More than 90 percent of all goods moved internationally are carried in containers, and more than 11 million cargo containers arrive on ships and are offloaded at seaports each year in United States ports alone, according to the country's Customs and Border Protection (CBP) agency.

To strike a balance between security and commerce, CBP is responsible for ensuring the security of cargo containers shipped into the U.S.

In terms of keeping the nation's ports and cargo secure, how are we doing?

In 2006, Stephen Flynn of the Council on Foreign Relations gave the country a D+ grade for port and cargo security at the time. In mid-September this year, Flynn, the Ira A. Lipman Senior Fellow for Counterterrorism and National Security Studies, said, "We are moving probably to a C-minus."

In an interview with CSO, Flynn said, "We've made considerable progress from where we were before. We have a kind of framework that's been put in place since 9/11 — from the pushing of borders out, to having customs agents overseas, to having efforts to get companies to be far more security minded than they were before..."

Indeed, today programs such as the Container Security Initiative (CSI) and the Customs-Trade Partnership Against Terrorism (C-TPAT) help protect against threats brought to the U.S. in containerized cargo.

Despite the improvement, though, a C- is still a C-. That is, there is still plenty of room for improvement.

Container Security Initiative
CSI aims to identify and examine high-risk U.S.-bound cargo at foreign seaports. CBP reached its target of operating CSI in 58 foreign seaports, and thereby having 86 percent of all U.S.-bound cargo containers pass through CSI seaports in fiscal year 2007.

However, according to a report from the Government Accountability Office (GAO) earlier this year, "challenges remain because CBP continues to rely, in part, on a temporary workforce; has not determined how to optimize its staffing resources; and reports difficulties in identifying sufficient numbers of qualified staff." Moreover, although CBP has enhanced relationships with host governments participating in CSI, hurdles to cooperation remain at some seaports, such as restrictions on CSI teams witnessing examinations.

In addition, the GAO found: "CBP has not set minimum technical criteria for equipment or systematically collected information on the equipment, people and processes involved in CSI host government examinations of high-risk, U.S-bound container cargo."

Also, because CBP has not developed general guidelines to use in assessing the reliability of these examinations, CBP potentially lacks information to ensure that host government examinations can detect and identify weapons of mass destruction. This is important because containers typically are not reexamined in the U.S. if already examined at a CSI seaport.

Finally, CBP also "has not fully developed performance measures and annual targets for core CSI functions, such as the examination of high-risk containers before they are placed on vessels bound for the U.S."

These weaknesses in CBP's data collection and performance measures potentially limit the information available on overall CSI effectiveness.

Customs-Trade Partnership Against Terrorism
Under the federal program C-TPAT, member companies allow CBP to validate their security practices; in return, their cargo receives less scrutiny at U.S. ports. C-TPAT was established after the Sept. 11, 2001, attacks to deter a potential terrorist strike via cargo passing through 326 of the nation's air- and seaports as well as designated land borders. CBP says the program helps ensure a steady — and secure — flow of goods to the U.S.

Yet, in another report earlier this year, the GAO claimed that, although CBP has made progress with its C-TPAT program, the agency doesn't provide enough oversight of foreign shippers. Although CBP has strengthened some of its policies and actions to address staffing and management challenges, the GAO found significant flaws with the program and, in its May 2008 supply chain security report, concluded that the port security program run by CBP fails to provide enough oversight of foreign shippers.

Among the specific problems:

• Companies are generally certified as safer based on their self-reported security information that Customs employees use to determine if minimum government criteria are met. However, due partly to limited resources, the agency typically does not test the member company's supply-chain security practices and thus is challenged to know that members' security measures are reliable, accurate and effective.

• Customs employees are not required to utilize third-party or other audits of a company's security measures as an alternative to the agency's direct testing, even if such audits exist.

• Companies can get certified for reduced Customs inspections before they fully implement any additional security improvements requested by the U.S. government. Under the program, Customs also does not require its employees to systematically follow up to ensure the requested improvements were made and that security practices remained consistent with the minimum criteria.

Some of the flaws are technical. CBP employees use hand-held computers to conduct screenings of partner companies, and the GAO has concerns over the completeness of data collected on those computers. The GAO also found data missing from the central database used to track C-TPAT inspections.

Where to Focus
In terms of port and cargo security, there are plenty of areas where improvements can be made. For instance, we can improve the instruments and devices used for validating security processes and enhance records-management systems as the GAO has recommended. Technology today provides a vital aid for port authority.

Yet, while sensors and other technologies — including intelligent video, X-ray portals and radio frequency identification (RFID) tags — are already providing some effective threat-detection, it's often "less about technology as it is choreography of getting all participants public and private into the plan of how to move forward," Flynn told CSO.

"The area where the government has the longest way to go is in creating a reaction where we basically shut things down to sort things out. ...[T]he ability to recover and have a measured response, that's where efforts are close to failing and is something that should give all of us considerable pause," Flynn continued.

What do you think? Are U.S. ports sufficiently guarded against potentially dangerous incoming cargo? Weigh in below.

Resources

Supply Chain Security: Examinations of High- Risk Cargo at Foreign Seaports Have Increased, but Improved Data Collection and Performance Measures Are Needed
Government Accountability Office, Jan. 25, 2008

Supply Chain Security: U.S. Customs and Border Protection Has Enhanced Its Partnership with Import Trade Sectors, but Challenges Remain in Verifying Security Practices
Government Accountability Office, April/May 2008

Port and Cargo Security: How Is the U.S.A. Doing Now?
by Joan Goodchild
CSO, Sept. 14, 2008

Investigators Finds Gaps in Port Security Program
by Hope Yen
The Associated Press, May 27, 2008

Port Security: Top Threats and Technology Trends
by David M. Stone
SecurityInfoWatch.com, March 8, 2006