GAO Finds Problems in Supply Chain Security Practices

By Matthew Harwood

A Government Accountability Office (GAO) report released today criticizes security processes in a public-private antiterrorism partnership that seeks to make cargo inspections easier and more secure for both the government and international trade companies.

The Customs-Trade Partnership Against Terrorism (C-TPAT), originated after 9-11, aims to secure the global supply chain from terrorists by having international trade companies voluntarily team up with the U.S. government.

The program, administered by Customs and Border Protection (CBP), offers member companies reduced scrutiny and faster processing of their cargo in return for allowing CBP security specialists to verify and validate company security measures against the agency's minimum requirements.

At the end of 2007, almost 8,000 companies qualified for C-TPAT membership with CBP validating the security of 79 percent of those certified.

While the GAO acknowledges that CBP has taken steps to improve the validation process, it says three problems prevent CBP from ensuring C-TPAT companies are fully compliant.

The first problem is technology-based. CBP has armed its security specialists with a portable, hand-held computer that collects, documents, and applies validation information to decisions on whether a company will receive C-TPAT membership benefits or not, but the GAO says the device is flawed.

In particular, we found that the usefulness of the instrument is limited by the fact that it provides default “no” responses. For example, if a response is marked “no,” it is unclear whether a security specialist, who has the discretion to answer or not answer individual questions, intentionally answered the question or if the response was an automatic default.

Second, while security specialists can collect information on whether a member company has performed internal or third-party audits or inspections of its security procedures, they are not required to use that information when doing their security assessment. And because that information isn't required, security specialists aren't collecting it, according to 11 specialists the CBP interviewed.

The GAO also reports that it found no systematic process to ensure that CBP security specialists' recommendations are heeded by participating companies.

"Until CBP overcomes these collective changes," the report to Congress read, "CBP will be unable to assure Congress and others that C-TPAT member companies that have been granted reduced scrutiny of their U.S.-bound containerized shipments actually employ adequate security practices."

Congress had GAO investigate C-TPAT because a 2005 GAO report identified weaknesses in the agencies validation process of companies desirous of the program's benefits. Congress's supply chain fears stem from after 9-11, when various public and private reports identified cargo containers as vulnerable to terrorist tampering.

"Every time responsibility for cargo in containers changes hands along the supply chain there is the potential for a security breach" like terrorists placing a weapon of mass destruction (WMD) in a cargo container, said the report. "While there have been no known incidents of containers being used to transport WMD, criminals have exploited containers for other illegal purposes, such as smuggling weapons, people, and illicit substances."

CBP agreed with GAO's recommendations.


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.