Many professionals believe that a multilayered approach that considers training, security policies, and both high-tech and low-tech technologies proffers the most well-rounded solution. No other market segment presents as unique a set of needs as this one, due to the vast array of commodities involved and the methods used to transport them.
Sister publications SECURITY and SDM brought together five professionals in supply chain/transportation security – two practitioners, two systems integrators and a consultant – who specialize in finding solutions to the security issues in this segment. Here, they discuss the unique needs, the problems they face, the technology solutions, and how teams can work together to make the supply chain more secure.
The roundtable discussion is moderated by SECURITY editor Bill Zalud, and SDM editor Laura Stepanek.
‘The ability for the East Coast chain to survive without critical arteries is very short-lived.’
– John Sutton
John Sutton:When any major transportation artery or arteries could or would be interrupted, it is obviously a direct distribution problem. In that aspect is where we look at a tremendous challenge. There is no such thing as eliminating risk, but there’s risk reduction. And that’s where we come from – what can you do to reduce the risk in those areas? The ability for, I would say, the East Coast chain, to survive without critical arteries is very short-lived. Anybody that’s been in the major snow storms here has seen that first-hand.
Thomas Wojciechowski:I agree with what John said about looking at the risk. And from a logistics company as such we are, that’s the first thing we do. And then you separate, depending on what your risks are, from a low risk, a medium risk, a high risk – depending on where you’re located – in a city, in a different state, in a different country.
Once we set our policies and procedures, then we look for the technology part of it – how technology can assist us. Most of this technology that we use today has been around. But, such as warehousing, we use cameras within certain risk situations, or fencing or guarded gates, or actual 24-hour, seven-days a week security. Inside the warehouses we go as far as using metal detection systems, a physical access system. Even in some areas of the world we actually use canine dogs, which is a little bit unique.
‘The biggest part of security, in my opinion, is the people.’
– Thomas Wojciechowski
Thomas Wojciechowski:Some of the higher risks would be higher commodity merchandise. If we’re distributing computers across the United States or across Mexico or Canada, those risks are going to be much higher for us protecting those assets than they would be if [we were distributing] mufflers, because of the greater value. That’s one way that we take the risk.
Another way is basically, where is our operation set up? We could be in a downtown of a city where we may have to have 15-foot high fencing where there’s a lot of pedestrian traffic going by. We could be in North Dakota as one of our locations where there’s not another business 20 miles around us. So we look at those factors.
There’s no set plan that we actually have to set that low, medium and high risk. It comes together when you look at where you’re located, what kind of commodity you are distributing, hauling, and warehousing. Then you put all the pieces of the puzzle together and then we set a low, medium or high.
‘Our key is working with our customers to deploy layered security technologies to help them meet their needs.’
Rob Hile
Bernie Jacobs:Our primary thrust is that of transportation, primarily of people. Some of our clients do move merchandise. Our greatest preponderance of our clients is to move people.
Here in the Northeast especially, the concentration and the density is such that any incident can have serious ramifications in the transportation of anything ranging from a bus with 75 to 100 people on it to an urban transit subway system where during rush hours you may have as many as 2,000 people on a single train. It comes down to our watch word which is the criticality, the vulnerability and the cost-effectiveness.
If, for example, the transportation system were to lose a tunnel through criminal intent – primarily being through an explosion or a fire – not only do you have the risk and exposure of the people in the immediate proximity, which is certainly a very realistic issue for the government to deal with, it will take out – or it may take out – that commuting link.
Let’s take the biggest, and as far as I’m concerned the best: the New York City transit system where they’re moving some three-and-a-half million people a day just on rapid transit. If you lose one tunnel or one overpass, you can affect hundreds of thousands of people. So people are the first priority of our concern.
The second priority is the infrastructure. Because not only is it an extremely mindboggling number to replace these infrastructures, time factors in mass transit construction is such that you can lose two or three years replacing a link that may only take two or three minutes to take out.
‘There never will be a single technology that is a panacea over all solutions.’
– Jim Henry
Jim Henry: With our corporate office being in the New York/New Jersey area, a tremendous focus of the work that we’ve had in transportation is of people. But we also have a lot of intermodal transportation here, from truck to rail – particularly in the New York metro area as well as some of the other regions that our offices are in.
Physical electronic security has been an element, more so of the transportation of people than it has been of assets, in the past, and I still see that as being the case.
Speaking to that intermodal, there’s tremendous need for a lot of the legacy electronics as well as some of the newer systems and analytics for not only forensic value, but also for a preventative nature.
The problem that we see is that that whole industry is very hesitant to spend significant dollars unless they are effectively forced to by code compliance or by government regulation. The needs are so grand, both in intermodal transport and in petrochem.
On the transportation side, up until ‘93, the risk was much more on the slip-and-fall side and on the lone transient that would cause a problem within the mass transit system. As we’ve seen since the first bombing at the World Trade Center the risk has really changed and escalated to a much more malicious effort of mass destruction. That has driven the deployment of technologies overlapping – complementary technologies on the video side, access control side, detection and the software that triangulates that on the major infrastructure arteries – the bottleneck points as Bernie referenced, whether they be river crossings or tunnels, because the impact to not only the movement of people but assets is staggering.
That’s the objective of a terrorist is that impact, not so much what the financial value of a particular train load or freight-train-load of assets is but what collateral damage can they cause as a consequence of an action.
Rob Hile: It’s all about keeping up the flow of assets to its optimal level – whether those assets are people or cargo. Our major challenge as an integrator with our customers is that the supply chain in these verticals can cover vast differences in many potential areas along the way for theft, vandalism and terrorism. And oftentimes not even in this country; we’re talking about overseas from portal to portal. So, it’s so diverse whether you’re in a different country or not – the infrastructure’s different, the communication networks are different, and the technologies that are deployed are different.
Our biggest challenge is to try to coordinate all that and understand the customer’s business and understand his ranking of those assets in terms of what’s the critical nature for him, what’s optimal, what’s the risk – what risk can he assume or what risk is he not willing to assume?
Bill Zalud: What I’d like to know now from each of you, starting with the end users, is what solutions do you see available and how are they being implemented?
John Sutton:I think that there are new solutions to some degree. There’s been a lot of hype on new innovated solutions and so forth. But having been in the business longer than a lot of you’ve probably lived, it’s surprising how they shake down to a lot of commonality.
One of the areas that we continue to see improvement in is intelligent video and being able to use edge devices rather than centrally locating a lot of things.
I think there’s a tremendous area that we can still do improvement, not the smallest of which would be a term tossed around for several years called “open architecture.” Ask the integrators here what open architecture means and they’ll say, “Well, if it’s open architecture, why can’t I get my card reader to work with somebody else’s head end?” and on and on.
And, of course, we’re seeing better compression methods now for video. And some of those challenges are in fact being met, and the reason is a big problem called “infrastructure.” We have existing fiber optic links. Anybody that’s installing video suddenly understands the problem of limited bandwidth. It continues to be a problem of transmitting not only intelligence, but literally getting a source of power to these systems.
We see a lot of solar power coming down the pike, but it’s highly limited. And we don’t enjoy necessarily the greatest environment here for some of the alternate power systems either. But we are seeing more and more of it with the mesh networks.
I’m still wide open for good innovative solutions for specific problems. We solved the issue of being able to see in the dark only to have everything covered with dust. A few things like that that continue to be rather mundane baseline challenges. The solutions may be the same as they were many years ago.
One of the innovations that’s relatively new is large-area radar systems. We’ve got a lot of them that are proving out fairly well from the standpoint of large areas. The military helped us along that line a lot with the rapid deployment of small-range radars and so forth.
Bill Zalud: Thomas, I was as fascinated with the high-tech solutions as well as some of the low-tech solutions you’ve talked about.
Thomas Wojciechowski:We use different high-tech and low-tech solutions in our warehousing and transportation. I talked a little bit earlier about the cameras and John talked about the metal detection systems, and the physical access controls that we use as an ID system or a swipe card to get into our facility.
But then on the transportation side, from a high-tech point of view GPS tracking [is] very big for us – where we can track our tractors and/or trailers depending on what account and what the risk assessment proves real time.
Through some of our government programs and through some of our businesses, we use high-security seals – we will end up sealing the back of a trailer with a high-security seal that has 1,200 pounds of pressure on it before it could be cut or broken.
We haven’t really jumped in – with the exception of in Argentina some – with the new electronic seal where you’re setting the electronics and there are only certain individuals who can open these seals through combinations. But they do have electronic seals that we are just starting to touch now that have GPS tracking that you put on the back of a truck that has 1,200 pounds pressure along with a geosensor. So if your truck goes so far off the highway, it will give a security manager an alert.
The biggest part of security, in my opinion, is the people. Our warehouse personnel are trained; if there is an unwanted visitor there without a badge on, they are going to ask them and then get either their security or management. [Another] warehouse instance is conveyance inspection, where before any warehouse personnel will load anything onto a vehicle, they will perform a 17-point inspection to ensure there are no anomalies.
That’s the same thing with our transportation. Before one of our drivers on a certain risk account – no matter if it’s crossing borders, no matter if it’s a high-risk commodity account – will also do a 17-point conveyance inspection to look at that truck to see if there are any anomalies that they may have found when they’re picking that truck up, or they’re passing along to another driver or if they’re delivering at a point.
When we talk about the low-tech, that – I firmly believe – we have a culture and we have the people looking, helping. We can go a long way. And it’s worked for us thus far.
Bill Zalud: Bernie, weigh in on this one – the technology, the unique solutions that are available and that you’re using.
Bernie Jacobs: Well, there are a lot of solutions available. The viability of the solutions is questionable. Remember one of the things we have to bear in mind is the speed and volume of people; that’s the most valuable commodity that we take care of.
Again I’ll use New York City, where passengers pass through a turnstile at the rate of 70 a minute. All of us who are in the integration and the consulting area have seen where facial recognition was supposed to be the panacea, the be-all to end-all. Well you can have facial recognition that may work very well technically in the lab, but when you have people moving at the rate I just explained, by the time the machine processes them they’re already three stops down the line.
Fifty years ago the first video cameras were installed in the New York City subway system. They were housed in a container the size of a five-gallon can. Today we’re all aware of cameras we use on a regular day basis in an enclosure no bigger than the size of a carton of cigarettes and do 100-fold better job.
We have technology in nonpublic areas such as tunnels, where we have sniffers, where we have lighting systems, where we have intrusion systems that will work in the immediate proximity of a 600-volt third rail, that’ll work with a 50-mile-an-hour train passing by.
These are all improvements that to a large extent have come about since the first World Trade Center explosion. And we as a corporation firmly believe that technology is the way to go because technology doesn’t get a pension, technology doesn’t get sick, doesn’t have vacations, doesn’t get called up for active military duty or any of the other problems we have with the human element.
Laura Stepanek: I’m really interested in hearing what our integrators have to say about which technologies are being used and how they’re being implemented in some of these situations.
Jim Henry:The challenge that we face with the electronic solutions for this vertical market application – relate that to the world of thermodynamics where there are three laws that govern a very complex science. There are three laws that govern the deployment of electronic solutions as an integrator.
There will always be new technologies coming out to address the problems that we face. That’s the first law.
The second law is those products. Their capabilities will always be overstated by the manufacturers and over-anticipated by the end users. It has been that way; it always will be that way. The year or two post-9/11 gave basically a black eye to the biometrics industry where indeed it’s improving all the time.
The reason that it got such bad press and was so unsuccessful in the first deployments was because it was just over-anticipated.
The third law, and I guess this is the insurance policy for systems integrators, is that there never will be a
single technology that is a panacea over all solutions. The only way that you are going to improve the probability of detection and reduce the NAR and FAR – which is nuisance alarm rates and false alarm rates – is by the deployment of different types of technologies that triangulate with each other.
In the world of video, that’s the multiple technologies in video from standard bi-cameras to thermal cameras to infrared cameras to analytics, to access control to biometrics to CBRNE [Chemical, Biological, Radiological, Nuclear, Explosive], to activity detection and pattern recognition and what have you. The more that you triangulate, the more you improve your probability of detection.
If you’re coming onto a military base where you can basically strip search someone coming inbound, that’s relatively easy to do where you can be invasive like that. But you try and deploy a similar level of effectiveness in a public area – whether it is at subway platforms or at bus stations, or in Times Square or a mall, or any type of area that you have to facilitate public flow and commerce – that’s where it really, really, really becomes difficult.
That’s the mantra for systems integrators is to be conversant in those complementary technologies and to continually reduce or bring into reality the expectations of end users for the systems that we are deploying.
Laura Stepanek:Rob, what do you have to say about that?
Rob Hile:Well I’m going to take a little bit of a different spin. I’m going to focus first on programs. I know – and I agree with what everybody said in terms of the technologies. It’s like the technologies we’re seeing have been around for a while, but they’re starting to evolve.
But I think there are some programs that are out there that are going to actually maybe help. We’ve got C-TPAT and we’ve got TWIC and we’ve got Trusted Traveler, you know, the Delta’s Clear program that will help us as integrators, and the customer – keep the flow of their assets to the optimal level.
On the technology side, obviously the CCTV surveillance systems are continuing to be expanded on a daily basis. The good news for us is that video analytics is finally to the point where it’s ready for prime time. It’s providing enhanced security to critical infrastructure areas by object left behind, virtual trip wire, wrong-way travel, loitering, just to name a few – and these can be deployed on most of the existing CCTV systems on the market today.
The new integrated CCTV systems that have the embedded analytics is something that we’re all over and we’re actually using on a wide scale on the perimeter. We’re trying to cover vast amounts of acreage depending on the environment, so these new and integrated CCTV systems with built-in analytics on the edge are helping us. Integrated access control, RFID/GPS tracking are all of those things we’re widely deploying today.
Again, it’s kind of what Jim said, our key is working with our customers to deploy layered security technologies to help them meet their needs. So you don’t have one system that can fail; you have three or four systems that are layered working in conjunction to make sure that those security measures are there for the customer.
Bill Zalud: I think you all hit some hot buttons. But what we have here, really, is a team, too – that is, end users and consultants are working with systems integrators to make things happen. How do you work with a team -- internal and external – when it comes to retrofit and new systems implementations?
John Sutton:In fact one of the teams we worked very much with here is Jim Henry’s organization, Henry Brothers. We work a lot with those folks here at the Port Authority. Quite often from our perspective in the Program Management Department though, it is through direct contract work as far as external is concerned.
When it comes to the new and the old systems, this is a burden that, in fact, through the use of design-build contracts now more than previously used in this organization, we’re reaching out to our partners. That is the ones that we work with to retrofit and integrate with the existing systems. Some of them are low-tech; some of them are relatively high-tech. But it is always a challenge from the standpoint that many of the older systems are still functional and effective.
Working with these folks is very important to sort out the ones that actually need to be just replaced. The ability to utilize existing infrastructure, for instance, is very important. It’s one of the truly horrendous costs that gets involved when you’re deploying over large areas, large vast amounts of point of entry and things like that. It becomes very important just because of the expense of putting in new infrastructure. So working with the teams, both internal and external, becomes very important just from a cost effective standpoint.
Bill Zalud:Thomas, how do you work as a team internally and externally?
Thomas Wojciechowski:When we have a new site or we have an existing site of transportation or warehousing, our inner team consists of a safety manager, a security manager, a customs security manager, and an IT security manager. Each member of that team works together to assess that facility on a yearly basis. Whatever needs are shown that we need to perform to either stay updated on technology, or training of our personnel on the internal basis, sometimes that’s when we have to reach out to our external, which is some of our contractors that we may use.
The team that we have works very closely together on all different types of operations. Each facility or each location, no matter if it’s internally assessed or it’s externally assessed, we work together to ensure that it’s in the best possible security shape it could be in for what the risk is.
One point I did want to make is the C-TPAT program was mentioned, and we are a member. That is one way we work with our other C-TPAT members. We offer all of our best practices that other C-TPAT members offer to the community involved in the program. Once you’re involved in the program you can go into the portal and there are many assessed practices in there.
Just last week I was at a conference where there were many different carrier companies there, or importers and manufacturers, who all brought assessed practices together. That’s one way that actually we’re watching a government-sponsored program pulling us together to work as a team.
Bill Zalud: A good point. Bernie, how do you look at this?
Bernie Jacobs: Well, as consultants we look at it a little bit differently. Jim has his three rules, which are very valid. We work under three other rules called criticality, vulnerability and cost-effectiveness. We cannot allow a client to spend money in an area that’s economically unjustifiable.
However, when it comes down to life safety, there is no number that any CEO is going to put on the value of life. What we do is try to meld and try to balance it by our own people internally first doing a risk assessment study coming up with possible alternatives.
Then we make what’s called a performance checklist. We will write down what we would like to have a system at this location that has the following capabilities. Then we give it to an integrator such as Jim and Henry Brothers, and say, “Okay, this is what we want the system to do.” They will come back to us and say, “All right, but the price tag on it is such-and-such” – and it far exceeds the dollar loss that’s involved.
We have to then go back to the client and say, “Look, we can provide any level of security you would like in this facility. It’s only limited by you, Mr. Client’s imagination, and how deep your pockets are.” And we try to then make a triumvirate between the client, the integrator and ourselves to come up with that cost-effective, criticality justified methodology to protect the facility.
Laura Stepanek:Let’s pose that same question to Jim and Rob. Jim, talk about the team aspect of protection.
Jim Henry: The effectiveness of the team to maximize the value for the end user is directly a function of how close we are to the end user in the selection and the execution and implementation of the devices that we use to achieve the functional requirement that Bernie described.
Deployment of physical security solutions is not like doing a fit-out or a build-out of a building for tenants – hammers and nails, bricks and mortar and what have you. It is more complicated than that.
It takes the interaction and the skill set and the perspective of the integrator looking at issues like the practicality in that environment, service aspects, long-term ramifications of what’s being done.
There’s a misperception that by driving that price down and pushing the integrator under the electrical who’s under the GC, that you’re getting better value because you’re driving your cost down. But in the end, it’s less effective clearly.
With the end user we are able to bring some of the intellectual knowledge that we built over 30 to 40 years of doing this, and triangulate that with the consultants and the end users and the manufacturers and really drive a much more ergonomic solution and in many cases have the freedom to value-engineer to not only improve functionality but reduce cost at the same time.
Laura Stepanek:Rob, would you comment on the teamwork approach and what your experiences have been?
Rob Hile: I like what Jim and Bernie said. Actually we have our three laws here, as well. They’re pretty simple: communication, communication, communication.
I mean the cooperation and information flow between the individual management teams within the customers’ walls, as well as the consultants and the technology partners, is really the key to understanding what the customer needs are and how we’re going to tailor an overall security package that does not interfere with what is considered their normal business operations.
Then our key – any integrators’ key – should be to design a security system that utilizes multi-layered security technologies in a way that does not reduce or interrupt the flow of those assets. In reality security is a business process and has become a business process, and should be looked at as a normal business application and not an afterthought.
Now what does that mean for us as integrators? That often means that we work during off-peak hours or even at night when the flow of assets is lowest – should be a standard operating procedure for most integrators who are in the space – installing and commissioning those systems and newer retrofitting so we don’t impact that customer’s business model.
Laura Stepanek:The economy question is a good one. How do you anticipate your spending on security may change in ‘09 compared with ‘08? And for the integrators, I would like you to consider how you see the viability of the transportation market for ‘09.
Rob Hile:This is something that we’ve been really working hard on internally as well as I’ve been preaching this across the country. Obviously no one can stand a loss of life and that’s part of the life that we live and that’s one of the reasons I’m proud that I’m in this industry, because the technologies that we do deploy will help stem and mitigate any loss of life should there ever be
an incident.
But more and more our customers are telling us – and we’re experiencing this firsthand – that the business process management aspect of security is becoming more and more important to them. They cannot take an interruption of commerce. They can’t stop the flow of assets. It’s even more critical that the security measures that we’re putting in on a day-to-day basis have a two- or three-fold approach to that customer’s business. Protect the people, keep them safe; that’s a major asset of the customer. But then also help to mitigate any loss; keep it at the lowest point.
We’re seeing more and more situation management where our customers are not going to stop the flow of assets, but divert those flow of assets so they can, a) deal with the security aspects of the incident, but b) keep the flow of commerce going so they can keep those revenue dollars. This is across the board. This is our ITS customers. This is our port customers. This is our rail customers. This is our transportation customers: “Keep the people safe, but don’t interrupt my business should there be an incident.”
Jim Henry: Kind of building on that thought…the electronic security industry has been frequently referred to as a recession-proof industry. Nothing is completely immune from major shifts in the economy. But at the Securing New Ground Conference that I was at a few weeks ago this was a hot topic. Clearly the financial markets and retail are the ones that are most vulnerable and will probably be flat or down in this year.
But looking into infrastructure, everybody was very bullish on the investment in infrastructure for not only the protection of assets and what we’re dealing with in the world that we live in, but also because of that as a vehicle for driving the economy and to give a platform for commerce which is what our industrial complex has been built on here all these years.
The thing that we’re seeing, ironically, is some of our customer base that’s financially healthy are kind of sitting back waiting to see what kind of position their competition might be in, because they see an opportunity for expansion and acquisition and consolidation.
So although they have no intention of diminishing their roll out, their upgrade of their systems or whatnot, they’re also being practical in trying to direct their resources if there’s going to be a near-term opportunity for them to expand their footprint.
But, as a rule, the reason that security is considered recession-proof – talking to the commercial side now – is when you start having significant layoffs in major corporations, you can get some significantly displeased people as a consequence of that, and therefore you elevate your risk – and the whole thing is a vicious cycle.
Ironically, sometimes the greatest amount of spending that we get from incumbent customers is when they are in a consolidation mode or a shut-down mode, or moving some plants from one region of the country to the other or to overseas.
