Federal initiatives have provided a good start on port security, but these programs still need more staff, more funds and more planning

"Oh, yes," says George Cummings, director of Homeland Security for the Port of Los Angeles, America's busiest seaport. "9-11 was a significant catalyst for a re-evaluation of our vulnerabilities and taking stock. After 9-11, what do we need to do? Two main things. We need to significantly increase the security of the port itself and increase our awareness of the threat of movement of goods in containers."

Cummings's "two main things" lie at the heart of the federal government's approach to port security: harden the physical security around the 361 ports in the United States and, at the same time, track the movement of the nearly 10 million container units and 18 million passengers entering the United States by sea each year.

The federal response has been to create a layered system of security, pushing security assessments out to the ports of origin with intelligence and screenings before the cargo is loaded; setting security standards for foreign ports and for the manufacturers, transporters and distributors of cargo in foreign countries; and enhancing the security at American ports, from perimeter fencing and video surveillance to radiation monitors that scan containers before they leave the ports.

"These are daunting problems," says David S. Ortiz, a Rand Corp. researcher and co-author, with Henry H. Willis, of "Evaluating the Security of the Global Containerized Supply Chain," a December 2004 report that raises some criticisms of the federal effort so far.

"The port security measures all make sense as parts of an initial response to 9-11 and the realization of the vulnerability of ports and the maritime transportation system," Ortiz says. "But there are two issues. One, the measures are fundamentally reactive, that is, they were designed in reaction to 9-11 and are stand-alone efforts rather than coordinated. Two, the measures disproportionately fall into the category of threat prevention; equally important is consequence reduction."

Three initiatives
Within months after 9-11, U.S. Customs and Border Protection (CBP, at that time still the U.S. Customs Service) created three initiatives that remain the foundation for port security.

The Customs-Trade Partnership Against Terrorism (C-TPAT), the first federal initiative out of the blocks (just two months after 9-11) enlists overseas companies to voluntarily improve security in the global supply chain. Companies participate in c-tpat by agreeing to meet security standards for all the components of their supply chains, in exchange for a reduction in the level of security risk imposed on their goods, which means expedited inspections. Currently, 7,000 companies participate in c-tpat.

In January 2002, Customs created the Container Security Initiative (CSI), which has placed CBP personnel in 37 seaports to work with their foreign counterparts to target and inspect high-risk containers headed for the United States.

The last of the initiatives, funded by Congress in July 2002, is Operation Safe Commerce, which uses technology in foreign and U.S. ports to detect and inspect high-risk containers.

To a certain degree, all three initiatives are working. For instance, all U.S.-bound cargo is subject to the "24-hour rule," which requires that the CBP receive electronic information on all containers 24 hours before they are loaded at foreign ports. And the annual proportion of physical inspections of suspect containers, which consists of opening the containers and physically checking the contents, has increased from 2% to 6% of all containers arriving at U.S. ports.

According to the World Shipping Council, in January 2004, "the Coast Guard found that 2.5 percent of vessels arriving in U.S. ports were significantly noncompliant with the new security requirements, and they were denied entry to port, detained in port, or expelled from port as a result. By the end of December 2004, the percent of vessels arriving in U.S. ports with major problems fell to 1.5 percent."

"Step right up"
But there are still problems. While all three initiatives are sound ideas, they were all put together quickly, apparently without enough planning for the long term, without performance measures for the programs and without adequate staff.

According to a Government Accountability Office (GAO) report to Congress in May, one year after implementation of the Container Security Initiative, CBP still had not developed a plan to train and assign the 120 program staffers who are needed to work in the foreign seaports. And both Ortiz of Rand Corp. and the GAO expressed concerns about C-TPAT's reliability.

There appear to be two fundamental flaws in the concept and execution of C-TPAT. The first, Ortiz says, is the "carnival booth effect," a phrase coined by two Massachusetts Institute of Technology graduate students, Samidh Chakrabarti and Aaron Strauss, in a study of the airport screening system.

The basis of this criticism is that the system can be gamed by terrorists who "step right up," as in a carnival, and present themselves several times to the screening procedures to discern who or what attracts the screeners' attention. "If you've been wanded the last five times you took a flight," Ortiz says, "chances are good that you'll be wanded the sixth time."

With C-TPAT, Ortiz says, "you can game the system to determine the probabilities that your shipment will be inspected. You can run through shipments to see if you're inspected. You don't have to know the level of security risk involved, you can simply figure out whether you're likely to be inspected or not."

Validating effectiveness
But C-TPAT suffers from an even more fundamental flaw. Remarkably, until this September, CBP has had almost no ability to verify that c-tpat's overseas members have actually implemented the security measures they claim to have in place on their applications.

"Of the 7,000 companies in c-tpat, less than 500 are verified," says an aide to Sen. Patty Murray (D-Wash.). "Basically, we're getting the information and hoping it's the correct information and hoping they're doing what they say they're doing. C-TPAT is a good idea, but without the ability to test and audit, we're lowering the bar."

CBP announced in September that it will begin a validation process for members of c-tpat. According to the CBP Web site, "The validation process will enable cbp and the C-TPAT participant to jointly review the participant's C-TPAT security profile to ensure that security actions in the profile are being effectively executed…. C-TPAT validations are not audits. In addition, they will be focused, concise, and will last not longer than ten working days."

But, according to the GAO, as of May 2005, C-TPAT had a staff of just 10, with no "human capital plan" to increase the size of the staff.

As C-TPAT is a good idea, so is CSI. "It gives us the ability to target shipping overseas," says Linda Easley, Vice President/Homeland Security strategies at System Planning Corp., Arlington, Va. "The foundation of csi is to use intelligence to target dangerous cargo. We pre-screen containers at the port of departure, use detection technology to quickly and economically pre-screen containers, and we use 'smarter' containers."

"There has been progress in outcome-oriented measures," Easley adds, "and a lot of collaboration with host-country personnel. But still, 35% of shipments are not targeted. [The 37 csi ports account for nearly 65% of U.S. imports.] There's not enough staff, and we haven't established minimum technical requirements for detaining suspect shipments. And we do need performance measures to assess the effectiveness of the targeting."

"They've done a decent job with the CSI program," Sen. Murray's aide says, "but the reality is that we don't have any teeth in the agreements. There's no way to force ports to inspect the containers."

One way to overcome this problem, the aide says, would be to "make sure that our trade agreements include elements of csi to have our inspection requests honored."

The inner layer  
But that's overseas, at the outside layer. What of the security at the ports themselves?

Security at the ports themselves focuses on two areas: "hardening" the port facilities, through improved access controls, police presence and video surveillance, and the use of innovative technologies to screen and inspect the containers.

The Port of Los Angeles leases its 27 terminals to operating companies, which are responsible to the U.S. Coast Guard to meet the Maritime Transportation Security Act's requirements. "All of our terminals are in compliance," says Cummings. "They are at the point they were asked to be at."

And in Oakland, the country's fourth-busiest seaport, "the money we've received so far has allowed the port to meet its baseline security requirements," says Marilyn Sandifur, media and public relations specialist for the Port of Oakland.

But the most significant improvements lie in the area of technology, which is the focus of Operation Safe Commerce. osc uses electronic container seals at the point of origin that detect when an unauthorized person has opened a container. And radio-frequency identification technologies allow shippers and carriers to track cargo while it's in the container shipping system, transmitting information when the shipment passes portals, such as entry or exit from a port or when the cargo is loaded or unloaded from a ship.

In addition, ports are starting to receive radiation portal monitors, massive screening devices sensitive enough to detect the natural radiation from bananas housed in containers that move through the monitors. The Port of Oakland now has 25 rpms for its eight terminals; the ports of Los Angeles and Long Beach, which have participated in the pilot program for the rpms, will receive 90 monitors in the coming year.

Potential economic losses
"The OSC program … might make it difficult for terrorists to use containerized shipping to supply comrades in the United States," stated the Rand report co-authored by Ortiz. "However, osc will not reduce the damage from a terrorist act, if an attack on the system is successful. By the time containers reach ports, they are positioned for a terrorist attack. Thus, increased inspections will not reduce the exposure to or reduce the damages from attacks on port facilities."

The fear, in addition to a horrific loss of life, is the potential effect on the economy of the closing of a major port. "The West Coast port lockout of 2002 suggested the magnitude of economic effects a terrorist-related event might cause. Estimates placed the losses for the ten-day lockout between $4.7 billion and $19.4 billion," according to the Rand report.

"Substitution of ports is a critical long-term policy issue that the agencies have to grapple with," Ortiz says. "Dredging only works where there is a naturally deep basin. As larger and deeper vessels come online, substitution of ports, analysis of the ability to offload cargo, becomes a critical question."

Physical security enhancement at our ports requires money, $400 million a year, according to the shipping industry; $7 billion to implement the security plans under the Maritime Transportation Security Act, according to the U.S. Coast Guard.

Are these figures overblown? According to Easley, Hong Kong, the world's second-busiest port, after Singapore, estimates the cost of security to be $6.50 per container, and recently spent $33 million to install a container scanning system.

But, says Cummings of the Port of Los Angeles, "funding has not been sufficient for us. Overall, compared to airports, and considering the needs demonstrated by the ports, the funding has been pretty low. We need to shift to recurrent funding. All these systems we have need maintenance and staffing and so far there has not been federal funding for maintenance and staff."

Drops in the bucket  
Funding for port security comes through the Port Security Grant program, which is administered by the Office for Domestic Preparedness. The first round of grants, in which $92 million was awarded, was in June 2002; grants for the fifth round were announced in mid-September. Counting the most recent round, approximately $702 million has been awarded.

However, requests for funding during the first four rounds totaled more than $3.3 billion; the total amount of grants awarded for those rounds was $560 million, just under 17% of the total requested. As an example of the way this affects the ports, consider the Port of Oakland.

In the first round, Oakland applied for $28 million to improve security and was awarded $4.8 million, which went to perimeter surveillance, intrusion detection, emergency communications and automated gate access. In the second round, Oakland applied for $69 million and received $1.6 million, which went to fund a mobile traffic barrier. In total, through the five rounds, Oakland requested $167.8 million and received $10.3 million.

But there's more. According to Sen. Murray's aide, of the $564.5 million authorized and awarded to the ports for security in the first four rounds, only $107 million has been spent. "The remainder," the aide says, "is in the pipeline. We don't know all the reasons, but dhs is holding some money until the full project is ready to be completed in the case of some ports, and part of the funding was made on a reimbursable basis, which means the ports have to spend the money first, and then apply for reimbursement."

And more. The Bush administration has defunded the Port Security Grant program. "The last couple of budgets from the president haven't included funding; they've zeroed out the program," says Sen. Murray's aide. "It's a problem every year. The last couple of years Sen. Murray has offered amendments to include $400 million for port security, and she feels lucky to get around $150 million."

"There's enough money," says Susan Monteverde, Vice President for Governmental Relations for the American Association of Port Authorities, "but there's not enough funding available. We shouldn't have under-protected ports."

Robert Yates is an Evanston, Ill.–based freelance