HDA Adds Pharmaceutical Cargo Security Coalition
PCSC founder Chuck Forsaith will continue to lead coalition and provide information aimed at ensuring the safety and integrity of the supply chain.
By Jim Butschli, Editor
The Healthcare Distribution Alliance (HDA) added the Pharmaceutical Cargo Security Coalition (PCSC) to its organization. This new service offering will go into full effect Jan. 1, 2018. PCSC’s founder, Chuck Forsaith, will continue to lead the coalition as Senior Director with HDA.
“Promoting pharmaceutical supply chain security is a shared mission of HDA and PCSC. We are thrilled to be bringing on Chuck,” says Perry Fri, Executive Vice President, Industry Relations, Membership and Education, HDA. “Chuck’s expertise, and the resources offered through PCSC, will give our members access to information vital to ensure the continued safety and integrity of the supply chain. We are pleased to welcome Chuck and the current members of PCSC to HDA.”
Founded in 2006, PCSC provides a forum for industry security and logistics professionals to exchange supply chain risk intelligence; network with peers, law enforcement and regulatory officials at all levels of government; and receive information that advances risk management and mitigation capabilities of all stakeholders. PCSC membership is now available to all HDA members.
“I am thrilled that I have been offered an opportunity to operate the PCSC on a full-time basis within HDA — one of the industry’s leading advocates for supply chain security,” says Forsaith. “This partnership will bring immense value to the HDA membership, coalition members and the industry.”
Forsaith has 40 years of experience in the security and law enforcement fields that includes work within the pharmaceutical industry and as a New Hampshire municipal and state police officer.
HDA represents primary pharmaceutical distributors, the link between the nation’s pharmaceutical manufacturers and more than 200,000 pharmacies, hospitals, long-term care facilities, clinics and others nationwide. The HDA Research Foundation, HDA’s non-profit charitable foundation, serves the healthcare industry by providing research and education focused on priority healthcare supply chain issues.
HDA’s PCSC offers supply chain security intelligence; access to contacts from industry, government, and vendor trade disciplines; as well as education. Primarily (but not exclusively) focused on the pharmaceutical industry.
HDA Adds Pharmaceutical Cargo Security Coalition
The Threat Environment
Logistics by all modalities is vulnerable to surreptitious theft. Without a proactive, deterrent and visually verifiable approach to protecting valuable cargo, shippers run the risk of substantial, on-going loss. It’s typically caused by the opportunistic theft of palletized cargo in such a manner that immediate detection is unlikely.
Pharmaceuticals, electronics equipment, luxury goods and other high value items packaged in cartons or small boxes are most susceptible to this form of theft. Thieves use box cutters and utility knives to quickly “slash and grab” a few items from boxed, often stretch-wrapped, palletized freight.
Carriers are responsible for theft that’s discovered prior to acceptance. Failure to note a breach when signing off on the BOL relieves the carrier from any and all responsibility, so a process that immediately exposes tampering and theft is essential.
Losses can add up rapidly. Considering recovery, replacement and customer goodwill, freight lost to cargo theft can cost shippers more than triple its retail price. Recovery of damages from insurance is rare.
Palletized cargo is most often attacked from the sides or underneath, circumventing the wrapping and strapping that holds the cargo together. From the bottom, center boards are broken or cut off. Boxes just above the bottom slats are dropped through and replaced with weighted cartons to maintain the integrity of the cargo. This renders inspection by weight checking useless; the breached pallet weighs the same as it did when fully loaded.
Another method of stealing goods from pallets is to cut or shift the stretch wrap and remove the shipping carton and product from the outside without cutting the strapping, again replacing it with sand or like-weighted materials to reform the pallet. Once that’s done the perpetrator simply adjusts the stretch wrap to hide the entry point.
Compounding the challenge posed by these crimes of opportunity is the fact that palletized cargo comes in an infinite variety of shapes, types and sizes, and is vulnerable to a wide range of threats. Therefore a customized approach is needed; there’s no “one-size-fits-all” solution.
The Cargo Security Alliance solution: Pallet Security Kits
CSA works with its members to understand the threat environment and their unique cargo and shipping requirements to design a protocol that mitigates the risk of opportunistic theft.
The best way to protect palletized cargo is to establish a security protocol that considers and incorporates the packaging materials as an integral component of the process. Rigorous visual inspection combined with tamper-evident and resistant packaging and a procedure to establish and maintain the chain of custody are keys to creating a secure environment for goods in transit to reduce loss – without breaking the bank in costs.
Weight adds to shipping cost so it’s a major consideration in designing the solution, especially in air cargo applications; an effective protective barrier that adds as few pounds as possible is obviously desirable.
CSA offers expertise and a variety of lightweight, theft-deterrent packaging materials and tools to secure and track palletized cargo, crates and containers while adding a only a small fraction to shipping costs. Components of CSA’s Pallet Security Kit may include:
- Lightweight sheathing materials that are impervious to knives and box cutters
- Tamper-evident tape (TET), bags and seals
- The Topp Clip® pallet sealing system
- Covert GPS tracking devices and services to report location, motion and container openings to inform the status of cargo at all times, anywhere across the globe
- A customized packing and tracking protocol to establish and maintain a secure chain of custody, from end-to-end
Successful applications of CSA’s Pallet Security Kit include ensuring that a shipment of security-sensitive servers was not compromised during a datacenter move from the USA to China and deterring opportunistic “slash and grab” thefts of palletized cell phones destined for South America.
From seals to tapes, from cut-proof components to tamper-evident packaging and tracking devices, CSA has a customizable solution to secure your palletized cargo from a wide range of threats. For a free consultation contact us by e-mail at firstname.lastname@example.org or call us at: (941) 575-0243.
This volume presents new theoretical insights, practical strategies, and policy initiatives in the rapidly evolving field of global supply chain security. As businesses, governments, and society at large have become increasingly dependent on a global network to provide goods and services, protecting global supply chains has become an issue of vital importance for industries, nations, and regions. The “supply chain” encompasses all the links connecting a manufacturer to end users of its products. Links may take the form of plants, supplier warehouses, vendor facilities, ports or hubs, retail warehouses or facilities, and outbound shipping centers. Links also involve all the ways goods are moved—by truck, ship, airplane, or rail car.
A great deal can go wrong in the supply chain due to company or systemic mismanagement and inefficiency, criminal activity, employee or technology errors, or terrorism, to name just a few of the threats. Then there are government regulation, industry or association oversight, and security agencies (both public and private) keeping track. Globalization, stricter security regimes, and increasingly sophisticated criminal activity have made cross-border cargo movements more complex, putting the integrity of end-to-end supply chains at much greater risk. This is why the security of the supply chain has become such an important issue for business people: there is too much at stake to let problems proliferate or stagnate. It has been estimated, for example, that thieves now steal $50 billion in goods each year from various points along the supply chain.
Synthesizing the most current research, practical application, and policy, Global Supply Chain Security covers a range of emerging topics—from risk assessment to technology deployment to continuity planning—and will serve as a useful resource for anyone concerned with supply chain security issues, including scholars, students, business executives and policymakers.
Mitchell D. Silber and Arvin Bhatt, Senior Intelligence Analysts
NYPD Intelligence Division
Copyright © 2007 New York City Police Department. All Rights Reserved.
The NYPD’s understanding of the threat from Islamic-based terrorism to New York City has evolved since September 11, 2001. While the threat from overseas remains,terrorist attacks or thwarted plots against cities in Europe, Australia and Canada since 2001 fit a different paradigm. Rather than being directed from al-Qaeda abroad, these plots have been conceptualized and planned by “unremarkable” local residents/citizens who sought to attack their country of residence, utilizing al-Qaeda as their inspiration and ideological reference point.
Some of these cases include:
- Madrid’s March 2004 attack
- Amsterdam’s Hofstad Group
- London’s July 2005 attack
- Australia’s Operation Pendennis (which thwarted an attack(s) in November 2005)
- The Toronto 18 Case (which thwarted an attack in June 2006)
Where once we would have defined the initial indicator of the threat at the point where a terrorist or group of terrorists would actually plan an attack, we have now shifted our focus to a much earlier point—a point where we believe the potential terrorist or group of terrorists begin and progress through a process of radicalization. The culmination of this process is a terrorist attack.
Understanding this trend and the radicalization process in the West that drives “unremarkable” people to become terrorists is vital for developing effective counterstrategies and has special importance for the NYPD and the City of New York. As one of the country’s iconic symbols and the target of numerous terrorist plots since the 1990’s, New York City continues to be among the top targets of terrorists worldwide.
In order to test whether the same framework for understanding radicalization abroad applied within the United States, we analyzed three U.S. homegrown terrorism cases and two New York City based cases:
- Lackawana, New York
- Portland, Oregon
- Northern Virginia
- New York City – Herald Square Subway
- New York City – The Al Muhajiroun Two
The same radicalization framework was applied to a study of the origins of the Hamburg cluster of individuals, who led the September 11 hijackers. This assessment, almost six years after 2001, provides some new insights, previously not fully-grasped by the law
enforcement and intelligence community, into the origins of this devastating attack.
For more download PDF attached
Cargo theft by fictitious pick-up is a growing threat to supply chain security. A proliferation of information technologies enable thieves to defraud shippers and carriers at multiple points across the supply chain. This paper seeks to better define the terms and scope of this new and rapidly evolving brand of “supply chain cybercrime”, and recommends 7 Best Practices that can help prevent it.
Fictitious pick-ups are criminal schemes that result in the theft of cargo by deception that includes truck drivers using fake IDs and /or fictitious businesses set up for the purpose of diverting and stealing cargo. Crimes of this type are also known as “fraudulent” or “deceptive” pick-ups, and the terms are used interchangeably. We’ve chosen to use the term “fictitious” because the perpetrators are picking up cargos using fake identification and/or fictitious carrier names, and (in most cases) fencing the stolen goods on the open market.
We further distinguish fictitious pick-ups from scams in which cargo isn’t stolen, but monies are taken from shippers, freight brokers, and legitimate carriers; for example, by “double brokering” loads and taking expense advances for cargo about to be shipped or in transit. From a legal standpoint, all crimes of this type are classified as “fraud”, “theft” and/or “identity theft”.
Our available data is from incidents of fictitious pick-up in which cargo has been lost and reported after the fact. Because victims are often reluctant to report fictitious pick-ups due to inadvertent failures to vet carriers and drivers properly, this crime is underreported, however, it now accounts for over nine percent of the reported types of cargo theft after stolen trailers, and is becoming increasingly more common.
What is Fictitious Pick-up?
Fictitious pick-up is a form of cargo theft that involves criminals posing as legitimate truck drivers to steal cargo directly from shippers, sometimes setting up fake transportation companies to do so. It is one of several types of identity theft crimes targeting the motor freight industry that include theft of advance freight payments by commercial wire transfer fraud (T-Chek, Comcheck, etc.).
In a fictitious pick-up, criminals fool companies into willingly turning over loads to them. They use on-line load posting sites to win transportation bids, or simply show up as drivers with fake credentials, claiming to be assigned to a load. Variations of this scam include a recently terminated driver arriving in advance of his former employer’s assigned driver.
The internet has increased the ease with which criminals can set up fake companies and acquire motor truck cargo insurance, and fictitious pick-up schemes are proliferating.
Fictitious Pick-up Data Highlights:
- Overall, reported cargo thefts in the US decreased in 2013, continuing the trend seen in 2012. In 2013, CargoNet recorded 1,090 incidents, down 9% from the 1,197 incidents reported as of the end of 2012. Cargo theft in the first half of 2013 decreased significantly from 2012 while the second half had a similar number of reported incidents. The overall decline may be due to the shift to cybercrime, which is far less risky, physically dangerous and demanding than stealing a tractor-trailer. Cyber thieves are harder to catch and much less likely to be arrested and prosecuted.
- Of 1,195 cargo theft incidents reported to CargoNet in 2012, 74 were described as fictitious pick-ups, a 27% increase over 2011. Fictitious pick-ups were over 9% of all cargo theft incidents in 2013, an increase of 50% over 2012, and 90% over the two year period from 2011. The average value of cargos stolen by fictitious pick-up was $154,134 vs. $159,376 per incident for cargo thefts overall in 2013, a 3% differential, not statistically significant.
- The commodities most frequently targeted for fictitious pick-ups are foods and beverages, electronics products and metals, however, a disproportionate number of fictitious pick-ups are directed at food and beverage – 60 % vs. 30% overall – suggesting these commodities are being deliberately targeted because they are easy to fence, but not necessarily a long-term trend.
- Over half of fictitious pick-ups occur at end of week, on Thursdays and Fridays when the main concern of shippers and brokers is in meeting a delivery date and satisfying the customer; this urgency to deliver causes some shippers, brokers and warehouse operators to slack off on driver and carrier screening and the due diligence processes to verify ID’s.
- Over 50% of all reported fictitious pick-ups from 2011 through 2013 occurred in California. Significant fictitious pick-up activity has also been reported in Florida, Texas and New Jersey. Interestingly, in some areas of the Midwest– including Indiana, Nebraska, Wisconsin– conventional cargo theft is relatively rare, but fictitious pick-up is occurring.
For additional informatiion, download full paper below.
Presentation by CSA Managing Partner Walt Beadling on the topic of best practices in access managment and personnel identification at C-TPAT Best Practices seminar sponsored by American River International 5/1/2014 [Power Point – subset]
Presentation to JFK Air Cargo Assn. on the subject of Truck Driver ID Fraud anb the unique requirements of the air cargo indiusrty (PowerPoint)
By Adina Solomon
Air Cargo World July 27, 2013
Look up how many air cargo thefts happen per year worldwide. You won’t find the answer. You will find news stories such as the 3,600 iPad minis that were taken from JFK International Airport in November 2012, or the cargo that was stolen and thrown over the perimeter wall at an Indian airport in April 2012. Cargo security professionals interviewed say air cargo is the most secure mode of transportation, in terms of theft, because of the difficulty of stealing cargo midair.
But airfreight isn’t always in the air.
Trucks often take cargo to the airport. That cargo may sit around before or after a flight, sometimes unattended. That’s where air cargo is most vulnerable to theft. “Our industry, transporting high value goods as we do, is a potential target,” Oliver Evans, chairman of The International Air Cargo Association, says.
‘A system that actually works’
Cargo travels through many hands: airlines, ground handlers, trucking companies. That’s why it must have a chain of custody, Walt Beadling, managing partner at logistics security company Cargo Security Alliance, says. “What that means is at any point in time, you know who has a particular piece of cargo, whatever it may,” Beadling says. “You may not know where it is, but you know who has responsibility for it. And at each point where the cargo’s transferred, there’s a handoff, a formal handoff, where custody is transferred from one entity to another.”
Erik Hoffer, vice president of CSA, says someone must design a logistical plan in order to create that chain of custody and have as few handoffs as possible. “There’s always going to be that one point where nobody’s watching the store,” he says. “Without having the ability to have a chain of custody throughout the different modalities, you’re not going to get anywhere. You’re just going to have a problem always.”
Most air cargo theft happens during these points of consolidation, JJ Coughlin, chairman at Southwest Transportation Security Council, says. Coughlin published a book called Cargo Crime: Security and Theft Prevention in 2012. “When it’s in the plane flying is the safest it gets,” he says. “When it’s being handled at those points of consolidation is when it’s as risky as it gets.” He says in order to fight theft, document each point of handling. “If you take care of the small things, the process and the procedure, and you do things correctly as far as the freight handling, it makes your security issues a whole lot easier to resolve,” Coughlin says.
Hoffer says without a plan to create a chain of custody, the carrier or trucking company doesn’t know that a box contains valuable cargo, and they may not protect it in the appropriate way. “The further into the supply chain you get with the less people have knowledge of what to look for and what to do, the whole system continues to break down further and further,” Hoffer says.
That’s why the owner of the cargo needs a game plan. “If he can establish how to do it and it can be implemented by the receiving carrier, then by the receiving airline, then by the delivering carrier,” Hoffer says, “now you have a system that actually works.”
It is also imperative to screen anyone who handles cargo. Coughlin estimates that 85 percent of the theft that happens during consolidation is internal. Evans, who is chief cargo officer at Swiss International Airlines, says companies should screen warehouse and office staff and anyone else involved in the supply chain. Employers typically check police background, he says. Evans also stresses the importance of screening staff as they enter and leave the premises.
People can secure the supply chain by choosing business partners with care. Charles Forsaith, Providence, R.I.-based director of supply chain security at Purdue Pharma Technologies, ensures the security of one of the company’s principle products, a sought-after opioid pain medication. The ingredients for the medication mostly come from Tanzania, Spain and Turkey. In order to bring the raw materials into the U.S., the company uses airfreight almost exclusively. Forsaith, also chairman of the Pharmaceutical Cargo Security Coalition, says Purdue, along with many in the pharmaceuticals industry, complies with U.S. Customs law by vetting all business partners.
Forsaith interrogates people Purdue does business with at least once a year and also visits businesses physically. He says the best approach to preventing cargo theft is a layered one. “That layered approach doesn’t put all your chips on one square. Much like U.S. Customs requires, it says you need to know who it is you’re doing business with. You need to know what airline it is that’s going to fly your product. You need to know exactly how your product is being packaged or stored,” he says. “You have to physically go out and meet with these people, check those facilities, pay attention to the security that’s involved in the warehousing or loading of that aircraft and how it’s unloaded on the other end.”
Keep on trucking
Chain of custody, points of handoff and consolidation, layered approach – all these phrases point to the fact that air cargo goes through many people and entities before it reaches its destination. Trucking companies are usually involved. If you want to talk about air cargo theft and security, you need to talk about truck security. “Even if you handle your cargo as air cargo, the majority is still transported at the end of the leg or the beginning by truck,” Thorsten Neumann, Germany-based chairman of the Europe, Middle East, Asia region for the Transported Asset Protection Association, says. “This is clearly the weakest link within an end-to-end supply chain solution.” TAPA provides a forum for its more than 300 member companies to converse about cargo security.
Beadling says knowing where to route trucks helps deter air cargo theft. Neumann says logistics companies’ low margins present one of the biggest security hurdles. “Many companies still do believe that security is purely a cost factor,” he says, “but if you take really a look and calculate your investment on security and compare that with nonsecured trucks or non-secured routings, you will see that your returns in investment are tremendous.”
Cargo at rest
The saying goes that cargo at rest is cargo at risk. Hoffer says thieves are less likely to snatch high-value cargo than general cargo because logistical hubs keep jewelry, cash and documents in cages. People take the general cargo that sits unattended, he says. He points to the iPad mini theft at JFK as an example of unattended cargo. “If the cargo is at some intermediate point for any length of time, when it’s sitting, it’s vulnerable,” Beadling says.
Coughlin says air cargo is at the greatest risk for theft when it sits on the tarmac. This presents a problem in Africa, Neumann says, where in some areas, the process flow is not controlled or even structured. He says high-value products can sometimes be stalled for days on the tarmac because of a lack of infrastructure. It all comes back to having a wellplanned supply chain for air cargo. “Having an efficient and secure supply chain, those things go hand in hand because if it’s always moving, then the chance that something’s going to go wrong with it are minimized,” he says.
‘Beyond the loss of dollars’
Theft also presents another dilemma. If someone can get access to the cargo in order to steal it, that person can also put unwanted objects in the freight. Coughlin tells of an incident where a cargo airline employee worked with drug smugglers to place pallets of marijuana into the airline’s system. The employee moved 15 or 20 of those pallets using a customer’s account. “If you don’t control the freight handling, whether it’s theft or smuggling, it can easily happen,” Coughlin says.
But it can go further than drug smuggling, as the Yemen bomb plot in 2010 showed. “I think it’s a real problem,” Hoffer says. “If that happened before, it can certainly happen again, and there has to be something in place where cargo in general terms has some mandate to be able to have an inspectable template for it so cargo that is moving through the supply chain can be looked at by every inspector.”
Beadling says since the Yemen incident, the scrutiny of air cargo security has improved, but Hoffer says more improvements must be made. “My fear is really not as much the theft, but it really is on the other end when you have terrorists out there who find a way to get into cargo,” Hoffer says. “Now you’re talking about a serious problem way beyond the loss of dollars and cargo.”
Securing the chain
In order to prevent airfreight theft, Beadling talks about supply chain design, physical security and information sharing, such as knowing where the cargo is in real time and the identity of people handling the cargo. Evans says the connected nature of the supply chain, with each company collaborating with another, makes it necessary for everyone to screen staff and choose partners carefully.
Neumann says many companies believe that if they experience a security issue, it must remain confidential. But theft and security aren’t company-specific issues – they affect the entire supply chain. “Security is everyone’s responsibility,” Neumann says. “Security should not be a competition within our industry because we all face the same challenge every single day.”
Air Cargo Advance Screening Pilot
Frequently Asked Questions
Q: What are the benefits to industry of participating in Air Cargo Advance Screening (ACAS)?
A: While the benefits of ACAS participation vary between organizations, several universal advantages of joining include:
- Increasing security by leveraging Department of Homeland Security (DHS) threat and other data to employ a risk-based approach to improve air cargo security through targeted screening
- Gaining efficiencies by automating identification of high risk cargo for enhanced screening before it is consolidated and loaded on aircraft
- Establishing mitigation protocols for high-risk shipments
- Informing Transportation Security Administration (TSA) and U.S. Customs and Border Protection (CBP) decision-making by participating in efforts to establish, test, and refine the interface between government and industry communication systems for the implementation of ACAS
- Ensuring a variety of business models are considered in the development and implementation of ACAS
- Facilitating corporate preparedness for future mandatory implementation of ACAS submission requirements
- Reducing paper processes related to cargo screening requirements, thereby increasing carrier convenience
Q: Who is permitted to participate in ACAS?
A: Participation in ACAS is open to all organizations associated with the air cargo supply chain, including passenger carriers, all-cargo carriers, freight forwarders, express carriers, etc. There are no restrictions with regard to organization size, location, or commodity type.
Q: Who do I contact to join ACAS and when can I join ACAS?
A: All parties interested in joining ACAS should send their inquiries to email@example.com, firstname.lastname@example.org, and email@example.com. At that time, detailed information on when and how to join, including qualification requirements, will be provided.
Q: What type of data do I need to submit? How should the data be submitted?
A: Airlines and freight forwarders will exchange advance security filing data and related action messages for air cargo with CBP using new messages modeled on either existing Cargo-IMP format messages or CBP CAMIR-Air messages. While the overall form of the ACAS message will be similar to the message on which it is based, the new message formats will have slight differences in edits, timing, or new coded values as needed. The messages used for ACAS will be as follows:
Optional ACAS Message Format Based On Source
PHL FHL Cargo IMP
PRI FRI CAMIR Air
PSN FSN CAMIR Air
PER FER CAMIR Air
PWB (future use) FWB Cargo IMP
Q: Which government agencies have access to my organization’s ACAS data submissions?
A: CBP and TSA. Following a terrorist attempt in October 2010 involving explosives concealed in packages on U.S.-bound aircraft from Yemen, TSA and CBP have worked to enhance air cargo supply chain security by leveraging advance cargo screening data to jointly target passenger and all-cargo shipments inbound to the U.S.
Q: Are there plans to make ACAS a mandatory program?
A: Yes. CBP and TSA intend to issue a regulation to require advance data submission to ACAS for all international shipments either destined for or transiting through the United States. ACAS will facilitate a risk-based approach to screening.
Q: What are the costs of participating in ACAS?
A: The costs of ACAS participation vary between organizations, depending on their pre-existing infrastructures. Costs may include carrier communication requirements, such as submission and receipt of data, as well as the cost of screening protocol implementation.
Q: Are there penalties for incorrect or untimely ACAS data submission?
A: No, there are no penalties associated with ACAS at this time. Once ACAS becomes a mandatory program, penalties for incorrect or untimely data submission will likely exist.
Q: To what extent is the international community (for example, Border Action Plan, European Union, World Customs Organization) involved with ACAS, and how is the U.S. Government promoting uniformity of security programs globally?
A: A critical step to achieving a global solution to terrorism is international cooperation on data collection standards that promote a harmonized approach to international air cargo security. The United States sees ACAS as a model for the international community to effectively enhance air cargo security, and will continue to work with the World Customs Organization and the International Civil Aviation Organization as harmonization of air cargo security standards spread to all areas of the globe, further facilitating trade and enhancing security worldwide.
Q: To what extent will industry stakeholders be involved in development of ACAS as a mandatory program?
A: TSA and CBP are in on-going communication with industry stakeholders from all stages of the air cargo supply chain in an effort to enhance ACAS’ effectiveness and functionality from an industry perspective.
Q: How are ACAS submissions aligned with the submissions that industry currently provides to CBP for entry to the United States?
A: The ACAS data elements are a subset of the data required by the Trade Act of 2002: Shipper name and address, Consignee name and address, Cargo description, Piece count, and Weight.
Q: Why did the government implement ACAS and under what legal authority does it operate?
A: Following a terrorist attempt in October 2010 involving explosives concealed in U.S.-bound packages from Yemen, CBP and TSA worked to enhance air cargo supply chain security by using ACAS to target shipments inbound to the United States. ACAS participation is not required at this time; however, CBP and TSA do intend to issue regulations in the future to require submission of pre-loading data to ACAS for international inbound air cargo. CBP’s legal authority is derived from the Trade Act of 2002. TSA’s legal authority comes from Aviation Transportation Security Act.
Q: Will ACAS be required for both passenger and all-cargo carriers?
A: Yes. Upon the successful conclusion of the pilot, CBP and TSA intend to mandate both passenger and all-cargo carriers to submit data to ACAS. The ACAS test is open to all organizations associated with the air cargo supply chain, including passenger carriers, all-cargo carriers, express carriers, and freight forwarders.
Q: How will freight forwarders participate in ACAS?
A: ACAS is open to all passenger carriers, all-cargo carriers, express carriers, and freight forwarders that have the ability to transmit advance data to CBP, using one of the three options identified in the ACAS Strategic Plan. Freight forwarder engagement will be facilitated by air carriers; given that both TSA’s and CBP’s legal authority rests with the air carrier.
The Strategic Plan can be found on both CBP.gov and TSA.gov. ( Air Cargo Advance Screening (ACAS) Pilot Strategic Plan (pdf – 420 KB.) ) or ( ACAS Strategic Plan )
Q: What are the benefits of joining ACAS from a freight forwarder perspective, given that only the carrier is required to submit data?
A: While the benefits of ACAS Pilot participation vary between organizations, several universal advantages of joining include:
- Avoiding the reduced cut-off times that may result from carriers requesting earlier data submission from freight forwarders that are not ACAS Pilot participants
- Ensuring that a variety of business models, including those of freight forwarders, are considered in the development and implementation of rules related to ACAS
- Facilitating freight forwarder business operations by increasing consolidation lead-times through improved visibility into which shipments require enhanced screening
- Increasing security by leveraging Department of Homeland Security (DHS) threat and other data to employ a risk-based approach through targeted screening
- Informing TSA and CBP decision-making by participating in efforts to establish, test, and refine the interface between government and industry communication systems for the implementation of ACAS
Q: How would it work for a freight forwarder if a shipment requires enhanced screening?
A: Should a shipment require enhanced screening, email or phone notification will be provided to the freight forwarder as soon as possible, in order to afford the freight forwarder an opportunity to segregate or screen the shipment under its National Cargo Security Program (NCSP), or as an authorized representative of the carrier, as appropriate.
Q: How will the carriers know that a freight forwarder has already submitted House level ACAS data to CBP?
A: CBP welcomes all data submissions directly from freight forwarders who have the ability to transmit advance data directly to CBP. CBP encourages carriers to accept the data already transmitted and vetted to CBP by the freight forwarders. Technical solutions providing an alternative way to facilitate the submission of data from the freight forwarders and carriers are being explored.
Q: How far in advance does data have to be submitted for ACAS?
A: While the government does not currently intend to establish a specific data submission timeline, timely provision of ACAS data prior to consolidation and loading the cargo on an aircraft will be required to enable risk assessment for each cargo shipment and to conduct the required screening . The sooner data are submitted to ACAS, the sooner screening or Do Not Load (DNL) determinations can be communicated to industry stakeholders, thereby minimizing the impact to operations.
Q: How does ACAS apply in countries that have an NCSP?
A: ACAS involvement is currently encouraged and will ultimately be required for air cargo supply chain participants in all countries- including those operating under an NCSP. Operating in an NCSP country does not exempt participants from ACAS requirements; the NCSP program simply allows approved air cargo supply chain participants to screen in accordance with that country’s domestic cargo screening regime.
Air Cargo Advance Screening (ACAS) Pilot Strategic Plan
(pdf – 420 KB.)
Nov 30, 2011
Author: Ben Brandt
Combating Terrorism Center at West Point
Ten years ago, al-Qa`ida utilized four U.S. commercial airliners to destroy the World Trade Center’s towers, damage the Pentagon, and kill close to 3,000 people. This attack spurred the United States to convert its counterterrorism efforts into a sustained war on terrorism, resulting in the invasion of Afghanistan and Iraq, the capture or killing of hundreds of al-Qa`ida members, and the eventual death of al-Qa`ida chief Usama bin Ladin. There has been extensive reflection in recent months regarding the implications of Bin Ladin’s death and the Arab Spring to al-Qa`ida and its affiliated groups.
Two critical issues, however, have been partially sidelined as a result. How has the terrorist threat to commercial aviation evolved since the events of 9/11? How have actions by the U.S. and other governments worked to mitigate this threat?
This article offers a thorough review of recent aviation-related terrorist plots, subsequent mitigation strategies, and current terrorist intentions and capabilities dealing with commercial aviation. It concludes by offering three steps security experts can take to reduce the terrorist threat to commercial aviation.
Aviation-Related Plots Since 9/11 and the Regulatory Response
A number of al-Qa`ida-affiliated plots sought to target commercial aviation since 9/11. A sampling of these include the “shoe bomber” plot in December 2001, an attempt to shoot down an Israeli airliner in Kenya in 2002, the liquid explosives plot against transatlantic flights in 2006, the Christmas Day plot in 2009, and the cargo bomb plots in 2010. Other prominent operations attempted or executed by Islamist extremists during this period include a 2002 plot to hijack an airliner and crash it into Changi International Airport in Singapore, the 2002 El Al ticket counter shootings at Los Angeles International Airport, the 2004 bombings of two Russian airliners, the 2007 Glasgow airport attack, a 2007 plot against Frankfurt Airport by the Sauerland cell, a 2007 attempt by extremists to target fuel lines at JFK International Airport in New York, the 2011 suicide bombing at Moscow’s Domodedovo International Airport, and the 2011 shootings of U.S. military personnel at Frankfurt International Airport.
In response to these incidents, the U.S. government and many other countries have dramatically increased aviation security measures to prevent or deter future attacks. Many of these measures are well known to the public, including: the hardening of cockpit doors; federalization of airport security screening staff and the creation of the Transportation Security Administration (TSA); deployment of federal air marshals (FAMs) and federal flight deck officers (FFDOs) aboard aircraft; implementation of new detection equipment and methods, such as advanced imaging technology (AIT), often referred to as “body scanners”; increased amounts of screening for cargo; explosive trace detection (ETD), full body “patdowns,” and behavioral detection officers (BDOs); enhanced scrutiny for visa applicants wanting to travel to the United States; and the use of watch lists to screen for terrorists to prevent them from boarding flights or from gaining employment in airports or airlines.
Certain measures—such as invasive patdowns, AIT scanning, inducing passengers to remove jackets, belts, and shoes for inspection, and requiring them to travel with minimal amounts of liquid in their possession—have drawn widespread complaints regarding their inconvenience, as well as questions about their supposed efficacy. The reactive nature of many such measures has been widely noted as well, with some security practices designed to counter highly specific attack techniques utilized in past terrorist plots. Al-Qa`ida in the Arabian Peninsula (AQAP) sarcastically commented on this tendency in its online magazine Inspire, rhetorically asking the U.S. government whether it thought the group had no other way to conceal explosives after the TSA prohibited passengers from carrying printer cartridges.
Current Threats to Aviation
Despite the strenuous efforts by governments to harden commercial aviation in the post-9/11 era, the number of plots illustrates that al-Qa`ida core, its affiliates, and numerous other Islamist extremist groups and self-radicalized individuals maintain a high level of interest in attacking aviation. Despite the organizational disruptions caused by the deaths of numerous senior al-Qa`ida leaders in 2011, and the current preoccupation of several al-Qa`ida affiliates with local conflicts, this ongoing interest in attacking aviation is unlikely to dissipate in the long-term. Furthermore, the evolving tactics utilized in these various plots lend weight to AQAP’s contention that government regulators suffer from a lack of imagination in anticipating and mitigating emergent and existing threats. As indicated by numerous accounts, including the description of the cargo plot contained in Inspire, terrorists constantly seek to analyze existing aviation security measures to probe for weaknesses and develop countermeasures. Terrorists’ ongoing efforts to study and defeat security are further exemplified by the arrest of Rajib Karim, a former information technology employee at British Airways; prior to his arrest, Karim maintained an ongoing dialogue with AQAP operative Anwar al-`Awlaqi and attempted to provide al-`Awlaqi with information on aviation security procedures.
Therefore, despite government efforts to improve aviation security, a number of critical tactical threats remain.
Rajib Karim sought to stage a terrorist attack on behalf of AQAP, seeking to become a flight attendant for British Airways to stage a suicide attack. He also attempted to recruit fellow Muslims (including a baggage handler at Heathrow Airport and an employee of airport security) to stage an attack. Coupled with the aforementioned 2007 JFK airport plot, which involved at least one airport employee, and a reported 2009 plot by Indonesian terrorist Noordin Top to target commercial aviation at Jakarta’s main airport, which included assistance from a former mechanic for Garuda Indonesia, this illustrates the primacy of the so-called “insider threat” to aviation.
Although TSA and U.S. airports currently conduct criminal and terrorist database checks on potential airport, airline, and vendor employees who are to be granted access to secure areas, there are significant vulnerabilities in this approach, which has proven notably unsuccessful at stopping members of street gangs from gaining employment and carrying out criminal activities such as narcotrafficking, baggage theft, and prostitution at airports nationwide. In 2010, an individual named Takuma Owuo-Hagood obtained employment as a baggage handler for Delta Airlines, then promptly traveled to Afghanistan where he made contact with the Taliban, reportedly providing advice on how to effectively engage U.S. troops.
The magnitude of this vulnerability is compounded because most airport employees working in secure areas do not undergo security screening prior to entering their workspace due to practical constraints. Additional measures, such as random screening and security probes, are unable to effectively mitigate this threat. The insider threat becomes markedly worse at non-Western airports in regions such as West Africa or South Asia, where local authorities’ ability to effectively screen prospective airport employees is frequently negligible due to incomplete or poorly structured terrorist and criminal intelligence databases.
Threats from Ranged Weapons
MANPADS, or man-portable air defense systems, have been described as a growing threat to commercial aviation following the outbreak of Libya’s civil war in early 2011 and subsequent news reports claiming that al-Qa`ida in the Islamic Maghreb (AQIM) has obtained surface-to-air missiles. Some reports suggest that missiles stolen from Libyan arsenals have spread as far as Niger, the Gaza Strip, and the Sinai Peninsula. In addition to AQIM, al-Shabab has been known to possess advanced MANPADS, allegedly provided by Eritrea. Given that AQAP maintains ties to al-Shabab and has reportedly taken over multiple military depots in Yemen following the outbreak of civil unrest there, it is not implausible to assume that AQAP could acquire additional MANPADS. There are also reports that the Taliban acquired MANPADS from Iran, making it conceivable that elements of the group sympathetic to al-Qa`ida’s aims could provide al-Qa`ida with MANPADS for a future attack.
Although MANPADS are unable to target aircraft at cruising altitudes, commercial aircraft would become vulnerable for several miles while ascending and descending, particularly due to their lack of countermeasure systems.
In addition to the MANPAD threat, a significant variety of ranged weapons could be used to target commercial aircraft, particularly when taxiing prior to takeoff or after landing. Rocket-propelled grenades (RPGs), for example, are inaccurate at extended ranges; however, they have been used to shoot down rotary wing aircraft in combat zones, and have been used in at least one plot against El Al aircraft. The Irish Republican Army (IRA) used homemade mortars to attack Heathrow Airport in the 1990s, while heavy anti-material sniper rifles such as the Barrett M82 fire .50 caliber rounds to a range of more than one mile and have been previously used by non-state actors, such as the IRA and the Los Zetas drug cartel.
Evolving Threats from Explosive Devices
Terrorist groups, particularly AQAP, have continuously refined their ability to conceal improvised explosive devices (IEDs) from security screening equipment, as shown by the 2009 Christmas Day plot, where a would-be suicide bomber concealed explosives in his underwear, and the 2010 cargo bomb plot, where bombmakers hid explosives in printer cartridges.
Following the 2009 plot in particular, TSA, foreign regulatory agencies, and some airlines sought to increase safeguards against passenger- or cargo-borne IEDs by the deployment of AIT and ETD equipment. IEDs, however, are likely to remain a significant threat to commercial aviation due to limitations in current screening technology. AIT can be defeated by concealing IEDs internally, either by the frequently discussed stratagem of surgically implanting devices in a would-be suicide bomber or by the simpler route of secreting the device within a body cavity. Alternately, IEDs concealed within complex electronic devices are likely to defeat all but the most thorough visual inspection, as illustrated by explosives experts’ initial failure to detect the devices used in the 2010 cargo plot. AQAP has shown itself to be particularly adept at concealing IEDs within electronic devices such as printers and radios, which it will likely continue to use in the future.
ETDs and explosives detection dogs, meanwhile, can be defeated by numerous countermeasures. For example, many (though not all) ETD devices detect only two popular explosive compounds. ETD equipment is also not designed to detect the components of improvised incendiary devices (IIDs), making the use of these correspondingly attractive to terrorists. Lastly, IEDs can be sealed and cleaned to degrade the ability of ETD equipment to detect explosive vapors or particles.
Nor is behavioral profiling likely to provide the solution to passenger-borne IEDs and IIDs. Umar Farouk Abdulmutallab underwent two interviews by security staff prior to staging his attack on Northwest Airlines Flight 253 in 2009. Similarly, a GAO report examining the TSA’s use of BDOs noted that the scientific community is divided as to whether behavioral detection of terrorists is viable.
Threats Against Airline Facilities and Airports
One aspect of aviation security that is not frequently addressed is the potential for terrorists to strike other aspects of aviation infrastructure beyond aircraft. Commercial airlines are highly reliant upon information technology systems to handle critical functions such as reservations and crew check-in, a fact not lost upon Rajib Karim when he suggested in correspondence with Anwar al-`Awlaqi that he could erase data from British Airways’ servers, thus disabling the airline’s website. Such an approach would mesh closely with al-Qa`ida core’s and AQAP’s stated aims of waging economic jihad against the West. The operational control centers operated by air carriers are another significant point of vulnerability, which conduct the airlines’ flight control, meteorology, and emergency management functions. Despite their criticality to flight operations, these control centers are rarely heavily guarded, meaning that a team of attackers equipped with inside knowledge could temporarily shut down the global operations of a major air carrier, particularly if backup facilities were to be targeted as well.
Another threat to commercial aviation is the increasing number of plots and attacks targeting airports themselves rather than aircraft. There have been two significant attacks staged at international airports thus far in 2011 in Frankfurt and Moscow. Attacks against airports have been planned or executed using a variety of tactics, such as firearms, car bombs, suicide bombers, and hijacked aircraft. The targets have included airport facilities such as fuel lines, arrival halls, and curbside drop-off points. Terrorists could also breach perimeter fencing and assault aircraft on runways, taxiing areas, and at gates. This tactic was used during the 2001 Bandaranaike airport attack in Sri Lanka, when a team of Black Tigers used rocket-propelled grenades and antitank weapons to destroy half of Sri Lankan Airlines’ fleet of aircraft. More recently, Afghan authorities announced the discovery of arms caches belonging to the Haqqani network near Kabul Airport and claimed that the group had planned to use the caches to stage an assault on the airport. The actions of activist groups—such as Plane Stupid, which has breached perimeter fencing at UK airports so that activists could handcuff themselves to aircraft in a protest against the airline industry’s carbon emissions—demonstrate the viability of such an attack in the West as well.
The trend toward attacking airports rather than aircraft has likely been driven by a number of factors, particularly increased checkpoint screening measures and terrorists’ growing emphasis on decentralized, small-scale attacks on targets of opportunity. Firearms will likely prove to be a key component of future attacks, given their relative ease of use compared to explosives, as well as their wide availability in the United States and many other countries. This trend was exemplified by the 2011 Frankfurt attack, which was conducted by Arid Uka, an employee at the airport’s postal facility, who shot and killed two U.S. soldiers at a bus at the terminal. Although deployment of plainclothes security personnel and quick reaction teams can help ameliorate the impact of attacks on airports, their ease of execution and the impossibility of eliminating all airport queues (be they for drop-off, check-in, security screening, baggage claim, or car rentals) make this tactic a persistent threat.
Required Steps to Improve Aviation Security
Given the breadth and complexity of threats to commercial aviation, those who criticize the TSA and other aviation security regulatory agencies for reactive policies and overly narrow focus appear to have substantial grounding. Three particularly serious charges can be levied against the TSA: it overemphasizes defending against specific attack vectors (such as hijackings or passenger-borne IEDs) at the expense of others (such as insider threats or attacks on airports); it overemphasizes securing U.S. airports while failing to acknowledge the significantly greater threat posed to flights arriving or departing from foreign airports; and it has failed to be transparent with the American people that certain threats are either extremely difficult or beyond the TSA’s ability to control. Furthermore, the adoption of cumbersome aviation security measures in the wake of failed attacks entails a financial burden on both governments and the airline industry, which has not gone unnoticed by jihadist propagandists and strategists. While the U.S. government has spent some $56 billion on aviation security measures since 9/11, AQAP prominently noted that its 2010 cargo plot cost a total of $4,900.
With this in mind, there are several measures that could be undertaken to improve U.S. aviation security. First, policymakers must recognize the timely collection and exploitation of intelligence will always be the most effective means of interdicting terrorist threats to aviation, whether by disrupting terrorist leadership in safe havens, breaking up nascent plots, or preventing would-be terrorists from boarding aircraft. The successful exploitation of intelligence gathered from the Bin Ladin raid in May 2011 has likely done far more to defend commercial aviation from al-Qa`ida than the use of advanced imaging equipment and patdowns.
Second, the TSA and other aviation security regulators must increase their liaison with the airline industry regarding the development of risk mitigation strategies, as airlines are far more aware of the vulnerabilities inherent to commercial aviation, as well as the practical constraints on proposed security measures.
Third, rather than increasing spending on screening equipment and employees deployed in the United States, the TSA and other regulators should instead provide financial support for airlines attempting to improve security for their overseas operations. This could include subsidizing background checks on airlines’ international employees and vendors, paying for armed guards at ticket counters, helping upgrade security for airlines’ computer networks and control centers, and paying for the deployment of ETD screening equipment. Aviation security regulators should also work to improve the quality of threat information shared with airlines, which is frequently dated, irrelevant, or inaccurate.
Most importantly, the TSA and policymakers must publicly acknowledge that it is impossible to successfully protect every aspect of commercial aviation at all times. Intelligence gaps will occur, watch lists will not always be updated, scanners will fail to detect concealed items, and employees will become corrupt or radicalized. As politically painful as such an admission may be, it is essential to scale back bloated security measures that add significant expense and inconvenience to commercial aviation without materially reducing risk. The TSA’s leadership has begun to take small steps in this direction, such as a current pilot program designed to prescreen travelers to facilitate expedited screening, but more must be done to ensure that commercial aviation remains both secure and commercially viable.
Ben Brandt is a director at Lime, a political risk consultancy based in the United Arab Emirates. Prior to joining Lime, he worked as a threat analyst for a major U.S. airline, as well as at the New Jersey Office of Homeland Security and Preparedness. Mr. Brandt holds an MA in Security Studies from Georgetown University.
 “BA Worker to Stand Trial on Terror Charges,” CNN, March 26, 2010.
 Vikram Dodd, “British Airways Worker Rajib Karim Convicted of Terrorist Plot,” Guardian, February 28, 2011.
 “Terror Suspect Top Said Planning Attack on Airline – Indonesian Police Chief,” BBC, September 1, 2009.
 For example, it is difficult to conduct effective background screening on immigrants who have migrated to the United States from countries with poor records systems.
 Alissa Rubin, “Tangled Tale of American Found in Afghanistan,” New York Times, October 11, 2010.
 See, for example, “Qaeda Offshoot Acquires Libyan Missiles: EU,” Agence France-Presse, September 6, 2011.
 “Report of the Monitoring Group on Somalia,” UN Monitoring Group on Somalia, July 18, 2007.
 Fawaz al-Haidari, “Blast at Qaeda-Looted Yemen Ammo Plant Kills 75,” Agence France-Presse, March 28, 2011.
 Declan Walsh, “Afghanistan War Logs: US Covered Up Fatal Taliban Missile Strike on Chinook,” Guardian, July 25, 2010; “Afghanistan War Logs: Anti-Aircraft Missiles Clandestinely Transported from Iran into Afghanistan – US Report,” Guardian, July 25, 2010.
 Richard Cummings, “Special Feature: The 1981 Bombing of RFE/RL,” Radio Free Europe/Radio Liberty, February 9, 1996. Some news reports claim that Islamic militants planned to target an El Al flight with rocket propelled grenades in Switzerland in 2005 as well.
 Scott Kraft, “New IRA ‘Spectaculars’ Seen Stalling Peace,” Los Angeles Times, March 19, 1994; Samuel Logan, “Los Zetas: Evolution of a Criminal Organization,” ISN Security Watch, March 11, 2009.
 “Failure to Find Airport Bomb ‘a Weakness,’ Expert Says,” BBC, November 1, 2010.
 For details, see Brian Jackson, Peter Chalk et al., Breaching the Fortress Wall (Santa Monica, CA: RAND Corporation, 2007).
 “Aviation Security: Efforts to Validate TSA’s Passenger Screening Behavior Detection Program Underway,” U.S. Government Accountability Office, May 2010.
 Alistair MacDonald, “U.K. Prosecutors Tie BA Employee to Awlaki,” Wall Street Journal, February 2, 2011.
 The Black Tigers were a specially selected and trained group of suicide operatives deployed by the Liberation Tigers of Tamil Eelam during their insurgent campaign in Sri Lanka.
 Celia W. Dugger, “Rebel Attack on Airport Shocks Leaders of Sri Lanka,” New York Times, July 25, 2001.
 Matt Dupee, “NDS Smashes Haqqani Network Plots in Kabul,” The Long War Journal, July 31, 2011.
 See, for example, Helen Carter, “Plane Stupid Demo at Manchester Airport Increased Emissions, Court Hears,” Guardian, February 21, 2011.
 See, for example, Bruce Riedel, “AQAP’s ‘Great Expectations’ for the Future,” CTC Sentinel 4:8 (2011). For details on the $56 billion, see Ashley Halsey III, “GOP Report: TSA Hasn’t Improved Aviation Security,” Washington Post, November 16, 2011.