and vulnerable to mass disruption by terrorists.”

This is why the topic of today’s hearing is so important. The stakes are enormous. U.S. prosperity—and much of its power—relies on its ready access to global markets. Both the scale and pace at which goods move between markets has exploded in recent years thanks in no small part to the invention and proliferation of the intermodal container. These ubiquitous boxes—most come in the 40’x8’x8’ size—have transformed the transfer of cargo from a truck, train, and ship into the transportation equivalent of connecting Lego blocks. The result has been to increasingly diminish the role of distance for a supplier or a consumer as a constraint in the world marketplace. Ninety percent of the world’s freight now moves in a container. Companies like Wal-Mart and General Motors move up to 30 tons of merchandise or parts across the vast Pacific Ocean from Asia to the West Coast for about $1600. The transatlantic trip runs just over a $1000—which makes the postage stamp seem a bit overpriced.

But the system that underpins the incredibly efficient, reliable, and affordable movement of global freight has one glaring shortcoming in the post-9-11 world—it was built without credible safeguards to prevent it from being exploited or targeted by terrorists and criminals. Prior to September 11, 2001, virtually anyone in the world could arrange with an international shipper or carrier to have an empty intermodal container delivered to their home or workplace. They then could load it with tons of material, declare in only the most general terms what the contents were, “seal” it with a 50-cent lead tag, and send it on its way to any city and town in the United States. The job of transportation providers was to move the box as expeditiously as possible. Exercising any care to ensure that the integrity of a container’s contents was not compromised may have been a commercial practice, but it was not a requirement.

The responsibility for making sure that goods loaded in a box were legitimate and authorized was shouldered almost exclusively by the importing jurisdiction. But as the volume of containerized cargo grew exponentially, the number of agents assigned to police that cargo stayed flat or even declined among most trading nations. The rule of thumb in the inspection business is that it takes five agents three hours to conduct a thorough physical examination of a single full intermodal container. Last year nearly 20 million containers washed across America’s borders via a ship, train, and truck. Frontline agencies had only enough inspectors and equipment to examine between 1-2 percent of that cargo.

Thus, for would-be terrorists, the global intermodal container system that is responsible for moving the overwhelming majority of the world’s freight satisfies the age-old criteria of opportunity and motive. “Opportunity” flows from (1) the almost complete absence of any security oversight in the loading and transporting of a box from its point of origin to its final destination, and (2) the fact that growing volume and velocity at which containers move around the planet create a daunting “needle-in-the-haystack” problem for inspectors. “Motive” is derived from the role that the container now plays in underpinning global supply chains and the likely response by the U.S. government to an attack involving a container. Based on statements by the key officials at U.S. Customs, the Transportation Security Administration, the U.S. Coast Guard, and the Department of Transportation, should a container be used as a “poor man’s missile,” the shipment of all containerized cargo into our ports and across our borders would be halted. As a consequence, a modest investment by a terrorist could yield billions of dollars in losses to the U.S. economy by shutting down—even temporarily—the system that moves “just-in-time” shipments of parts and goods.

Given the current state of container security, it is hard to imagine how a post-event lock-down on container shipments could be either prevented or short-lived. One thing we should have learned from the 9-11 attacks involving passenger airliners, the follow-on anthrax attacks, and even last fall Washington sniper spree is that terrorist incidents pose a special challenge for public officials. In the case of most disasters, the reaction by the general public is almost always to assume the event is an isolated one. Even if the post-mortem provides evidence of a systemic vulnerability, it often takes a good deal of effort to mobilize a public policy response to redress it. But just the opposite happens in the event of a terrorist attack—especially one involving catastrophic consequences. When these attacks take place, the assumption by the general public is almost always to presume a general vulnerability unless there is proof to the contrary. Government officials have to confront head-on this loss of public confidence by marshalling evidence that they have a credible means to manage the risk highlighted by the terrorist incident. In the interim as recent events have shown, people will refuse to fly, open their mail, or even leave their homes.

If a terrorist were to use a container as a weapon-delivery devise, the easiest choice would be high-explosives such as those used in the attack on the Murrah Federal Building in Oklahoma City. Some form of chemical weapon, perhaps even involving hazardous materials, is another likely scenario. A bio-weapon is a less attractive choice for a terrorist because of the challenge of dispersing the agent in a sufficiently concentrated form beyond the area where the explosive devise goes off. A “dirty bomb” is the more likely threat vs. a nuclear weapon, but all these scenarios are conceivable since the choice of a weapon would not be constrained by any security measures currently in place in our seaports or within the intermodal transportation industry.

This is why a terrorist attack involving a cargo container could cause such profound economic disruption. An incident triggered by even a conventional weapon going off in a box could result in a substantial loss of life. In the immediate aftermath, the general public will want reassurance that one of the many other thousands of containers arriving on any given day will not pose a similar risk. The President of the United States, the Secretary of Homeland Security, and other keys officials responsible for the security of the nation would have to stand before a traumatized and likely skeptical American people and outline the measures they have in place to prevent another such attack. In the absence of a convincing security framework to manage the risk of another incident, the public would likely insist that all containerized cargo be stopped until adequate safeguards are in place. Even with the most focused effort, constructing that framework from scratch could take months—even years. Yet, within three weeks, the entire worldwide intermodal transportation industry would effectively be brought to its knees—as would much of the freight movements that make up international trade.

This is why initiatives such as “Operation Safe Commerce” (OSC), the “Container Security Initiative” (CSI), and the “Customs Trade Partnership Against Terrorism” (C-TPAT) are so important. Let’s be clear. Right now, none of these initiatives have changed the intermodal transportation environment sufficiently to fundamentally reduce the vulnerability of the cargo container as a means of terrorism. However, all are important stepping-off points for building an effective risk management approach to container security—a foundation that simply did not exist prior to September 11, 2001.

At its heart, risk management presumes that there is a credible means to (1) target and safely examine and isolate containers that pose a potential threat, and (2) identify legitimate cargo that can be facilitated without subjecting it to an examination. The alternative to risk management is to conduct random inspections or to subject every cargo container to the same inspection regime. Risk management is the better of these two approaches for both economic and security reasons. The economic rationale is straight forward. Enforcement resources will always be finite and delays to legitimate commerce generate real costs.

Less obvious is the security rationale for risk management. There is some deterrent value to conducting periodic random inspections. However, since over ninety percent of shipments are perfectly legitimate and belong to several hundred large importers, relying on random inspections translates into spending the bulk of the time and energy on examining those containers by the most frequent users of containerized cargo who are most likely to be perfectly clean.

Examining 100 percent of all containers is not only wasteful, but it violates an age-old axiom in the security field that if “you have to look at everything, you will see nothing.” Skilled inspectors look for anomalies and invest their finite time and attention on that which arouses their concern. This is because they know that capable criminals and terrorists often try to blend into the normal flow of commerce, but they invariably get some things wrong because they are not real market actors. But, an aggressive inspection regime that introduces substantial delays and causes serious disruption to the commercial environment can actually undermine an enforcement officer’s means to conduct anomaly detection. Accordingly, allowing low risk cargo to move as efficiently as possible through the intermodal transportation system has the salutary security effect of creating a more coherent backdrop against which aberrant behavior can be more readily identified.

Deciding which cargo container rates facilitated treatment, in turn, requires satisfying two criteria. First, an inspector must have a basis for believing that when the originator loaded the container, it was filled only with goods that are legitimate and authorized. Second, once the container is on the move through the global intermodal transportation system, an inspector must have the means to be confident that somewhere along the way it has not been intercepted and compromised. If he cannot point to a reliable basis for assuming these two criteria are satisfied, in the face of a heightened terrorist threat alert, she must assume that the container poses a risk and target it for examination.

Prior to the most recent post-9/11 initiatives to enhance container security, the means for concluding that a shipment was legitimate at its point of origin was based strictly on an evaluation of the requisite documentation. If there were no discrepancies in the paperwork and a shipper had a good compliance track record, their shipments were automatically cleared for entry. But, the requirements surrounding the documentation for these “trusted shippers,” charitably put, were nominal. For instance, shippers involved in consolidating freight were not required to itemize the contents or identify the originator or the final consignee for their individual shipments. The cargo manifest would simply declare the container had “Freight All Kind” (F.A.K.) or “General Merchandise.” The logic behind taking this approach was straightforward when the primary inspection mandate was to collect customs duties. The Internal Revenue Service does pretty much the same thing for individual taxpayers. The presumption is as long as a company maintains appropriate in-house records, the data presented up front can be kept to the bare minimum. Compliance can be enforced by conducting audits.

Inspectors intent on confirming that the integrity of a container has not been violated on its way to its final destination, rely primarily on a numbered-seal that is passed through the pad-eyes on the container’s two doors. As long as the number on the seal matches the cargo manifest and there are no obvious signs of tampering, the container’s contents are assumed to be undisturbed. This remains the case today even though front-line enforcement agents have known for some time that there are a number of relatively straightforward ways to break into a container, including removing the door hinges, without disturbing the seal.

The inherent limits of relying on these enforcement tools to confront the terrorist threat were starkly demonstrated in the June 2002 prototyping of what has become the “Operation Safe Commerce” initiative. This prototype involved tracking a container of automotive light bulbs from a manufacturing facility in Slovakia to a distribution center in Hillsborough, N.H. A global positioning system (GPS) antenna was placed on the door of the container and was connected to a car-battery inside the container which served as its power source via a wire that passed through the door’s gasket. For anyone who was not forewarned that this was a sanctioned experiment, this equipment should have looked a bit scary. Yet, the container ultimately crossed through five international jurisdictions without any customs official ever raising a question. When the container made the trip on its final leg from Montreal to Hillsborough, N.H., the driver took 12 hours to make what should have been a 3 ½ trip, having made several unauthorized stops along the way.

The OSC prototype highlighted a core reality of modern global logistics—even the most trusted shippers currently possess little to no capacity to monitor what happened to their freight when it is in the hands of their transportation providers. As long as it arrives within the contracted time frame, they have had no incentive to do so. Accordingly, any effort to advance container security must have as its ultimate objective the development of the means to assure the integrity of a shipment from its starting point through its final destination.

The Customs-Trade Partnership Against Terrorism (C-TPAT) is a commendable first step toward improving container security by encouraging greater awareness and self-policing among the private sector participants most directly involved with shipping, receiving, and handling containerized cargo. Its current weakness is the nearly complete absence of Customs Service personnel to monitor the level of compliance among the C-TPAT participants. This lack of auditing ability creates the risk that if a terrorist incident involves a C-TPAT participant, the entire program would be discredited since Customs would have no grounds to suggest why other participants did not also pose a similar vulnerability. What is required is the kind of commitment in resources to allow Customs to put in place a “trust, but verify” system of C-TPAT oversight as well as a regular recertification protocol.

The Container Security Initiative (CSI) is another very important program towards bolstering container security and Commissioner Robert Bonner should be commended for his leadership in successfully enlisting as CSI partners 19 of the 20 busiest ports in the world in the space of just one year. CSI represents a true paradigm shift by changing the focus of inspection from the arrival port to the loading port. The result is to potentially provide greater strategic depth in identifying and intercepting dangerous cargo and to improve cooperation among our key trade partners in advancing this vital agenda. But, as in C-TPAT, there are very serious resource implications associated with making this a truly credible system. To date the U.S. Customs Service has only 20 inspectors assigned overseas to support this initiative. What it requires is the equivalent of a diplomatic service since the goal is to move beyond the world’s largest ports to include dozens of smaller ports that ship or transship cargo to the United States.

Assigning U.S. inspectors overseas—and playing host to foreign CSI participant inspectors here at home—provides its greatest value-added by improving both the timing and quality of targeting which containers should be viewed as high risk and therefore be subject to inspection. This is why the new “24-hour rule” is so essential. CSI is meaningless unless the risk assessment can be accomplished by an inspector in a loading port. That data must arrive in time for an inspector to analyze it and to follow up on any questions he might have. But the “24-hour rule” alone does not ensure that the data to support the targeting is both accurate and has sufficient detail to detect anomalies. Indeed, cargo manifests have been notoriously unreliable documents. Accordingly, advance risk assessments must be built around more detailed commercial data that ideally goes all the way back to an original purchase order for an imported good. Failing that, the targeting of shipments whether conducted at a U.S. port or overseas will not likely pass the public credibility test following an attack involving a pre-cleared shipment.

Operation Safe Commerce holds out the most promise towards advancing a comprehensive and credible approach to container security. It builds on C-TPAT and CSI but goes the next step by (1) building a greater understanding of the current vulnerabilities within a variety of global supply chains, and (2) ensuring that new technologies and business practices designed to enhance container security are both commercially viable and successful. But OSC will be of little value if the end-game is not ultimately about arriving at common performance based standards that can be quickly developed and adequately enforced within the global transportation and logistics community. At the end of the day, there must be a level playing field for all the stakeholders who undertake enhanced security measures; i.e., they must not be at a competitive disadvantage for taking steps to serve broader public interests.

Developing enhanced container security standards will require actively enlisting the support of U.S. trade partners. The inclusion of transportation security as an agenda item in the 2002 G-8 Summit and the most recent APEC meeting in Thailand are commendable in this regard. I am particularly enthusiastic about an effort underway in northern New England to partner with the Canadian government and the Ports of Halifax and Montreal to undertake a follow-on Operation Safe Commerce initiative. Canada is our largest trade partner and is vested in ensuring the cross-border shipment of goods is not interrupted by serious security breeches that originate outside North America as well as within the continent.

Ultimately, this agenda will require ongoing support by senior officials and policy makers in the Department of State, the Department of Commerce, the Department of Treasury, and the U.S. Trade Representative as well as others involved in promoting U.S. interest overseas. It will also require a substantially larger investment in federal resources than have been made available to date. At the end of the day, container security is about constructing the means to sustain global trade in the context of the new post-9-11 security environment. We cannot afford to be penny-wise and pound foolish in advancing this vital agenda.

Thank you and I look forward to responding to your questions.