Although Customs and Border Protection (CBP) has made progress with its Customs-Trade Partnership Against Terrorism (C-TPAT), the agency doesn't provide enough oversight of foreign shippers, according to a recent report issued by the Government Accountability Office (GAO).

To strike a balance between security and commerce, CBP is responsible for ensuring the security of cargo containers shipped into the United States. Under the federal program C-TPAT, member companies allow CBP to validate their security practices; in return, their cargo receives less scrutiny at U.S. ports. C-TPAT was established after the Sept. 11, 2001, attacks to deter a potential terrorist strike via cargo passing through 326 of the nation's air- and seaports as well as designated land borders.

CBP says the program helps ensure a steady — and secure — flow of goods to the U.S. About 8,000 companies participate.

The GAO previously reviewed the C-TPAT program in 2005 and noted operational challenges.

Although CBP has strengthened some of its policies and actions to address staffing and management challenges, the agency needs to improve its records management system and the instruments it uses to collect information to validate security processes, the GAO's supply chain security report says.

In the latest report, dated April 2008 but released to the public in late May, the GAO finds significant flaws with the program, concluding that the port security program run by CBP fails to provide enough oversight of foreign shippers.

Among the problems, as noted by The Associated Press:

• Companies are generally certified as safer based on their self-reported security information that Customs employees use to determine if minimum government criteria are met. However, due partly to limited resources, the agency typically does not test the member company's supply-chain security practices and thus is "challenged to know that members' security measures are reliable, accurate and effective."

• Customs employees are not required to utilize third-party or other audits of a company's security measures as an alternative to the agency's direct testing, even if such audits exist.

• Companies can get certified for reduced Customs inspections before they fully implement any additional security improvements requested by the U.S. government. Under the program, Customs also does not require its employees to systematically follow up to ensure the requested improvements were made and that security practices remained consistent with the minimum criteria.

Some of the flaws are technical. CBP employees use hand-held computers to conduct screenings of partner companies, and the GAO has concerns over the completeness of data collected on those computers. The GAO also found data missing from the central database used to track C-TPAT inspections.

In addition, the report states that although CBP has developed performance measures for facilitating the flow of commerce, it has not developed performance measures to assess the effectiveness of C-TPAT's efforts to improve supply chain security.

The GAO has made five recommendations to the Homeland Security Department and CBP for fixing the technical issues and developing metrics for assessing the program's effectiveness, as summed up by Federal Computer Week:

• Improve the instruments used for validating companies' security processes;

• Require that validations include the results from audits and inspections;

• Establish a policy for security specialists to follow up with companies after they are asked to make improvements;

• Enhance the program's records management system to include all relevant data fields to track compliance with the SAFE Port Act; and

• Use information collected during C-TPAT member-processing activities to develop performance measures.

In the report, Customs officials agreed they could do more to follow up on suggested security improvements. The agency has also said the program overall has made the nation safer.

Resources

Supply Chain Security: U.S. Customs and Border Protection Has Enhanced Its Partnership with Import Trade Sectors, but Challenges Remain in Verifying Security Practices
Government Accountability Office, April/May 2008

Investigators Finds Gaps in Port Security Program
by Hope Yen
The Associated Press, May 27, 2008

GAO: Trusted Shipping Program Needs Work
by Ben Bain
Federal Computer Week, May 27, 2008