The Daily Challenges of Supply Chain Security
Every day, there is a different challenge when it comes to supply chain security.
With emphasis on the supply chain, numerous people, companies, regulations and nations are likely involved. Sometimes the challenges center on trusting others along the chain; sometimes it is all about cybersecurity; other times, it is more a matter of cargo theft.
Security video provided by Travelers Insurance, with a high profile in supply chain security, show how thieves use bolt cutters to crack open locks and then go “trailer shopping.” The most popular items for thieves are beverages and food; however, the most costly are pharmaceutics and electronics.
Many local police departments don’t have investigators with special training to handle supply chain security. So enterprises and government agencies depend upon their own resources as well as industry specific organizations to fight fraud, theft and disasters. For example, Travelers provides police with bait trailers, wired with cameras, to catch crooks in action. But, in many respects, it continues to be a cat and mouse game. As pharmacies take steps to curb in-store robberies, thieves are increasing targeting warehouses and delivery vans that transport prescription painkillers destined from warehouses to pharmacies and hospitals.
According to FreightWatch International, cargo thefts are happening almost four times more frequently than in 2012.
Check Firms in Supply Chain
In a recent Web interview, Charles Forsaith, director of supply chain security at Purdue Pharma, says that security needs cover background checks of drivers, reputations of companies and insurance, among other factors.
The bottom line regarding supply chain security is a multi-layered approach to a secure, end-to-end chain of custody that includes well-defined and enforced protocols, an understanding of worldwide regulations, employee training, physical security measures, thorough carrier vetting and driver identification, video surveillance of warehouses, loading docks and gate areas as well as the use of secure facilities, lots and drop yards.
Obviously, the global supply chain is dynamic, growing in size and complexity and is vulnerable to a host of threats and hazards such as natural disasters, accidents, theft and malicious attacks. A security strategy, focused on the worldwide network of transportation, postal and shipping pathways, assets and infrastructures (including communications and information infrastructures), is an important step forward.
For those assigned to supply chain security, there are two goals. The first is to promote the efficient and secure movement of goods, and the second is to foster a global supply chain system that is prepared for and can withstand evolving threats and hazards and rapidly recover from disruptions.
A crucial goal of any supply chain security effort is to promote the timely, efficient flow of legitimate commerce while protecting and securing the supply chain from exploitation as well as reducing its vulnerability to disruption, according to Bill Anderson, group director, international safety, health and security at Ryder, Miami, Florida. Ryder’s leadership in transportation and supply chain security means that clients can expect the highest levels of security across operations. That leadership also extends best practices to industry partners and government regulators.
Threats Continue to Evolve
The aim: Understand and resolve threats early in the process and strengthen the security of physical infrastructures, conveyances and information assets, while seeking to maximize trade through modernizing supply chain infrastructures and processes. Anderson says it is important to also foster a supply chain system that is prepared for, and can withstand, evolving threats and hazards and can recover rapidly from disruptions.
Anderson’s advice is to identify, assess and prioritize efforts to manage risk by using layered defenses and adapting security posture according to the changing security and operational environment. “You cannot be everywhere all the time,” Anderson says. So he and other supply chain security executives consistently review situations based on cargo, geography, incidents, collaborative partners and other elements.
He also expects information security to be the next high concern area when it comes to supply chain security.
For example, one of the largest known data breaches, resulting in 110 million records lost and hundreds of millions of dollars in damages, started with a small, third-party supplier along the chain. Attackers compromised Fazio Mechanical Services, a supplier of HVAC services, to gain access to Target’s network. In a report by Dark Reading, piggybacking on third-party suppliers is now a well-worn page in attackers’ playbooks.
“If I want to attack Fort Knox and I know they have locks and guards and strong security, it is easier to attack one of their providers who already has access to the gold,” says James Christiansen, vice president of information risk management for Optiv.
Government regulations, mandates and industry specific rules play a significant role in supply chain security. “In fact, with a global reach, there are numerous governments and their ever-changing regulations that need attention,” adds Anderson. Still, he says, governments have gone through administrations and budget cutting. In some ways, the U.S. Chamber of Commerce and its homeland security committee have become more involved when it comes to regulations and funding issues, “although there is a common standards facilitated by governments.”
Many Supply Chain Players
No doubt, there are many players in the supply chain including importers, foreign manufacturers, consolidators; brokers, ocean, sea and rail carriers, and third-party logistics providers, to name a few. “But remember, nobody runs from the point of origin to the final point,” observes Anderson. He adds, “Obviously a lot of the activity is in warehouses. Goods in movement get a little trickier.” There are tracking devices, but when crossing borders, “they may have to be declared. And how are you going to get the devices back?”
Crisis management is another aspect of the supply chain security multi-tiered approach. Not only could the global supply chain be used to facilitate a terrorist act, the supply chain itself could be considered a target of such an attack.
Given the importance of cargo and vehicle security to ongoing sustainability, both are matters of committed corporate governance and leadership. Security practices must encompass a wide range of areas – from customs and border security for materials moving between nations to rental fleet security and crisis management.
Supply chain security also – depending on the company, location, type of supplies or data and risks ranked by priorities – calls for the use of traditional physical security technologies as well as tech unique to the mission such as seals, global positioning and more sophisticated locating and tracking applications.
Warehouses, distribution centers, seaports, airports, tractor-trailer hubs and freight terminals all lend themselves to some level of credential for access control as well as security video, often IP-based and analytics equipped.
Globalization has impacted supply chain security and technology solutions, according to Bruce Wimmer, senior director, compliance and investigations, corporate risk services division for G4S, who adds that the bottom line is to “detect” things before they occur with intelligent systems and analytics. It’s all a matter of risk mitigation. Beyond security, there are other reasons for supply chain security. “Take threats coming into the U.S. related to agriculture and food,” for example, says Wimmer, who notes the invasive insects brought in with cargo.
Whatever the threat, says Wimmer, “Don’t just throw solutions out there. Plan the approach. Understand the threats and risks and their criticality.”
Tagging certain job titles to specific zones such as dispatch, operations, warehouses and loading docks is a valuable step towards improving the physical security.
Video and License Plate Recognition
Steve Birkmeier of Arteco stresses event-based interoperable of security technology including security video as well as license plate recognition. Such solutions can verify trucks, open gates and even trigger email alerts, according to Birkmeier. Every camera has a purpose. Focus on what is important to security at various locations and related to events.
According to Anthony Incorvati, business development, critical infrastructure and transportation at Axis Communications, security technology has come a long way. There is system openness, higher quality imaging and more uses of security video. Look at today’s cameras as computers with a lens, he says. He sees security technology as bridging the gap between security and enterprise resource planning as well as warehouse management, for example. He adds that, for new projects, almost all are IP-based network technology.
Then there is geofencing based on sensors or cameras or both as well as customized software. Such systems can send automatic, near real-time notifications whenever a trailer moves in or out of preapproved coordinates, allowing fleets to proactively react to possible cargo theft. If a driver has authorization to stay the night in a hotel room, the carrier can create a geofence containment field around the hotel parking lot that will send an alert if anything happens to the truck while the driver is sleeping inside the hotel.
In some outdoor supply chain security applications, there is a need for a solar-powered, wireless video solution. With trucks in loading dock areas and terminals, such technology can be easily deployed on the perimeter, suggests Dave Tynan of MicroPower Technologies.
One logistics company, a provider of small package ground delivery services in the United States and Canada, has more than 40,000 vehicles in service at any given time, and accounts for 33 ground transportation hubs and 500 pickup and delivery facilities. To better monitor behavior, manage the flow of traffic at its hubs and to optimize the operations, the company invested in a solar, wireless surveillance solution. The company wanted to see trucks going in and out of the parking lots to watch over traffic patterns, driver efficiencies and operational issues.
Protecting the Perimeter
The company was already relying on traditional, hardwired surveillance systems to enhance operations and safety, but officials recognized the need to extend the views of surveillance video to the perimeters of their logistics parking areas. Trenching projects proposed would last up a minimum of three weeks and would shut down access to the logistic provider’s hubs, impeding operations.
After looking at several solutions, the logistics leader ultimately selected a solar, wireless surveillance platform because it delivers highly reliable and secure video surveillance capabilities in a zero-cable design.
Real-time locating systems also play a supply chain security role. Such telematics systems capture truck and cargo location information in real-time, points out Andy Souders of Savi Technology. Based on sensors and analytics, collected data allows a carrier to know if idle and/or dwell time is occurring in a safe place or not. Knowing where the hotspots are in terms of cargo theft based on historical data can also help with route planning.
Some providers think outside of the box. SGS, a leading inspection, verification, testing and certification company, in an effort to gain a competitive edge in its consignment verification and logistics security business, sought to develop a new integrated logistics and tracking offering that it could add to its global services portfolio. A key requirement of the service was real-time asset tracking and comprehensive journey monitoring. SGS delivers a solution to track freight movements using global positioning GPS, general packet radio service or GPRS and satellite technology that gives end users full in-transit visibility and real-time event management.
Keeping One Step Ahead
It’s a matter of keeping up with the bad guys. As examples: container seals, a long-time means of security protection, are now being illegally duplicated by people using 3D printing advances; some thieves use GPS jamming devices to overcome security efforts.
Linking people, processes and technology together better creates “defensive layers” that make stealing freight or data along the supply chain a more difficult endeavor.
Not surprisingly, there are synergies between physical security and cybersecurity when compared to some other business sectors. There is so much overlap today between physical and electronic security that supply chain security professionals are combining the missions. Freight and assets aren’t the only things exposed. So is information about a supply chain firm, its customer’s business and their freight exposed out there.
With a solid commitment to supply chain security, among the many trends revealed in the Travelers Insurance 2015 Business Risk Index was increased worry over cyber risks, global conflict and political instability. The Index also discovered that while U.S. businesses take many different approaches to managing risk, only half have a written business continuity or disaster recovery plan.
The blending of physical and cyber-centric security is seen in the marketplace. For instance, TrakLok International of Knoxville, Tennessee, has a cargo security system to bring the needs of physical and IT security together into a single package. It includes a hardened lock that withstands prying, cutting or impact tools; an integrated alarm that sends alerts when unauthorized attempts are made to access cargo; and a GPS tracking system with a cloud-based Web portal that allows access to real-time information on location and cargo integrity.
No matter the focus, supply chain experts indicate five areas where fleets need to create what’s called “positive lane and logistics” performance. These are:
- Visibility – real time cargo/asset location with environmental sensing capability for cargo integrity;
- Validation – chain of custody, regulatory compliance, loss and incident forensics;
- Performance – transit time, estimated time of arrival, destination acknowledgement and notification;
- Risk mitigation – awareness and prevention of criminal activity, law enforcement engagement and assistance with recovery; and
- Efficiencies – least cost/time/risk routing, targeted areas for supply chain improvement, carrier evaluation, shipment history and exception analytics based on the shippers’ business rules.
Beyond technologies and logistics performance, a significant number of supply chain losses are due to non-technology paperwork and personnel failings. In one scenario known as a fictitious pickup, an imposter temporarily poses as the carrier. Sometimes they have paperwork and sometimes they just spin a yarn about being early or some other story.
Watch out United Parcel Service and DHL, Amazon has its supply chain eyes on you. The company is expanding its logistics operations in China. The cost control plan includes handling cargo and customs for goods headed to ports in Japan, Europe and the United States.
Amazon’s Chinese subsidiary, Beijing Century Joyo Courier Service, will be listed as a freight forwarder – a type of broker that does not own ships but handles customs and other documentation as well as some level of supply chain security – with China’s transport ministry. Last November, Amazon’s Chinese subsidiary also made a similar application with the U.S. Federal Maritime Commission.
Analysts quoted in the media say they expect Amazon to use its new freight forwarder license to make it easier for Chinese merchants and manufacturers to transport their goods to major hubs where Amazon has warehouses that ship goods to customers. It is anticipated that Amazon will handle paperwork, provide a level of security and select the shipping line that will transport the goods and make sure there are trucks on the other end to take shipments to its fulfillment facilities. Merchants will deal only with Amazon rather than multiple companies for trucking, warehousing and shipping.
Working in close coordination with the Department of Homeland Security, the Border Interagency Executive Council and the White House, U.S. Customs and Border Protection (CBP) has been actively tracking and assessing stakeholder readiness for the mandatory filing of all electronic entries and corresponding entry summaries of imports and exports in the Automated Commercial Environment (ACE).
An updated timeline continues to align with CBP’s December 2016 deadline for full implementation of the Single Window via ACE. Such automated systems electronically support the facilitation of importing and exporting goods. The Automated Commercial Environment will become the Single Window, the primary system through which the trade community will report imports and exports and the government will determine admissibility. Through ACE as the Single Window, manual processes will be streamlined and automated, paper eliminated, and the international trade community will be able to more easily and efficiently comply with U.S. laws and regulations.
Throughout the summer, federal agencies will achieve functionality for filing electronically in ACE. These include:
- Agricultural Marketing Service (AMS)
- Bureau of Alcohol, Tobacco and Firearms and Explosives (ATF)
- Centers for Disease Control (CDC)
- Defense Contract Management Agency (DCMA)
- Directorate of Defense Trade Controls (DDTC)
- Drug Enforcement Administration (DEA)
- Enforcement and Compliance Commission (E&C)
- Environmental Protection Agency (EPA)
- Fish and Wildlife Service (FWS)
- Food Safety and Inspection Service (FSIS)
- National Marine Fisheries Service (NMFS)
- Alcohol and Tobacco, Tax and Tariff Bureau (TTB)
The Trusted Trader program is currently in an 18-month test phase. U.S. Customs and Border Protection (CBP) has formulated the design for a holistic Trusted Trader program that unifies the current Customs-Trade Partnership Against Terrorism (C-TPAT) and the Importer Self-Assessment (ISA) processes in order to integrate supply chain security and trade compliance.
The development of Trusted Trader is a coordinated effort with members of the trade community, CBP and Partner Government Agencies (PGAs), such as the Food and Drug Administration, Consumer Product Safety Commission and the Transportation Security Administration. This approach enables CBP and PGAs to provide additional incentives to participating entities and enhance efficiencies of managing supply chain security and trade compliance within one program.
CBP has an enormous job just in cargo containers moving across borders. Each year, more than 11 million maritime containers arrive at U.S. seaports. At land borders, another 11 million arrive by truck and 2.7 million by rail. CBP is responsible for knowing what is inside, whether it poses a risk to the American people and ensuring that all proper revenues are
All importers of merchandise into the U.S. must establish internal controls so that Customs can see that the company has control over its supply chain including security and safety. Each importer has a profile tracked by Customs, and the agency does a risk analysis when targeting shipments. Part of that risk analysis is an importer’s compliance with post 9/11 security regulations, which include:
- The Container Security Initiative –Within months of 9/11, U.S. Customs developed the Container Security Initiative, which identifies high risk containers and pre-screens in foreign ports before containers are placed on vessels bound for the U.S.
- Customs–Trade Partnership Against Terrorism –While C-TPAT is a voluntary program, it’s also a partnership focused on improving the security of private companies’ supply chains with respect to terrorism.
- Advance Electronic Cargo Information – Every vessel must file the ship’s manifests 24 hours prior to lading so Customs can evaluate potential risks.
- Importer Security Filing –It’s mandatory for all importers entering on ocean vessels and requires that importers file ten required data elements prior to a ship’s lading.
Second, a nation must establish a legal authority to control the export of defense-related and dual-use goods and technologies. This authority adheres to six legal principles:
- Comprehensive controls;
- Implementing directives;
- Enforcement power and penalties;
- Interagency coordination;
- International cooperation; and
- Protection against governmental dissemination of sensitive business information.
Third, a country should implement regulatory procedures to support export control laws and policies. These procedures establish clear lines of authority and provide for a list of controlled items. The control list should adhere to international norms (multilateral regime lists and their associated catch-all controls). The regulations should be clear and easily accessible to exporters in their description of licensing and enforcement policy. The designated authority administering the regulatory regime should review license requests for completeness and clarity. The regulations should encourage transparency and predictability of governmental decision making, and should give sufficient room for exceptions to policy in the interest of the government.
Fourth, proper enforcement measures should be built into the system. Preventive enforcement is essential, and should include established procedures related to export license applications (i.e. screening the proposed item, quantity, end-use and all parties involved in the transaction for any potential export) and compliance mechanisms (i.e. working in partnership with industry to educate them on how and why – to monitor and control their own export activity). The ability and authority to interdict and investigate illicit exports are necessary to implement an effective export control system. International cooperation can ensure full compliance with export legislation.
There is an effort toward export control reform or ECR. “In some ways, it is about foreign contracts, location of cloud-based servers. You have to take a very nuanced and careful approach,” says Eustice. “You want more control over how you store and use supply chain data in the cloud. There are different types of controls over different types of data.”
The data arising from the connectivity of physical assets is the foundation of the Internet of Things (IoT). But converting this raw IoT data into an opportunity for process improvement brings challenges in dealing with nonstandard data in unprecedented volumes. To address these challenges, a new generation of IoT-enabled analytic applications for supply chain planning and execution is now becoming available. Supply chain professionals have grappled with the challenges associated with a lack of complete visibility across the supply chain for decades. Fortunately, forward-thinking innovative companies have developed purpose-built supply chain visibility solutions, leveraging IoT technology, to finally achieve the requisite layer of visibility into the supply chain. For the first time in history, complex global supply chains have the capability to connect with their products and processes to achieve new levels of supply chain visibility.
As ubiquitous connectivity becomes the norm across the global business landscape and the Internet of Things continues to gain acceptance, the explosion of data created out of such a connected world is driving firms to develop and implement IoT strategies with purpose-built analytic applications to capitalize on this wealth of information. The lag between data collection and action has been dramatically reduced because of the increased sophistication of sensor technology, advanced mobile communications and purpose-built analytic applications. The reduction in the time between data capture and decision making enables firms to react to changes in operations in real-time, presenting the opportunity for dramatically improved operations to those who leverage this advanced technology.
The Internet of Things is driving supply chains to rethink and retool in order to inject a layer of agility and responsiveness never before seen into an ever-changing environment. Massive real-time data captured by sensors represents the raw material for this transformation of operations. But it is the delivery of purpose-built analytic applications that turns this raw material into actionable insight.
Customs and Border Protection Office of Field Operations Assistant Commissioner Todd Owen told legislators about three critical activities.
Advance Information and Targeting–Obtaining information about cargo, vessels and persons involved early in the shipment process and using advanced targeting techniques to increase domain awareness and assess the risk of all components and factors in the supply chain.
Government and Private Sector Collaboration –Enhancing Federal and private sector partnerships and collaborating with foreign governments to extend enforcement efforts outward to points earlier in the supply chain.
Advanced Detection Equipment and Technology –Maintaining robust inspection regimes at our point of entry (POE), including the use of non-intrusive inspection equipment and radiation detection technologies.