| Date post: | 22-Feb-2018 |
| Category: |
Documents |
| Upload: | rohitsingh |
| View: | 218 times |
| Download: | 0 times |
of 25
7/24/2019 security in scm
1/25
Penn State University Press is collaborating with JSTOR to digitize, preserve and extend access to Transportation Journal.
http://www.jstor.org
Penn State University Press
Security and the Global Supply ChainAuthor(s): RAVI SARATHYSource: Transportation Journal, Vol. 45, No. 4 (FALL 2006), pp. 28-51Published by: Penn State University PressStable URL: http://www.jstor.org/stable/20713653
Accessed: 20-10-2015 16:53 UTC
EFEREN ESLinked references are available on JSTOR for this article:http://www.jstor.org/stable/20713653?seq=1&cid=pdf-reference#references_tab_contents
You may need to log in to JSTOR to access the linked references.
Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at http://www.jstor.org/page/
info/about/policies/terms.jsp
JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide range of contentin a trusted digital archive. We use information technology and tools to increase productivity and facilitate new forms of scholarship.For more information about JSTOR, please contact [email protected].
This content downloaded from 103.27.8.45 on Tue, 20 Oct 2015 16:53:20 UTCAll use subject to JSTOR Terms and Conditions
http://www.jstor.org/http://www.jstor.org/action/showPublisher?publisherCode=psuphttp://www.jstor.org/stable/20713653http://www.jstor.org/stable/20713653?seq=1&cid=pdf-reference#references_tab_contentshttp://www.jstor.org/page/info/about/policies/terms.jsphttp://www.jstor.org/page/info/about/policies/terms.jsphttp://www.jstor.org/page/info/about/policies/terms.jsphttp://www.jstor.org/page/info/about/policies/terms.jsphttp://www.jstor.org/page/info/about/policies/terms.jsphttp://www.jstor.org/page/info/about/policies/terms.jsphttp://www.jstor.org/stable/20713653?seq=1&cid=pdf-reference#references_tab_contentshttp://www.jstor.org/stable/20713653http://www.jstor.org/action/showPublisher?publisherCode=psuphttp://www.jstor.org/7/24/2019 security in scm
2/25
RAVI
SARATHY
Security
and the Global
Supply
Chain
Abstract
This
article examines
implications for global supply
chains
posed
by
security
threats
in
the
U.S. and elsewhere, and identifiesactions for addressing those threats. The principal goal is to
design
security
into
the
supply
chain rather than seek
to
mitigate
consequences
after
the
fact.
Redesigning supply
chains
to
make them robust and resilient
can
help
avoid and
mitigate
the
impact of
disruptions,
whether
from security
breaches
or
other
causes.
Such
efforts
require
collaborations
with
partners
across
the
supply
chains
and
with
governments.
The
short-term
costs
of
such
security
measures
can
be
balanced
against
the
long-term
gains
from
improved
supply
chain
performance
and
improved
customer
relations.
Globalization
is
a
central
fact
of the
global
economy,
involving
increasing
amounts
of
overseas components sourcing, overseas pro
duction,
global factory
networks,
and
lengthy
geographically
dispersed supply
chains servic
ing
international
markets
across
the world.
However,
the
physical
infrastructure
underpin
ning
globalization
is under threat
National
De
fense
University
2002),
possibly
compromis
ing
nations'
abilities
to
trade
goods
and
services
internationally,
in
turn
affecting
eco
nomic
growth,
employment,
and overall
pros
perity.
Overseas
shipping
now
accounts
for
over 90 percent of worldwide trade,with the
preponderance
of
non-bulk
cargo
shipped
via
containers.
If
ports
are
closed,
trading
partners
are no
longer
trusted,
and
container
movement
is
interrupted along
with world
trade,
reducing
supplies
of
goods
and
in-process
inventories,
shutting down factories, and causing layoffs
around theworld. Consumer choice is
reduced,
with fewer
goods
and
possibly higher prices.
Smooth
operation
of
the
international
trade
and
transportation
infrastructure
is
essential
to
global well-being.
When
supply
chain
executives
were
asked
about their
perception
of
supply
chain chal
lenges,
they
ranked
assuring
container
secu
rity
as
the
most
important challenge,
over
managerial
considerations such
as
reducing
in
ventory, reducing lead time variance, and re
ducing
stock-outs
(A.
T.
Kearney
2004,
Fig.l).
In
the
same
survey,
one
executive
noted
that
his
company
was
willing
to
do whatever it
takes
to
guarantee
container
security
(ibid.,
4).
Companies
with
strong
brands
are
likely
to
be
even more
concerned
about
the overall
impact
of
a
security
breakdown
on
theirbrand
value and
corporate
reputation.
Security
is
now
an
essential
and central
part
of the
supply
chain
and
all
supply
chain
participants
must
develop
strategies and skills to cope with these new
security
demands
(Banomyong
2005).
Russell
and Saldanha
(2003)
estimated
that
security
related
supply
chain modifications could
cost
around
$65
billion and
suggested
that
firms
Mr.
Sarathy
is
professor
of
strategy
and international
business,
Northeastern
University,
Boston,
Massachusetts
02115,
and
visiting
professor,
Australian
Graduate
School
ofManagement,
AGSM,
Sydney;
e
This
article
originated
as a
paper
presented
at
a
conference
on
International Trade
and
Logistics,
Corporate
Strategies
and
the
Global
Economy,
University of Le Havre, September 2005. The paper was
further developed
while the author
was on
sabbatical
as
a
visiting professor
at
the Australian Graduate School
of
Management,
AGSM,
Sydney,
Australia. Final
refinement for publication
herein
benefited from
constructive
criticism
by
three
anonymous
reviewers.
This content downloaded from 103.27.8.45 on Tue, 20 Oct 2015 16:53:20 UTCAll use subject to JSTOR Terms and Conditions
http://www.jstor.org/page/info/about/policies/terms.jsphttp://www.jstor.org/page/info/about/policies/terms.jsp7/24/2019 security in scm
3/25
2006 SECURITY
NDGLOBAL UPPLY HAIN
29
would have
to
develop
close
partnerships
with
both
government
and
supply
chain members
in
order
to
tackle
the
security
issues
effectively.
This article
begins by setting
out
a
general
ized
model
of the
supply
chain and
outlining
an
approach
to
managing supply
chain
disrup
tion. In
the
second
section,
we
highlight
and
discuss the various
points
of
security
vulnera
bility
across
the
supply
chain. We
also
discuss
the
role of
government
in
responding
to
secu
rity
threats and
governments'
interaction with
firms.We review how
technology
develop
ments
can
help
in
combating
security
threats.
We thendiscuss firm-level
strategies
for devel
oping
secure
supply
chains. We conclude with
suggestions
for
action
for firms
seeking
to
en
hance
supply
chain
security.
A
Generalized
Model
of the
Supply
Chain
Monczka,
Trent,
and
Handfield
(2005)
see
the
supply
chain
as
having
three inter-related
segments:
supplier
relationship
management,
internal
supply
chain
management,
and
cus
tomer
relationship
management.
Rice
and Can
iato
(2003)
subdivide the
supply
chain in terms
of
physical,
information,
and
freight
dimen
sions.
They
also
point
to
additional
distinct
aspects
of the
supply
chain
including
the
trans
portation
modes
used,
transportation
facilities,
manufacturing
systems,
people employed
across
the
supply
chain,
and
information
tech
nology.
Management's
task
is
to
design
the overall
supply
chain
across
the three
subsystems,
to
be
consistent
with its overall
strategic objectives,
and then to configure how various tasks, pro
cesses,
physical
facilities and
infrastructure,
means
of
transportation,
human
resources,
and
product
and information flow will be
aligned
across
the
supply
chain,
while
complying
with
government
regulations.
This
approach
is dem
onstrated
in Table 1. This
generalized
model
has several
implications
for
coping
with
disrup
tions,
including
security-related disruptions:
For smooth
functioning
of the
supply
chain,
management
would
have
to
ensure
that all components of the supply
chain?tasks,
physical goods
flow,
transportation,
information
flow,
people,
etc.?are
deployed effectively
and
as
planned.
Disruptions,
whether
security
related
or
otherwise,
could
occur
at
any
level
along
the
supply
hain,
t
the acili
ties
level,
at
information flow
or
trans
portation
of
goods,
or
elsewhere.
Ensur
ing
smooth
supply
chain
functioning
requires guarding
against disruptions
at
all levels of the
supply
chain.
Table
1
also
clarifies the fact that
only
one
of the
three
subsystems,
internal
sup
ply
chain
management,
is under
full
con
trol of
management.
The
other
two
sub
systems
are
governed by
shared
responsibility.
Guarding
against
disrup
tions,
including
that
from
security
threats,would
require
collaboration with
suppliers
and
with
customers.
Table
1
also
highlights
the
importance
of
strategy
in the
supply
chain,
with
the
implication
that
supply
chain
disruptions
can
prejudice
achieving
strategic objec
tives
as
much
as
affecting
the
delivery
of
goods. Any changes
to
the
supply
chain,
to
avoid
or
reduce
disruptions,
should be
consistent
with overall
strate
gic objectives.
Moreover, as supply chains become
globally
dispersed
and
scattered
across
many
nations and
cultures and
encom
passing
greater
distances,
there is
a
greater
possibility
that
disruptions
can
occur
at
distant
locations,
making
pre
vention and
mitigating
response
more
complex.
Trent and
Monczka
(2002)
em
phasize
that
global sourcing requires
in
tegration
across
global
locations and
functional
groups.
This
means
that
guarding against and responding to dis
ruptions
will
require
collaboration
across
nation
states
and
cultures,
with both do
mestic and
foreign supply
chain
partners
and
customers.
Risk
Management
and
Supply
Chain
Disruption
Risk
management
focuses
on
identifying
the
sources
and
nature
of
risk,
assessing
the
conse
quences,
and then
developing
measures
to
avoid
or
mitigate
risk
(Kleindorfer
and
Saad
2005; Chopra and Sodhi 2004). These three
distinct
phases
of risk
management?namely,
risk
specification,
risk
assessment,
and
risk
mitigation?can
be used
to
analyze
the
supply
chain
as
set out
in
Table
1.
This content downloaded from 103.27.8.45 on Tue, 20 Oct 2015 16:53:20 UTCAll use subject to JSTOR Terms and Conditions
http://www.jstor.org/page/info/about/policies/terms.jsphttp://www.jstor.org/page/info/about/policies/terms.jsp7/24/2019 security in scm
4/25
30 TRANSPORTATION
JOURNAL
Fall
Table
1. A
Generalized
Model
of
the
Supply
Chain_
,
. ,
Supplier
Customer
SupplyChain -> Dispersion:
Relationship
Internal
Supply Relationship
Supply
chain
I
elements:
Management
Chain
Management
Management
Strategic
objectives
-
Tasks
-
Processes
-
Manufacturing
facilities
-
Transportation
facilities
-
Freight
(physical
flow of
goods)
-
Transportation
modes
-
Information
flow
-
Human
resources
-
Government
regulation/relations
-
Greater
complexity
s
supply
chain
is
integrated
cross
globally
scattered
locations
and
functional
groups
Sources
of
Risk. Terrorism and
security
threats
are
not
the
only
cause
of
supply
chain
disruptions.
Threats
to
the
supply
chain
can
be
due
to
natural
risks
(hurricanes,
floods,
and
earthquakes), operational
or
routine
risks
(plant
breakdowns,
material
shortages)
and random
but
purposeful
events
such
as
terrorist-related
risk.Disruptions also can occur due toepidem
ics such
as
SARS,
environmental
accidents,
and from
political
instability.
Mitroff and
Al
paslan
(2003)
consider
security-
and terrorism
related risk
along
with
disruptions
caused
by
normal accidents and natural
events,
distin
guishing
terrorism-related risk
by
highlighting
the
fact
that
acts
of
purposeful
agents
are
at
the
heart of such risk. This
suggests
that
protecting
against
security
threats and terrorism-related
risks
to
the
supply
chain
can
be
studied in
the
context of responding togeneral disruptions to
the
supply
chain.
Risk Assessment. The risk
assessment
phase
focuses
on
the
consequence
or
impact
of
spe
cific risks.
In
the
case
of
a
global
supply
chain,
risk
assessment
is
concerned
with
understand
ing supply
chain
vulnerabilities
along
their
en
tire
geographically dispersed
length,
as
well
as
among
their
various
elements,
from
goods,
to
information,
transportation
modes,
and
people.
Sheffi
and
Rice
(2005)
adopt
such
a
view
in
developing a vulnerabilitymap fora company,
categorizing
both the likelihood
and
conse
quences
of various
threats,
and
highlighting
those threats
that
have
a
high
likelihood
of
occurrence
and
can cause severe
consequences.
Supply
chain
characteristics
can
themselves
contribute
to
vulnerability.
Hendricks
and Sin
ghal
(2005b)
suggest
that
an
overemphasis
on
efficiency?characterized
by
single
sourcing,
low
inventories
and
buffer
stock,
and limited
slack?can
create
greater
vulnerability
to
dis
ruption. Similarly,
supply
chains
that
involve
greater geographic distance, extend tomany
countries,
and
involve
many
distinct cultures
are
more
vulnerable
to
disruption,
as
are
supply
chains that
place
greater
reliance
on
outsourc
ing
and
have
numerous
supply
chain
partners.
Security-related
risks
are
magnified
in
supply
chains that
are
already
vulnerable
along
the
lines
outlined
above.
Beyond
the
supply
chain
itself,
how
the
sup
ply
chain
is
linked
to
overall
strategy
can
affect
vulnerability.
For
example, supply
chains seek
todeliver a designed product. The product de
sign
dictates
how it
is articulated into
the
sup
ply
chain
and
how various elements
of
the
complete product
are
assigned
to
internal and
external
sources.
As noted
above,
a
greater
dependence
on
outsourcing
increases
supply
chain
vulnerability.
The
length
of
the
product
life
cycle
also
matters,
with
shorter
product
cycles
more
affected
by
sudden
supply
chain
disruptions.
Lee
and
Whang
(2005)
point
to
some
of
the consequences of supply chain disruptions
(whether
caused
by security-related
causes
or
other
reasons),
including
increased
cost;
deliv
ery
disruption;
interruptions
in
the smooth flow
of
product
and
service;
time
delays; uncertainty
This content downloaded from 103.27.8.45 on Tue, 20 Oct 2015 16:53:20 UTCAll use subject to JSTOR Terms and Conditions
http://www.jstor.org/page/info/about/policies/terms.jsphttp://www.jstor.org/page/info/about/policies/terms.jsp7/24/2019 security in scm
5/25
2006
SECURITY
AND
GLOBAL SUPPLY
CHAIN
31
as
to
quantity, quality,
and
timely
arrival;
traf
fic
and
port
congestion;
and
longer cycle
times.
Further,
indirect
consequences
can
include
lower service
levels,
which could
affect
long
term customer
relations,
and
higher
insurance
premiums
due
to
security
and
other risks
of
supply
chain
disruption.
Hendricks and
Singhal
(2005a)
found
that
supply
chain
disruptions,
such
as
manufacturing
delays,
supplier
failure,
quality
problems,
and internal
errors,
led
to
firm
under-performance
in
the stockmarket
as
well
as
in
operational
performance.
They
cite
reductions
in
operating
income,
return
on
sales,
return
on
assets,
and
sales
growth
as conse
quences
of
supply
chain
disruptions,
while also
noting
increased
costs
and inventories. Such
performance
shortfalls
were
observed
to
last
as
long
as
two
years
after the initial
disruption.
These
consequences
point
to
the real
cost
of
disruptions, including
those caused
by security
related
causes,
and
suggest
that
the
costs
of
safeguarding
against security
problems
should
be
balanced
against
the
gains
from
avoiding
disruptions,
the
gains
from
improved
customer
relations and
lower insurance
premiums,
and
the
gains
from
avoiding
outcomes such as dete
riorating
supply
chain
performance.
Risk
Mitigation
After
specifying
and
as
sessing
risk,
firms
can
respond
by attempting
to
mitigate
risk.
Mitigation
can
consist of
at
tempting
to
reduce the
damage
caused
by
sup
ply
chain
disruptions,
or
taking
actions
to
pre
vent
or
reduce
the chance of
supply
chain
disruptions.
Given the
sources
of
vulnerabili
ties,
an
early warning
system
can
focus
on
these
sources
and
help trigger
timely
awareness
of potential and actual disruptions, allowing
for earlier
mitigation
and reduction of losses.
Mitigation
systems
can
also
assign responsibil
ity,
detailing
who
should focus
on
which
areas
of
security
threats.
Mitigation
can
range
from
designing
and
maintaining back-up
systems
in
reserve
and
developing
response
plans
for
worst-case
sce
narios,
to
rethinking product
design,
rede
signing
supply
chains,
and
focusing
on
loss
avoidance rather
than
mitigating
losses.
The latterapproach, of proactive prevention,
is
similar
in
spirit
to
the
underlying
philosophy
behind
TQM
(total
quality
management),
which focuses
on
process
control
rather
than
output
control,
using analysis
to
find the
causes
of
out-of-control
procedures,
and
then aims
to
remedy
these
root
causes.
Lee
and
Whang
(2005)
stress
the
importance
of
drawing
on
lessons from
TQM
in
supply
chain
risk
mitiga
tion,
particularly
in
attempting
to
avoid
secu
rity-related
risk
rather than
responding
after
the fact
to
events
caused
by security
breaches.
In
the
next
section,
we
draw
on
the above
ideas
to
analyze security
and
the
supply
chain
in
greater
detail.
Security
and the
Supply
Chain
Security-based
disruptions
can
occur
at
vari
ous
points along
the
supply
chain. Containers
are
one
of the
major
sources
of
security
con
cerns.
Containers
have been used
to
smuggle
illegal immigrants,
weapons,
and
drugs.
In It
aly,
a
suspected
terrorist
was
found
in
a
con
tainer
with
a
false
aviation
mechanic's certifi
cate,
maps
of
airports,
and
security
passes
(he
later
escaped
while
on
bail)
(The
Economist
2002).
The
consequences
of the
use
of
a
WMD
(weapon
of
mass
destruction)
or
discovery
of
such
a
device in
a
container
can
be
serious;
estimates
suggest
that
a
WMD
explosion
and
the
resulting
port
closure could cost
$1
trillion,
while
a
twelve-day
closure
following discovery
of
an
undetonated
WMD
could
cost
$58
billion
(O'Hanlon
2002,
Gerencser
et
al.
2002).
Large
containerships
with
cargo
capacity
ex
ceeding
4,000
ton-equivalent
units
(TEUs)
each
will
account
for
the bulk of container
traffic
in
the
future.
For
example,
in
2005,
COSCO,
the
China
Overseas
Shipping
Com
pany,
launched the
Cosco
Long
Beach,
an
8,000-TEU
containership,
at
the
Hyundai ship
yards.
This transition to
larger containerships
increases the need for
governments,
port
au
thorities,
and
international traders
to
oversee
their
security,
as
well
as
the
security
of increas
ingly larger
volumes
of
containers. From the
perspective
of U.S.
firms
and
theU.S.
govern
ment,
security
measures are
equally
necessary
at
the
ports
of
departure
of
goods,
as
they
are
at
their
points
of
entry
into the
U.S.
Of
the
top
ten
U.S. container
trade
partners,
seven
are
from
Asia,
the
other three from
Europe
(UN
CTAD 2003). China and Hong Kong together
account
for
about
one
third
of
total container
trade with the
U.S.,
while the
top
ten
foreign
ports
together
account
for about half of U.S.
bound
containers.
This content downloaded from 103.27.8.45 on Tue, 20 Oct 2015 16:53:20 UTCAll use subject to JSTOR Terms and Conditions
http://www.jstor.org/page/info/about/policies/terms.jsphttp://www.jstor.org/page/info/about/policies/terms.jsp7/24/2019 security in scm
6/25
32
TRANSPORTATION JOURNAL
Fall
Of
course,
containers
are
only
one
part
of the
overall
security
issue.
Containership
operators,
and
operators
of other vessel
types
such
as
dry
bulk
ships,
tankers,
and LNG
carriers,
also need
to
be
secure,
as
do
motor
and
rail
carriers.
In
theU.S.
alone,
more
than eleven
million trucks
and
more
than
two
million
railroad
cars cross
its borders
(GAO
2004).
Ships
can
themselves
become
targets,
as
in
the
example
of
USS
Cole,
when
a
small boat
attempted
to
blow it
up
in
the Persian Gulf.
People
are
also
a
security
issue,
encompassing
those
individuals
con
nected with the
manufacture,
transportation,
handling,
and
loading
of
internationally
traded
goods.
This
means
evaluating
supply
chain
partners,
suppliers,
and
service
providers.
Thus,
firms,
long
with their
supply
chain
part
ners
and
governments,
have
to
collaboratively
monitor and
safeguard security
at
all
points
of
entry
of their
goods,
whether
itbe
by
ship,
air,
rail,
or
road
(GAO 2003).
They
need
to
be
concerned
with
cargo
security,
vessel
security,
port
facilities
security,
and
personnel
security
(Koch 2005).
Figure
1
summarizes these
various
points
of
vulnerability
in the
supply
chain.
Security
related
sources
of risk
can occur
at
various
points
along
the
supply
chain,
including
the
following:
Goods
shipped
as
cargo,
whose
procure
ment
and
transportation
is the
principal
objective
of
the
supply
chain;
Factories,
both
captive plants
and those
belonging
to
outsourcing
partners,
where
goods
and
components
are
manufactured
and
assembled,
for
eventual
shipment
to
foreignmarkets, including theU.S.;
Supply
chain
providers
and
partners
such
as
freight
consolidators,
and their
em
ployees
at
each
of
these
points along
the
supply
chain;
Supply
chain facilities such
as ware
houses,
where
goods
to
be
exported
or
for distribution
to
markets
are
stored
while in
transit;
and
the
terminals
through
which the
goods
and containers
pass,
and where containers
are
loaded
and unloaded;
Freight carriers,
whether
by
truck,
air,
rail,
or
ship;
People
who have
access
to
the
goods,
containers,
and
supply
chain
facilities;
that
is,
employees
at
the
manufacturer,
the
exporter,
the
freight
forwarder,
the
shipper,
and
other
intermediaries;
Information,
particularly
about
cargo
manifests,
confidential
supply
chain
in
formation,
direct
to
customer
delivery
information,
and data intended for inte
gration
with broader
corporate
data
bases.
Layered
Security:
An
Approach
to
Mitigating Security
Risk
The wide
range
of
vulnerability
across
the
entire
supply
chain
summarized in
Figure
1
underlines thedifficultyof securing the supply
chain.
Compromised security
at
any
link
along
the
supply
chain
can
prejudice
the
entire chain.
Hence,
attempts
to
secure
the
supply
chain
have
relied
on
the
concept
of
layered security.
Such
an
approach
builds
redundancy
into
the
system,
so
that
security
breaches
at
one
level
can
be
guarded against
at
a
subsequent
level. Since
insecure
supply
chains affect both individual
companies
and the entire
economy,
the U.S.
and other
governments
and multilateral
agen
cies have been active inpromoting regulations
and
measures
to
develop
secure
supply
chains.
Drawing
on
Figure
1,
we
can
link
security
related
disruption possibilities
to
the
points
of
vulnerability
across
the
supply
chain.
Figure
2
summarizes
such
an
approach
to
layered
secu
rity.
The left side of
Figure
2
lists
these
security
vulnerabilities,
while
the
right
details
various
governmental
and
private
firm
measures
to
pro
tect
against
or
mitigate
such risks.
The
security
measures
and
regulations
out
lined
in
Figure
2
are
discussed
in
greater
detail
below. At
many
points,
government
regula
tions
set
the
scope
of the
security
measures
that
will
be
implemented
by
the
supply
chain
members.
At
other
points,
security
measures
are
left
to
the discretion of
the individual firms
and
supply
chain intermediaries. For
example,
the
Advance
Manifest Rule
is
a
requirement
that
foreign shippers
and
foreign
ports
partici
pating
in the
Container
Security
Initiative
must
comply
with.
Foreign
ports
have
a
choice
in
complying
with the
Container
Security
Initia
tive, which imposes specific security proce
dures
on
them.
However,
the International
Maritime
Organization's
International
Ship
ping
and Port
Security
Code
is
a
set
of
stan
dards,
with
compliance
left
to
the individual
This content downloaded from 103.27.8.45 on Tue, 20 Oct 2015 16:53:20 UTCAll use subject to JSTOR Terms and Conditions
http://www.jstor.org/page/info/about/policies/terms.jsphttp://www.jstor.org/page/info/about/policies/terms.jsp7/24/2019 security in scm
7/25
2006
SECURITY
AND
GLOBAL
SUPPLY CHAIN
33
Figure
1.
Points of
Vulnerability
n
the
Supply
Chain
Factories
-captive
-subcontractors
Supply
chain
facilities:
Warehouses
Supply
chain
providers
and
intermediaries
Transportation
carriers:
containerships,
air,
rail,
trucks
as
well
as
barges
Port
of
loading
Goods; and
container
loading
Ports,
airports, rail-yards,
nd
ports
and
stations
en
route
Borders
and
destination
ports
Onward transit n
importing
ountry,
to
customers
7/24/2019 security in scm
8/25
34
TRANSPORTATION JOURNAL
Fall
Figure
2.
Layered Security
Supply
Chain
Stages
Manufacturing
sources:
Captive
and outsourced
factories
Goods:
Stuffing
the container
Supply chain providers and
intermediaries
Transportation
nodes
and
carriers
Monitoring people
(With
access
to
goods,
containers,
carriers,
ports)
Establishing
trust
Information
flow
Security
Measures:
Governmental
& Private
J
Trusted
partners;
audit
security
measures;
employee
screening
at
hiring;
controlled
access;
secure
processes
AMR:
Advance
Manifest
Rule;
smart boxes :
container
security
devices,
sensors
CSI: Container Security Initiative, collaboration
with
foreign
ports
Smart
Portals
at
ports
for
screening
containers;
IMO:
ISPS
Code;
secure
facilities
and
access.
C-TPAT: Customs
Trade
Partnership
Against
Terrorism:
European
Union:
AEO,
Authorized Economic
Operator.
FAST
Program (US-NAFTA)
RFID
tags;
Encryption,
Secure
Networks
Automated
Targeting System;
Standards
setting
their
customers,
need
to
insist
on
and
motivate
the
use
of
secure
practices.
Programs
such
as
theU.S.
government's
C-TPAT
program
help
in
this
regard by setting
security
standards,
checking compliance, and offering incentives
for
adopting
secure
practices,
such
as
speedier
processing
on
arrival.
Transportation
Nodes and
Carriers.
Cargo
security
is
sought through
container
screening
by
using
sensors,
x-rays, gamma rays
(to
see
through clothing
and detect
concealed
weap
ons),
radiation
monitoring,
magnetic-field
based intrusion
detection,
and other
forms of
container
imaging
at
loading
(as
at
Hong
Kong's port)
and
on
arrival. This is
supple
mented with a policy of selective physical in
spection
of containers
deemed
suspicious,
along
with
controlled
access
to
the facilities
themselves.
Container
screening
aims
to
use
non-intrusive
techniques
to
inspect
for
danger
ous
cargo
such
as
nuclear
materials and chemi
cal
weapons.
Port
security
is
attempted
through
controlled
access,
coupled
with
surveillance,
based
on
intelligent
vision,
consisting
of fixed
and deployable cameras thatnot only see, but
also collect and
analyze, images
and
detect
threats,
if
present.
People.
Since
people
are
involved
at
every
stage
of the
supply
chain,
security
measures
need
to
ensure
that all such
individuals
can
be
trusted.
Measures include
pre-shipment
review
of
shippers
and
associates
at
the
point
of load
ing
and
departure,
and
monitoring
people
who
have had
access
to
the
container. The central
issue
is,
Can the
manufacturer,
the
shipper,
the exporter, the freight forwarder, and other
intermediaries
be
trusted?
Identification and
analysis
tools that
can
be used
consist of
smart
IDs,
biometrics,
fingerprints,
NA,
face
prints,
and retina
recognition,
all
allied with
databases
This content downloaded from 103.27.8.45 on Tue, 20 Oct 2015 16:53:20 UTCAll use subject to JSTOR Terms and Conditions
http://www.jstor.org/page/info/about/policies/terms.jsphttp://www.jstor.org/page/info/about/policies/terms.jsp7/24/2019 security in scm
9/25
2006 SECURITY
AND
GLOBAL
SUPPLY
CHAIN 35
to
determine individuals'
antecedents.
How
ever,
political
considerations and individual
privacy
do
enter
the
equation,
and
the
use
of
suchmeasures
may
be constrained
by
the
vary
ing privacy
laws that
may
be in
place
in
various
countries
(Sarathy
and Robertson
2003).
Information.
Supply
chain
reliability
and
performance depends heavily
on
the
capture
and
processing
of
accurate
supply
chain infor
mation.
Hence,
data
security
best
practices
such
as
virus and data
access
protection
are
widely deployed.
The
goal
is
to
prevent
unau
thorized
access
to
data and thus
prevent
alter
ation of data
that
might falsify
cargo
manifests,
and render ineffective the use of theAdvance
Manifest Rule. Such
safeguards
also
help
pro
tect
the
confidentiality
of
supply
chain infor
mation;
similar
concerns
surround the
manipu
lation
of
personnel
data,
which could affect the
validity
of
trust
placed
in
supply
chain workers.
An
emerging
concern
is
guarding against
at
tempts
at
hacking
RFID
tags
and
deleting
or
changing
the
information
stored
on
them
(Juels
2005,
Weis
2003).
If
the
integrity
fRFID
tags
is
breached,
the
data stored
on
such
tags
can
no
longer
be relied on, and
security
measures
that
rely
on
such
RFID
tags
become ineffective.
Government
and
Multilateral
Agencies'
Attempts
at
Safeguarding
Supply
Chain
Security
Figure
2
summarizes
safety regulations
and
measures
that
are
pertinent
to
protecting
against
the
various
supply
chain
vulnerabilities.
Many
of
these
measures
reflect U.S.
govern
ment
actions,
with
parallel
measures
instituted
by theEuropean Union, theUN's International
Maritime
Organization,
and
others.
We
sum
marize these
measures
and
their intended ef
fects,
beginning
with
the U.S. Customs
and
Border
Protection
(CBP)
agency's
steps
to
monitor inbound
cargo,
safeguard
ports,
and
identify
trusted
partners,
incorporating
a
lay
ered
security approach.
The CBP
process
in
cludes
the
following:
-
The Advance Manifest
Rule,
requiring
submission of
electronic
cargo
manifests
forall shipments at least twenty-fourhours
prior
to
being
loaded
on
U.S.-bound
ships
in
the
foreign
ports.
Because
foreign
ports
sometimes did
not
provide
timely
informa
tion
to
allow
screening
of containers
with
the
Automated
Target System
(ATS)
soft
ware,
Customs
initiated
the
twenty-four
hour manifest
rule
as
a
way
of
ensuringthat critical informationwas available suf
ficiently
in
advance
of
the containers
being
loaded
on
to
U.S.-bound
ships.
This
was
mandated
through
the
Trade
Act
of 2002.
-
Use
of the
Automated
Target System
(ATS)
to
evaluate such
cargo
manifests,
evaluate
high-risk
vs.
low-risk
containers,
and
pick
shipments
for further exami
nation.
-
The
Container
Security
Initiative
(CSI),
which,
with
the
cooperation
of
over
forty
of theworld's
largest
ports,
helps
identify
dangerous
containers before
they
leave the
ports
for theU.S. and
elsewhere. CSI
can
reduce overall
delays,
as
container
screen
ing
can
occur
at
the
overseas
ports,
while
awaiting loading,
during
down time.CSFs
intent
is
to
cooperate
with
local
port
offi
cials
to
establish
trusted
categories
of
ship
pers
and their
networks
(importer, shipper,
freight
forwarder,
land
transportation,
dock
workers,
exporter,
manufacturer,
etc.). Further, local officials can
help
iden
tify
which
of the
shippers
unfamiliar
to
CBP
are
low-risk
operators,
helping
make
the
system
efficient. The
challenge
is
to
help supply
chain
partners?shippers,
freight
forwarders,
and
third-party
(3PL)
logistics providers?meet
security
param
eters,
with
levels of
knowledge
and
com
mitment
equivalent
to
the
shipper.
CSI
re
quires
that
CBP
personnel
be stationed
at
the various
foreign
ports
that
are
part
of
the CSI. These U.S. staffmembers have
to
communicate with and
cooperate
with
local
port
officials and with local
govern
ment
regulations
in
order
to
be
effective.
-
Customs Trade
Partnership against
Terror
ism,
C-TPAT,
is
a
public-private
partner
ship,
which
gives
participants
expedited
cargo
processing
in
exchange
for
tightened
security
and
cargo
tracking
at
points along
the
cargo
transit nd
supply
chain. Partici
pant
firms
receive
security
recommenda
tions from CBP (CBP 2005) and are re
quired
to
work with their
supply
chain
partners
to
implement
these
security
best
practices.
CBP officials
review their
secu
rity procedures,
make
recommendations
This content downloaded from 103.27.8.45 on Tue, 20 Oct 2015 16:53:20 UTCAll use subject to JSTOR Terms and Conditions
http://www.jstor.org/page/info/about/policies/terms.jsphttp://www.jstor.org/page/info/about/policies/terms.jsp7/24/2019 security in scm
10/25
36
TRANSPORTATION JOURNAL
Fall
for
improvement,
and
typically
follow
up
with
an
audit
as
well
as an
annual
assess
ment.
Based
on
these
reviews,
companies
are
assigned
scores
which,
if
favorable,
give
them
expedited processing
through
U.S.
ports,
and
a
reduced
likelihood of
physical inspection.
Newly
created
supply
chain
specialists
within
the
CBP
organiza
tion
help
recruit
new
companies
into
the
C-TPAT
program
and assist
them
with
their
security
programs
and
in
establishing
their
security
profiles.
C-TPAT
teams
are
typically composed
of CBP
specialists,
in
telligence
officials,
and
Department
of
Homeland Security (DHS) representa
tives,
thus
giving
equal
weight
to
trade
and
security
issues.
-
Physical
Inspection
of
suspicious
contain
ers
at
ports
with non-intrusive
inspection
and radiation detectors.
-
Free
and Secure Trade
(FAST)
is
a
volun
tary
program
aimed
specifically
at
effi
cient
screening
and
clearance
of
commer
cial traffic
in NAFTA trade
among
the
U.S., Canada,
andMexico.
The
FAST
pro
gram requires carriers, drivers, importers,
and southern
border manufacturers
to
pro
vide
information for
a
security profile,
with
known low-risk
participants
receiv
ing expedited
border
processing.
FAST
works
in
conjunction
with the C-TPAT
and
PIP
programs.
Other
Governments'
Approaches
to
Monitoring Supply
Chain
Security
Other
trading
nations have
similarly
at
tempted
to
regulate supply
chain
security.
Can
ada, for
example,
has itsPIP (Partners in Pro
tection)
program,
similar
to
theU.S.
C-TPAT,
and
its
version of
theAdvance Manifest
Rule,
requiring
detailed information
on
shipments
being shipped
into Canada
to
be filed
within
twenty-four
hours
of
sailing
from
the
port
of
loading.
The
European
Union has
legislated
procedures
to
qualify
European
shippers
as
Au
thorized
Economic
Operators
(AEO),
granting
them
customs
simplification
and
security
facil
itation,
depending
on
the
level of
certification
achieved. They plan to work with the U.S.
government
to
obtain
reciprocal
recognition
of
the
C-TPAT and
AEO certifications.
The
UN's
International
Maritime
Organiza
tion
(IMO)
has
adopted
the International
Ship
and Port
Facility Security
Code
(ISPS)
as
of
July
2004,
though
these
represent
guidelines
rather than
specific
regulations,
with
compli
ance left to individual
ports
and
ship
owners.
The World
Customs
Organization
has
devel
oped
the SAFE
Framework?Framework
of
Standards
to
Secure and Facilitate Global
Trade?for
use
by
itsmember countries. The
International
Standards
Organization
pub
lished its
ISO/PAS
28000
standard,
Specifi
cation
for
Security
Management Systems
for
the
Supply
Chain,
in
2005. Fratianni and
Kang
(2004)
note
that such
multilateral
cooper
ative
approaches
to
managing
security
issues
in response to terrorismare likely to increase.
Private firms
must
comply
with these
regula
tions,
where
necessary,
and
adopt
the
recom
mendations
as
appropriate.
They
have
to
decide
furtherwhether additional internal
measures
are
necessary
to
complement
these
governmen
tal and
quasi-governmental regulations
and
measures.
In
many
cases,
implementation
has
to
be worked
out
by industry
nd
cross-industry
consortia,
and
a
key
element
is
the
cost
of
compliance compared
to
the benefits of
adher
ing to these regulations and recommendations.
In
the
case
of
regulations
that
are
recent
and
still
evolving, private
firms
must
decide
whether
to
work in
concert
with
their
competi
tors
and
supply
chain
partners
to
help
shape
industry security
standards
before such
stan
dards
are
determined
by
government
agencies
and
imposed
on
them.
Firms active
in the
indus
try
ave
a
better
understanding
of
industry
pro
cesses
and
may
be
better
able
to
judge
how
a
standard
can
be
shaped
to
achieve
greater
security
while
lowering
costs
of
compliance
with
the standards.
Technology
and
Supply
Chain
Security
New
technologies
offer
interesting
capabili
ties
to
help
firms
secure
their
supply
chain.
Technology developments
can
facilitate
secu
rity
at
several
facets
of the
supply
chain,
both
inside and
outside
the
box,
including
the
following:
-
Supply
chain
personnel
identification and
controlled
access
to
supply
chain
nodes;
- Secure loading of containers and verifica
tion with electronic
manifests;
-
Seals
for
containers;
-
Software
for
automated
targeting
of
sus
pect
containers;
This content downloaded from 103.27.8.45 on Tue, 20 Oct 2015 16:53:20 UTCAll use subject to JSTOR Terms and Conditions
http://www.jstor.org/page/info/about/policies/terms.jsphttp://www.jstor.org/page/info/about/policies/terms.jsp7/24/2019 security in scm
11/25
2006
SECURITY
AND GLOBAL SUPPLY
CHAIN
37
-
Use
of
RFID
tags
for
monitoring
what
is loaded
onto
the
containers
as
well
as
monitoring
containers and their
contents
during
transit;
leading
to
smart
boxes,
containers
equipped
with
RFID and
com
plementary
advanced container
security
devices that
can
provide
greater
in-transit
security
of
containers;
-
Non-intrusive
inspection
of
suspect
con
tainers,
at
departure
and
at
arrival;
-
Supply
chain
intelligence
-
keeping
a
record of
who
has
had
access
to
the
con
tainer
at
warehouses,
at
the
dock,
at
load
ing
and
unloading,
and
in
transit;
as
well
as
continuously
recording
the
physical
lo
cations of containers and
individual
items;
-
Communication
among
transportation
modes, containers,
and
supply
chain
net
works,
linked
to
supply
chain database
management,
with
use
of
encryption
and
data
security.
Three
aspects
of
technology
aids
to
security,
namely,
the
use
of RFID
tags,
smart
containers,
and container
screening
and
inspection,
are
dis
cussed
in
greater
detail
(David
2005;
Tirsch
well 2005a; Tirschwell 2005b; McHale 2005;
Eisenberg
2005).
RFID
Tags
The U.S.
Army
has been
a
major
proponent
of
using
RFID
tags
to
provide
a
common,
integrated
structure
for
logistics
identification
smart
containers,
and
tracking, locating,
and
monitoring
of commodities and
assets
through
out
the
Defense
Department.
The Defense
Department
issued
a
Defense
Federal
Acquisi
tion
Regulation Supplement (DFARS),
which
mandated
the
use
of
passive
RFID
tags
on
certain classes
of
defense
procurement
such
as
operational
rations,
clothing,
individual
equip
ment,
tools,
and
weapon
system
repair
parts
(GCN 2005).
In the
private
sector,
Wal-Mart
has
been
an
early
mover
in
requiring
a
growing
number
of its
suppliers
to
equip
their
product
shipments
to
Wal-Mart with
RFID
tags.
Acer
uses
RFID
to
monitor and
efficiently
operate
both
incoming supplies
intoTaiwan and China
and
then
the
reverse
flow of final
products
to
international markets. Levi Strauss has used
RFID in
item-level
tagging, giving
them
more
precise
information about on-shelf
availability
of their
vast assortment
of
clothing
and
acces
sories,
by
details
such
as
size,
style,
and
color.
Pfizer
has used
RFID
to
fight
ounterfeiting
of
drugs
such
as
Viagra,
while
San
Francisco
Airport
has
used
RFID
to
track
baggage during
handling.
The RFID
tag
stores
data,
and
when
attached
to
a
sealed
container and
activated,
wirelessly
communicates
on a
given
radio
frequency
with
the
logistics
network.
Active
tags
allow
con
stant
updating
of
information,
such
as
where
the
container
stopped,
who had
access
to
it,
and whether
contents
had
changed.
Active
tags
can
process
information
relayed by
sensors
that
detect
changes
in
pressure,
radiation,
chemical
signatures,
etc.
This
continuously updated
in
formation
can
be
constantly
communicated
en
route.
At the container's final
destination,
the
tag
can
be
completely
read,
the data
analyzed
and
archived,
and the
tag
deactivated and
ready
for
re-use
if
possible
(A
T
Kearney
2004,
7).
The
RFID
tag
data
provide
an
audit trail of the
container's
journey,
and
help
keep
track
of
its
location
and
contents,
meeting
the needs
of
supply
chain
efficiency
and
security
(Tirsch
well
2005c;
Wall Street Journal
2005a;
Ed
monson
2004).
Since
active
RFID
tags
can
be
reused and
rewritten,
they
have tobe
protected
against
unauthorized intrusion and
hacking
(Weis
2003;
Juels
005).
Reusable active
tags
cost
more
than
passive
tags.
An
active
tag system
would
require larger
investments
to
support
repeated
use over
the
multi-year
container life
(Molar
2004).
A
De
fense
Department study
derived
an
estimate of
$70
to
$100
per
reusable
tag
(Department
of
Defense
2005,
18),
though,
as
early adopters,
they
paid
premium
prices.
The
costs
of
reusable
tags are
likely
to come down with
growing
volumes
of
use.
Nonetheless,
equipping
all of
a
shipping
company's
containers with active
tags
and related
communication infrastructure
could be
an
expensive
investment. The relevant
cost
is the total
system
cost
of
antennas,
read
ers,
tags,
software,
installation, service,
and
maintenance.
RFID
usage
and
efficiency
is
affected
by
a
number
of factors:
cost
and read
reliability
of
the
tags,
the
range
fromwhich
tags
can
be
read,
the speed with which tags can be read, tag
durability,
the
ability
of
tags
to store
and
pro
vide rich
information,
and the
extent to
which
tag
usage
can
be
relatively
free
of the need
for
human intervention.
RFID
tags
can
vary
in
This content downloaded from 103.27.8.45 on Tue, 20 Oct 2015 16:53:20 UTCAll use subject to JSTOR Terms and Conditions
http://www.jstor.org/page/info/about/policies/terms.jsphttp://www.jstor.org/page/info/about/policies/terms.jsp7/24/2019 security in scm
12/25
38
TRANSPORTATION
JOURNAL
Fall
their
performance
dimensions,
as
not
all
users
have
the
same
need
for
rich
data,
longer
range,
and
higher-speed
communication.
RFID
read
ers
also
vary
in
their
capabilities,
with
some
readers better able
to
perform
in
high
noise
situations,
with
greater
range,
better
security
features,
and
lower
error
rates.
RFID
solutions
also
vary
in
their
ability
to
interfacewith
enter
prise
databases and software.
RFID
has several
advantages
over
barcodes:
no
line of
sight
is
required
as
in
reading
barcodes,
the
tags
can
withstand harsh
conditions,
as
in
ocean
travel,
and
multiple
products
can
be scanned
at
once.
RFID
Standards
Development.
The
development
of
RFID
standards
provides
insight
into
the role that
industry
efforts
can
play
in
devel
oping
standards
that
can
help supply
chain
se
curity,
as
opposed
to
accepting
government
derived and -mandated standards.
The
current
second
generation
standard,
EPC
Gen
2
Elec
tronic Product
Code,
was
originally
developed
by
the Auto-ID
Center
to
complement
bar
codes,
and
provide
information
to
help identify
manufacturer,
product
category,
and the
indi
vidual item.
Auto-ID
Center is
a
non-profit
collaboration between
private
companies
and
academia that
pioneered
the
development
of
an
Internet-like
infrastructure for
tracking
goods
globally through
the
use
of
RFID
tags
carrying
Electronic Product Codes. The
Gen
2
standard
uses a
single
UHF
specification,
allows differ
ent
communication
speeds depending
on
back
ground
noise,
is
better
at
reading
distant
tags
at
the
edge
of
the reader's
range,
improves
the
operations
of
multiple
readers
in
close
proxim
ity,
nd
allows
tags
to
communicate with multi
ple readers in parallel sessions.
In
September
2003,
the Auto-ID
Center
passed
on
its work
to
university-based
Auto
ID
Labs,
located
principally
at
MIT.
Another
organization,
EPCglobal,
was
created
to
dif
fuse and
expand
the
standards
being developed.
EPCglobal
is
a
non-profit organization
jointly
set
up
by
theUniform Code Council
(the
orga
nization that
oversees
the
UPC barcode
stan
dard)
and EAN
International
(the
barcode
stan
dards
body
in
Europe)
to
develop global
standards forRFID use, topromote EPC tech
nology,
and
to
stimulate
global
adoption
of
the
EPCglobal
Network,
which
facilitates the
seamless
use
of
EPC and
RFID
across
global
supply
chains.
RFID
tag
raud.
The
expanding
use
of RFID
and its
growing
role in
safeguarding
supply
chain
security
means
that the
system
must
be
able
to
guard
against
RFID
tag
fraud.
For
exam
ple,
the
Exxon
SpeedPass
has
an
embedded
an
RFID
tag
with
user
information
so
that
a
motorist
can wave a
SpeedPass
at
the
gas
pump
and have
payment
charged
to
the
account
of
the
person
whose information
is stored
on
the
SpeedPass.
If
this information
could be
altered
or
copied,
billing
errors
could
occur
and the
wrong
account
could be
charged.
Juels
(2005)
has shown how
an
encryption
code
in
Exxon's
SpeedPass
could be
uncovered,
allowing
fraud
ulent
alteration. This
problem
is
more
signifi
cant
in
reusable and
read-write
tags.
EPC Gen
2
standards
have
attempted
to
prevent
such
fraudulent
alteration
by
embedding
lock
codes;
if
the
RFID
reader tries
to
keep
feeding
differ
ent
lock
codes,
in
order
to
enable the
rewrite
capability,
the
tags
could be
deactivated
for
a
certain
period.
Weis
(2003)
outlines
several
security
proposals
to
combat such
security
weaknesses,
such
as
limiting
access
to
RFID
tags
through
hash locks
(a
hash
being
a
value
computed
from a
randomly
selected
crypto
graphic
key),
and the
use
of
low-cost hash
functions such
as
cellular
automata-based
hashes.
Weis
also outlines
proposals
to
prevent
eavesdropping
on a
tag's
content
when
broad
cast
to
the
reader.
Longer
lock
codes
and
en
cryption
can
help guard
against
such hacks.
If
attempts
are
made
to
change
the
product
identification,
that
is,
its
EPC,
software
could
check
to
see
if
duplicate
EPC
exists
anywhere
in
the
world
(though
this
assumes
real-time
access to a global EPC database and complete
interoperability).
Beyond
security applications,
RFID
has
im
mense
value for
supply
chain
management
in
tracking quantities
and the
movement
of
goods
across
geographically
distant
points
in
the
sup
ply
chain
network.
RFID
provides
incredible
transparency
and
clarity
in
the
supply
chain,
noted Robert
Turk,
who
serves as
national di
rector
for
supply
chain
at
Siemens and
played
a
central role in
Siemens'
RFID
efforts.
Thus,
the costs of an RFID system installation can
be balanced
against
the
benefits from
greater
supply
chain
efficiency
and
effectiveness,
as
well
as
impacts
such
as
lower
pipeline
and
buffer stock
inventories
and
greater
customer
This content downloaded from 103.27.8.45 on Tue, 20 Oct 2015 16:53:20 UTCAll use subject to JSTOR Terms and Conditions
http://www.jstor.org/page/info/about/policies/terms.jsphttp://www.jstor.org/page/info/about/policies/terms.jsp7/24/2019 security in scm
13/25
2006
SECURITY
AND
GLOBAL
SUPPLY CHAIN
39
satisfaction from
receiving
accurate
shipment
information and
on-time
delivery
of
orders.
Container Security and Smart Boxes
The
term
smart
boxes'' refers
to
containers
equipped
with
tamper-proof
seals,
sensors
to
gather
in-transit
information,
and
reusable
ac
tive RFID
tags
that
store
and communicate
real-time information
about the
container's
sta
tus
throughout
its transit.
Information
relayed
from
the
RFID
system
can
be used
to
compare
the electronic
manifest
to
physical goods
in
the
container,
sounding
an
alarm
if
there is
a
discrepancy.
The
tags
could
pinpoint
the
geo
graphic source of intrusion.However, sensors
attached
to
container
doors
may
be
unable
to
detect intrusions
into containers from
the sides.
The
tags
collectively
could
gather
vast
amounts
of
shipment
information,
communicating
with
communication
hubs,
which
use
specialized
software
to
collect,
organize,
and
analyze
data
from
multiple
tags
and
sensors,
consolidate
in
databases,
and
store
for future retrieval.
Soft
ware
would be used
to
incorporate
risk
factors
to
analyze
data,
and
judge
threats,
suggesting
preemptive responses.
The
quantity
of data
gathered
inevitably
raises issues of data
secu
rity
nd
confidentiality.
Firms
using
smart
con
tainers have
to
ensure
that container
shipment
data
are
kept
confidential and
not
available
to
others
in
the
industry.
Container
security
devices
(CSDs)
may
also
be
prone
to
false alarms. The
containers
are
subject
to
harsh
environmental
conditions,
high
seas,
forty-foot
swells,
and
enormous
changes
in
pressure
(eight
containers
stacked
on
top
of
each
other),
all of which
can cause a sensor
to
issue false
readings.
Too
many
false alarms
would make the
system
costly
to
use,
and
cause
information from
alarms
to
be
ignored
in
the
U.S. and
at
ports
of
departure
and transit.Mas
sey (2005)
suggests
that
a
superior
alternative
would be the
external
screening
of containers
using
gamma
and
x-ray
scanners.
Another
problem
is
tag
switching,
where
tags
can
be
moved from
one
location
(container)
to
another
without loss of
function. One solution is
to
embed the
RFID
antenna to
the
adhesive,
so
thatattempts tomove the tag cause theantenna
to
separate,
making
the
tag
non-functional
(Manufacturing
Business
Technology
2006).
The U.S.
Department
of Homeland
Security
(DHS)
has
attempted
to set
open
standards for
emerging products
for
container
security.
Homeland
Security's
Advanced
Research
Proj
ects
Agency
(ARPA)
has issued Broad
AgencyAnnouncement
(BAA)
#
04-06,
setting
stan
dards for the
CSD. DHS
has
similarly
man
dated
power
source
standards,
requiring
a
mini
mum
30,000-hour
useful
life.
Container
Screening
and
Inspection
Despite
careful advance
screening,
therewill
be
need
to
inspect
some
containers
on
arrival,
based
on
information
gathered
from
manifests
and
during
transit. This
has led
to
the
emer
gence
of
the smart
portals
concept,
which
would involve non-intrusive inspection of con
tainers
at
ports
and
other
points
of
loading
and
unloading.
It
may
be
more
economical
to
inspect
containers with
external
scanning
devices than
equip
each
container with
individ
ual
security
devices
and
selectively
inspect
them.
Hong Kong
initiated
a
pilot
project
to
inspect
all
containers
(Wall
Street Journal
2005b).
The
Hong Kong
scheme
requires
con
tainers
to
pass
through
gamma
ray
scanning
stations,
which
would
show
images
of
the
con
tainer
contents
similar
to
an
x-ray
and
probe
suspiciously
dense
objects
that
may
have been
shielded
and hence
not
detectable with
x-rays
(Flynn
2006).
Technicians
would
analyze
these
scans
and
pick
containers
for
further
inspection
if
the
images
raised
suspicion.
A
second
scan
would
monitor
for
radiation from nuclear
de
vices and
superimpose
these
images
over
the
gamma-ray
scan
to
detect the
source
of
radia
tion,
if
any.
A
scan
of
the
container
ID
number
would enable
the
linking
of
scan
data
with
other
container manifest
data and the
geographical
origin
and transit of the container, with all the
information stored
and
available
in
databases
for worldwide
access.
The
U.S.
also
uses
gamma-imaging
and
radi
ation
detectors,
but relies
on
its
software-based
Automatic
Targeting
System,
together
with
the
cooperation
of
foreign
ports
and
shippers
in its
CSI and C-TPAT
programs,
to
identify
at-risk
containers for
intensive
screening
on
arrival.
Such
images
are
generally
not
stored and
are
not
available
to
other
ports,
and would need
to be supplemented with information from
CSDs
on
board
containers,
to
gather
informa
tion
on
the
origin
and
route
of
containers,
and
other related
information.
Longshoremen
unions
at
some
U.S.
ports
have
been
unwilling
This content downloaded from 103.27.8.45 on Tue, 20 Oct 2015 16:53:20 UTCAll use subject to JSTOR Terms and Conditions
http://www.jstor.org/page/info/about/policies/terms.jsphttp://www.jstor.org/page/info/about/policies/terms.jsp7/24/2019 security in scm
14/25
40 TRANSPORTATION
JOURNAL Fall
to
drive containers
through
the
scanner,
raising
health
concerns over
the
safety
of
gamma-ray
scanners.
An
alternative would be
to
stage
con
tainers
in
an
open
area
and
allow the
scanner
to
pass
over
them. This
approach
could be
hindered
by
space
limitations
at
the
ports
and
by
inclement weather. Itwould also be
slower,
and could lead
to
a
lower
rate
of containers
being
screened. The debate
over
two
distinct
approaches
to
screening
containers
is
indica
tive of the
difficulty
of
choosing
appropriate
security
measures.
It
points
to
the increased
role that
supply
chain
industry
participants
need
to
play
to
choose
approaches
that
can
best
combine
security
needs with efficient business
operations,
rather than await
government-man
dated
approaches
and
requirements.
The
technologies
described above
are
pri
marily
concerned with the
security
of
goods
and
the containers
they
are
shipped
in.
Other
links
along
the
supply
chain,
such
as
factories
and
ports
themselves,
and
the
people
involved
along
the
supply
chain,
all need similar tech
nology-enhanced
means
of
safeguarding
secu
rity.
For
example, technology
can
be
used
in
controlling
access to the docks and other cargo
facilities,
through
identification cards
relying
on
fingerprints
and other biometric data. How
ever,
since the
greatest
danger
to
containers
is when
they
are
not
moving, procedures
and
technology
to
detect
tampering
are
valuable.
Technology
to
detect the
integrity
f container
seals is critical
to
in-transit container
security.
The first
two
aspects
of risk
management,
sources
of risk and risk
assessment,
are
being
addressed
by
U.S.
government
and
private
sec
torefforts, s discussed above and summarized
in
Figures
1
and
2.
Some
of the
security
mea
sures
help
reduce
or
avoid
risk
and
thus
also
address risk
mitigation.
In
the
next
section,
we
analyze
firm-level efforts
to
mitigate
risk.
Firm-level
Strategy: Security
and the
Supply Chain
Once
security
risks have been identified and
assessed,
the
next
step
is risk avoidance and
risk
mitigation.
A
main
objective
is
to
design
supply chains that can withstand security at
tacks,
and
are
secure,
robust, resilient,
and flex
ible.
A
robust
supply
chain is less vulnerable
to
disruption.
A
resilient
supply
chain is
one
that
can
bounce back
quickly
from
a
disruption.
For
example,
a
firmwith
modular
process
and
product design
can
adapt
to
raw
material
supply
interruptions
and
shortages,
and
develop
a
speedy
response
to such
contingencies
without
seriously affecting
product availability.
Resil
ience
