Abstract: Cargo must be checked -- but it is impossible to screen 11.6 million containers every year without bringing the global economy to its knees. How to avoid the paralyzing cargo clog of the Department of Homeland Security's mandate for 100 percent cargo screening? Heritage Foundation homeland security policy analysts Jena Baker McNeill and Jessica Zuckerman lay out a smart plan for risk-based screening -- which can keep the country safe and prosperous at the same time.
On January 4, 2007, Congress passed the Implementing Recommendations of the 9/11 Commission Act. Included in the bill's provisions was a mandate that the Department of Homeland Security (DHS) scan 100 percent of maritime cargo entering the United States by 2012.
Given the fact that approximately 11.6 million cargo containers enter U.S. ports each year, this mandate could cripple the ability of the private sector to move goods on time. Avoiding this scenario will require the U.S. government to take a hard look at the efficacy of this requirement and find a workable alternative that takes into account available technologies, supply chain realities, and involves a realistic look at the threats facing the nation. This new approach should involve the following elements:
- A risk-based, not a blanket, approach to cargo scanning;
- Proliferation of the Container Security Initiative in which U.S. Customs and Border Protection (CBP) collaborates with foreign nations in a risk-based approach to improve security practices abroad;
- Enhancements in Customs-Trade Partnership Against Terrorism (C-TPAT) to encourage best practices for cargo security performed by the private sector;
- Expansion of the Proliferation Security Initiative (PSI) to create a multilateral, voluntary effort of nations to counter the proliferation of weapons of mass destruction without jeopardizing U.S. sovereignty;
- Continued support for the "10 Plus 2" cargo reporting requirements, which allow the CBP to obtain more knowledge about the contents of cargo in a flexible, economical manner; and
- Greater reliance on the Framework of Standards to Secure and Facilitate Global Trade in order to build relationships with allies while increasing port and cargo security through the creation and implementation of international security standards, and facilitating Trade and economic and social development.
Cargo in the United States
The U.S. is highly dependent on foreign imports for a wide variety of goods from cars to cell phones, among other consumer items -- and foreign nations are equally reliant on exports from the U.S. Ninety percent of these items move around the world in cargo containers. This fact serves to make the United States a world leader in container traffic, with 32,000 maritime cargo containers entering U.S. ports each day for a total of 11.6 million containers a year. Although 90 percent of these containers enter through the 10 highest-volume ports, there are more than three hundred ports in the U.S. These realities make for a wide web of infrastructure, and a workforce that employs hundreds of thousands.
Maritime Domain as Target. Given its role in world productivity, the maritime cargo industry has long been associated with the potential for acts of terrorism -- fears of which were greatly elevated after 9/11. One year before, "the Interagency Commission on Crime and Security in U.S. Seaports noted the vulnerability of U.S. seaports to terrorism." Fears over such a maritime attack have largely focused on whether terrorists might place a nuclear device in a cargo container and successfully pass it across our borders through the maritime transport system.
America's economy relies on the smooth movement of goods in and out of the United States -- which most often occurs by sea. Therefore, the consequences of such an attack would be enormous and could bring the supply chain to a halt. A RAND Corporation study on the efficacy of the 100 percent scanning mandate cited a Booz Allen simulation which found that a mere indicated threat of an attack on maritime cargo interests could cause $58 million in losses. An actual attack would be significantly worse and would likely have many associated casualties.
Experts have repeatedly argued over the "nuke in a suitcase" scenario. The nation is not exempt from the possibility of nuclear weapons reaching U.S. soil. But the probability that one would arrive through cargo is somewhat unlikely because there are simply too many risks involved for terrorists in constructing such a bomb and developing a method of getting it into a cargo container, only to later allow it to pass through the hands of security officials. Nevertheless, the maritime domain remains a vulnerable target for terrorism and is a domain worth protecting.
Congress Abandons Risk. For several years, the solution to this vulnerability was for the CBP to "analyze cargo manifest information for each container to decide which to target for closer inspection [but] only a small percentage have their contents physically inspected by CBP." This approach recognized that some cargo was higher risk because of its contents, origin, and other attributes, as indicated through the cargo's detailed manifest, but that not all cargo represents a threat and was instead likely to be legitimate goods moving from place to place. This process of analyzing the attributes, such as contents and origin of the cargo container, is commonly known as cargo "screening," and represents a truly risk-based approach to cargo security.
Immediately after September 11, two risk-based cargo security measures were enacted by Congress to further strengthen cargo security -- the Container Security Initiative (CSI) and the Customs-Trade Partnership against Terrorism (C-TPAT). These were later followed by the "10 Plus 2" requirement.
Container Security Initiative. The Container Security Initiative was announced in January 2002. The program requires that all companies handling U.S.-bound cargo present a shipping manifest to U.S. Immigration and Customs Enforcement (ICE) and CBP officers stationed at foreign ports 24 hours before cargo departure. This manifest information is then transmitted to the U.S. National Targeting Center-Cargo (NTCC). There, full-time "targeters" and analysts at the NTCC support the anti-terrorism efforts of the CBP and assess the risk associated with the manifest cargo. In partnership with the host customs organizations, foreign-stationed CBP and ICE officers then examine the cargo deemed to be high-risk through the manifest analysis conducted by the National Targeting Center by means of either non-intrusive inspection (NII) or x-ray scans. This NII and x-ray "scanning" normally occurs in a fixed location. The process is not a speedy one, which is why it has historically only been used for the high-risk cargo. A RAND study indicated that scanning itself can take up to 15 minutes per 8x8x20-foot container, and that any subsequent physical inspection could take up to four hours longer. As of mid-2008, CSI was successfully screening about 86 percent of all U.S.-bound cargo at 58 foreign seaports.
The Customs-Trade Partnership Against Terrorism. C-TPAT was born before CSI in November 2001. What makes C-TPAT unique is that it is entirely voluntary and operates as a partnership with the international Trade community. In order to become a member of C-TPAT, a company submits a profile outlining its security measures. The CBP then compares the company's security levels with the expected minimum levels of the particular sector of Trade in which the company falls. Besides achieving compliance with minimum security requirements, a company must also have a strong history of compliance with all related customs laws and regulations in order to gain membership. These requirements allow CBP to ensure that participating companies are implementing the highest level of security measures, thereby lowering their level of risk.
Once a company's security has been validated and it has been granted membership, C-TPAT companies receive the benefit of facing fewer physical, NII, and x-ray inspections allowing the streamlining of sales and transport. In terms of national security, through C-TPAT, CBP is able to validate the security of these participating companies, and therefore shift its focus to other higher-risk cargo. C-TPAT also helps to institute security partnerships within the global Trade community, creating shared goals of improving supply-chain security -- while maintaining supply-chain efficiency. As of May 2008, there were more than 8,400 companies around the world that were C-TPAT members. C-TPAT membership accounts for 96 percent of cargo traffic within the U.S., allowing CBP to verify the security of the vast majority of maritime cargo that travels throughout the country.
10 Plus 2. Additionally, cargo shippers must currently comply with "10 Plus 2" -- the Importer Security Filing and Additional Carrier Requirements. "10 Plus 2" calls for importers and ocean carriers to submit 12 points of information to Customs and Border Protection. This information is to be provided 24 hours before U.S.-bound containers are loaded onto a carrier vessel. The "10" refers to the Importer Security Filing (ISF-10), the 10 data points provided by the importers, while the "2" refers to the vessel stow plans and container status messages (CSMs) provided by the carriers. This rule adds security by allowing CBP to better identify high-risk containers through analysis of these 12 additional points of data. At the same time, the measure is of very little hindrance to the maritime cargo industry, as it calls for the reporting of information that is already routinely collected and for no new technologyto be purchased and employed.
The 2007 Mandate and SAFE Ports Act. Despite the success of these risk-based programs, the possibility that terrorists could obtain a nuclear device and place it in a cargo container was and is an idea that has continued to gain speed, and has led to significant policy changes.
Facing growing political pressure, Congress began to move away from the idea of a risk-based approach. The move toward 100 percent scanning began in 2006 with the Security and Accountability for Every (SAFE) Port Act. The SAFE Port Act changed everything with the creation of the Secure Freight Initiative (SFI), a pilot program to test the implementation of 100 percent cargo scanning which would later be mandated by the Implementing Recommendations of the 9/11 Act of 2007. Instead of pre-screening cargo and then scanning and inspecting that deemed to be high-risk, 100 percent cargo scanning calls for the scanning of each and every cargo container that has passed through foreign ports to the United States.
The Secure Freight Initiative pilot operates at five ports with full implementation at three, Port Qasim, Pakistan; Puerto Cortés, Honduras; and Southampton, United Kingdom, and limited implementation at two, Busan, Korea, and Salah, Oman. The highest volume of U.S. cargo containers handled at any full-implementation port, however, was only 77,707 containers in 2006 at Puerto Cortés, a mere fraction of the volume seen yearly in the U.S. With the Secure Freight Initiative pilot occurring only at such low-volume ports, the true challenges to 100 percent scanning in the high-volume global environment have yet to been seen.
While the SFI showed that 100 percent screening could be effective in low volume, "high-risk" ports, such as Qasim, Pakistan, such screening proved to be riddled with numerous logistical issues at higher-volume ports, such as Hong Kong and Singapore. Nevertheless, one year later, in 2007 before final results of the pilot were even assessed, Congress stipulated that 100 percent cargo scanning become fully implemented at all 700 foreign ports handling U.S.-bound cargo within five years.
The Problem with 100 Percent Scanning. The 100 percent scanning mandate was met with immediate opposition from the private sector, which faced daunting financial obligations and logistical hurdles. Since 2007, the landscape has remained the same, and limited progress has been made toward the 100 percent screening mandate. Secretary of Homeland Security Janet Napolitano stated in recent testimony before the Senate Commerce Committee that the mandate has proven problematic and that DHS would be unlikely to meet the 2012 deadline. Furthermore, Members of Congress, such as Senators Joe Lieberman (I-CT) and Susan Collins (R-ME), also continue to question the efficacy of this mandate. The reasons for this backlash are many.
Logistics, Technology, and Infrastructure. At a fundamental level, the technologynecessary to truly scan 100 percent of the maritime cargo entering the United States is not currently available. The problem is one of scale. While the basic technologyexists, the expanded technologynecessary for performing this function on such a broad scale does not. At the seven ports where the Secure Freight Initiative pilot was implemented, the scanning technology itself repeatedly proved to be problematic.
First, the mere placement of scanners proved a logistical problem as many ports were not built with a natural bottleneck through which all cargo passes. Transshipments only further exacerbated this problem, as cargo that passes through these ports only as an intermediary stop often does not follow the same path as other cargo. Once the technologywas installed, it encountered multiple problems, such as incompatibility with previous technologies, frequent outages due to weather, and the fact that many ports do not have sufficient communication infrastructure to transmit electronic data to the NTCC.
Cost was also a major problem inherent in the mandate. A single x-ray scanner, the most common technologyused for cargo screening, has a price tag of $4.5 million, plus an estimated annual operating cost of $200,000, not to mention the cost of the personnel required to run the equipment and examine the results at roughly $600,000 per year.
No Additional Security. High-risk cargo is designated as such based on such factors as questionable or suspicious information on ship manifests -- including in large part whether the cargo originated from a reliable partner country which is far less likely to smuggle hazardous material into the U.S. This does not mean that terrorists would not find a way around this risk-based approach -- but if continually calibrated to represent an accurate picture of risks facing the nation -- this approach could be quite successful.
The current mandate, however, confuses the public into thinking that 100 percent scanning will equal 100 percent security. The reality is that no scanning system will ever be perfect. And for all the attempts to predict what terrorists might do next, the fact is that they are creative and their plans are continually evolving. It simply is not feasible to child-proof the maritime domain.
In fact, it is much more likely that a false sense of security will be created, based on the idea that 100 percent scanning can catch all threats. Error is bound to happen, especially when the amount of data analysts at the NTCC are given to examine is exponentially increased. Making policy on the idea of perfection is destined to fail and could well place the country in the same position it was on September 11, 2001. The U.S. needs to be flexible enough to respond to threats while not creating a stovepipe mentality around pre-determined threat scenarios.
Clogs the Supply Chain . The supply chain and global economy rely on the ability to move goods to where they are needed quickly and efficiently. The RAND Corporation has estimated that the 100 percent scanning mandate would cause, on average, a five-and-a-half hour delay per container; and the World Customs Organization (WCO) estimates that the economic effects on the United States would be around $500 billion in total profit loss. The worst scenario is that this mandate could lead to "buy European" behavior in which companies simply stop shipping goods to America and instead do business with countries that have more expedited supply chains.
Damaged Relationships with U.S. Allies. At a basic level, the 100 percent cargo scanning measure gives American allies the impression that the U.S. cannot trust them to adequately perform security screening and that they are not a true partner in global commerce. Perhaps more alarming, however, is that not allowing goods into America unless they have been scanned has caused America's allies to view this measure as protectionist and a barrier to trade. Previously, the United States had encouraged its friends abroad to adopt voluntary security practices based on risk; so this mandate is seen as an about-face on policy -- to the great frustration of U.S. allies. The worldwide, commonly accepted practice is to adopt a risk-based method of cargo screening -- standards recommended by the WCO. The WCO's Framework of Standards to Secure and Facilitate Global Trade describes best practices for cargo security and many nations have adopted these recommendations. However, the U.S. has reversed course with this new mandate, hindering progress to adoption of the WCO standards by all partners.
U.S. security cannot come at the cost of economic prosperity; the two must instead be intertwined. U.S. Trade and security relationships with our allies must recognize that we must treat our allies as partners in order to create willingness among them to work towards international cargo security and ensure that such measures do not have negative effects on Trade and the economy.
A New Way Forward for Cargo Security
Instead of focusing on this highly unworkable mandate, Congress and DHS should re-examine the mandate, looking for a workable alternative that achieves security goals without disrupting the supply chain. A new approach should include the following elements:
Rethink the 100 Percent Cargo Scanning Mandate. Congress and DHS need to take a realistic look at the efficacy of the 100 percent cargo scanning mandate. A first step might be to commission a Government Accountability Office study over the next year on whether this mandate is the best means by which to ensure the safety of cargo entering the United States.
Further Develop the Container Security Initiative. The Container Security Initiative is an integral piece of an effective cargo security strategy because it takes into account supply-chain and infrastructure realities. CSI is risk-based, meaning that resources are dedicated to the cargo that is most likely to be a real threat to Americans, as determined by manifest analysis, instead of spreading scarce resources across the entire maritime cargo domain. DHS should strengthen this program and ensure its continuance, placing it at the forefront of cargo security strategy -- expanding to additional ports and clearly communicating expectations to the maritime shipping industry.
Enhance C-TPAT. This initiative identifies companies that employ best practices in their security measures. By taking the focus off companies that are already taking the right kinds of security measures, the U.S. can devote precious resources to tackling those that do not. C-TPAT puts the private sector in the driving seat. In order to strengthen the program, DHS should continue to increase validation of required security measures among participating partners to ensure that they are taking the right steps towards the security of the maritime cargo.
Expand the Proliferation Security Initiative. This voluntary multilateral effort of some 90 countries protects U.S. sovereignty while implementing proper interdiction efforts around the globe. The U.S. should encourage other countries to join in this effort and expand PSI while preserving the unique sovereignty-based attributes of the program in which participating nations are able to meet levels of security through their own existing policies rather than internationally proscribed measures. PSI helps to prevent a suitcase-nuke scenario by ensuring that multiple nations, from all points in the supply chain, are seeking to prevent it from ever getting in the wrong hands.
Keep 10 Plus 2. 10 Plus 2 is a flexible alternative to 100 percent scanning because it simply requires the private sector to submit importer, vessel, and container information to Customs and Border Protection for review before the vessel arrives in the United States. While any regulatory scheme does impose some burden, especially on smaller private-sector participants, 10 Plus 2 allows the CBP to focus screening efforts by making more informed choices about what cargo deserves further inspection. DHS, for its part, should move forward with implementing a 10 Plus 2 final rule and continue to work with the private sector to ensure that 10 Plus 2 remains responsive and able to adapt to private sector realities and the evolving risk to the cargo domain.
Rely on the Framework of Standards to Secure and Facilitate Global Trade. This framework recognizes that many of our allies already have proper security measures in place at their ports. By giving acknowledgment to these trusted ports, the framework promotes both security and international partnerships. The U.S. should return to its past as a leader in risk-based cargo practices. U.S. programs such as C-TPAT and CSI can be great examples of the success of these types of programs. The Framework recognizes that the global supply chain needs to work on security concerns and remains useful as a neutral, non-U.S.-led means of proliferating proper cargo practices.
Recognize That Staying Informed Is a Work in Progress. As the principal oversight authority over DHS, Congress needs to continually educate itself about the security risks facing the nation. The mentality that the U.S. should create massive, economy-killing legislation to address each and every potential threat just simply is a poor approach to homeland security. Assessing "risk" requires a measure of "threat and the intent, capabilities, resources, and activities of possible threat actors" as well as "our vulnerability to the threat" and the "consequences if that threat materializes." Congress should ensure that sound risk-management principles are interwoven into any homeland security legislation.
Getting cargo security right is so important because getting it wrong would jeopardize the very framework that supports the global economy. Real security means choosing policies that not only keep Americans safe, but also keep them free and prosperous. The 100 percent scanning mandate does none of these well.
Jena Baker McNeill
is Policy Analyst for Homeland Security in the Douglas and Sarah Allison Center for Foreign Policy Studies, a division of the Kathryn and Shelby Cullom Davis Institute for International Studies, at The Heritage Foundation. Jessica Zuckerman is a Research Assistant in the Allison Center. The authors would like to thank intern Kathleen Someah for her assistance.