[Senate Hearing 109-186]
[From the U.S. Government Publishing Office]
S. Hrg. 109-186
THE CONTAINER SECURITY INITIATIVE AND
THE CUSTOMS-TRADE PARTNERSHIP AGAINST
TERRORISM: SECURING THE GLOBAL
SUPPLY CHAIN OR TROJAN HORSE?
=======================================================================
HEARING
before the
PERMANENT SUBCOMMITTEE ON INVESTIGATIONS
of the
COMMITTEE ON
HOMELAND SECURITY AND
GOVERNMENTAL AFFAIRS
UNITED STATES SENATE
ONE HUNDRED NINTH CONGRESS
FIRST SESSION
__________
MAY 26, 2005
__________
Printed for the use of the Committee on Homeland Security
and Governmental Affairs
U.S. GOVERNMENT PRINTING OFFICE
21-825 WASHINGTON : 2005
_____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512�091800
Fax: (202) 512�092250 Mail: Stop SSOP, Washington, DC 20402�090001
COMMITTEE ON GOVERNMENTAL AFFAIRS
SUSAN M. COLLINS, Maine, Chairman
TED STEVENS, Alaska JOSEPH I. LIEBERMAN, Connecticut
GEORGE V. VOINOVICH, Ohio CARL LEVIN, Michigan
NORM COLEMAN, Minnesota DANIEL K. AKAKA, Hawaii
TOM COBURN, Oklahoma THOMAS R. CARPER, Delaware
LINCOLN D. CHAFEE, Rhode Island MARK DAYTON, Minnesota
ROBERT F. BENNETT, Utah FRANK LAUTENBERG, New Jersey
PETE V. DOMENICI, New Mexico MARK PRYOR, Arkansas
JOHN W. WARNER, Virginia
Michael D. Bopp, Staff Director and Chief Counsel
Joyce A. Rechtschaffen, Minority Staff Director and Chief Counsel
Trina D. Tyrer, Chief Clerk
PERMANENT SUBCOMMITTEE ON INVESTIGATIONS
NORM COLEMAN, Minnesota, Chairman
TED STEVENS, Alaska CARL LEVIN, Michigan
TOM COBURN, Oklahoma DANIEL K. AKAKA, Hawaii
LINCOLN D. CHAFEE, Rhode Island THOMAS R. CARPER, Delaware
ROBERT F. BENNETT, Utah MARK DAYTON, Minnesota
PETE V. DOMENICI, New Mexico FRANK LAUTENBERG, New Jersey
JOHN W. WARNER, Virginia MARK PRYOR, Arkansas
Raymond V. Shepherd, III, Staff Director and Chief Counsel
Brian M. White, Professional Staff Member
Elise J. Bean, Minority Staff Director and Chief Counsel
Laura e. Stuber, Minority Counsel
Mary D. Robertson, Chief Clerk
C O N T E N T S
------
Opening statements:
Page
Senator Coleman.............................................. 1
Senator Levin................................................ 5
Senator Collins.............................................. 7
Senator Akaka................................................ 9
Senator Lautenberg........................................... 10
Senator Carper............................................... 33
WITNESSES
Thursday, May 26, 2005
Hon. Robert C. Bonner, Commissioner, Customs and Border
Protection, U.S. Department of Homeland Security............... 12
Richard M. Stana, Director, Homeland Security and Justice Issues,
U.S. Government accountability Office.......................... 37
Stephan E. Flynn, Commander, U.S. Coast Guard (Ret.), Jeane J.
Kirkpatrick Senior Fellow in National Security Studies, Council
on Foreign Relations, New York, New York....................... 40
C. Stewart Verdery, Jr., Principal, Mehlman Vogel Castagnetti,
Inc., Adjunct Fellow, Center for Strategic and International
Studies, and Former Assistant Secretary of Border and
Transportation Security Policy, U.S. Department of Homeland
Security....................................................... 43
Alphabetical List of Witnesses
Bonner, Hon. Robert C.:
Testimony.................................................... 12
Prepared statement with attachments.......................... 53
Flynn, Stephen E.:
Testimony.................................................... 40
Prepared statement........................................... 94
Stana, Richard M.:
Testimony.................................................... 37
Prepared statement........................................... 66
Verdery, C. Stewart, Jr.:
Testimony.................................................... 43
Prepared statement........................................... 102
EXHIBITS
1. High-Risk Shipments and Exams Conducted at Selected CSI
Ports 2004--CSI Ports: Hong Kong, Yokohama, and Le Havre, chart
prepared by the Permanent Subcommittee on Investigations....... 108
2. High-Risk Shipments and Exams Conducted at Selected CSI
Ports 2004--CSI Ports: Durban, Gothenburg, and Rotterdam, chart
prepared by the Permanent Subcommittee on Investigations....... 109
3. Status of Validating C-TPAT Members as of April 15, 2005
(Not Validated/Validated), chart prepared by the Permanent
Subcommittee on Investigations................................. 110
4. C-TPAT Membership Process, chart prepared by the Permanent
Subcommittee on Investigations................................. 111
5. Status of Validating C-TPAT Members as of April 15, 2005
(Nonimporters/Importers), chart prepared by the Permanent
Subcommittee on Investigations................................. 112
6. Photograph of the Port of Hong Kong......................... 113
7. Photograph of Heimann Mobile x-ray at the Port of
Felixstowe, England............................................ 114
8. U.S. Government Accountability Office (GAO) Report to
Congressional Requesters, CARGO SECURITY--Partnership Program
Grants Importers Reduced Scrutiny with Limited Assurance of
Improved Security, March 2005, GAO-05-404...................... 115
9. U.S. Government Accountability Office (GAO) Report to
Congressional Requesters, CONTAINER SECURITY--A Flexible
Staffing Model and Minimum Equipment Requirements Would Improve
Overseas Targeting and Inspection Efforts, April 2005, GAO-05-
557............................................................ 154
10. Responses to supplemental questions for the record submitted
to Robert C. Bonner, Commissioner, U. S. Customs and Border
Protection, Department of Homeland Security.................... 204
11. Responses to supplemental questions for the record submitted
to Richard M. Stana, Director, Homeland Security & Justice
Team, Government Accountability Office......................... 215
12. Photograph and x-ray image taken at a Michigan port of a
container carrying Canadian trash.............................. 217
THE CONTAINER SECURITY INITIATIVE
AND THE CUSTOMS-TRADE PARTNERSHIP
AGAINST TERRORISM: SECURING THE
GLOBAL SUPPLY CHAIN OR TROJAN HORSE?
----------
THURSDAY, MAY 26, 2005
U.S. Senate,
Permanent Subcommittee on Investigations,
of the Committee on Homeland Security
and Governmental Affairs,
Washington, DC.
The Subcommittee met, pursuant to notice, at 9:32 a.m., in
room SD-106, Dirksen Senate Office Building, Hon. Norm Coleman,
Chairman of the Subcommittee, presiding.
Present: Senators Coleman, Collins, Levin, Akaka, Carper,
and Lautenberg.
Staff Present: Raymond V. Shepherd, III, Staff Director and
Chief Counsel; Mary D. Robertson, Chief Clerk; Brian M. White,
Professional Staff Member; Leland Erickson, Counsel; Mark
Nelson, Counsel; Katherine Russell, Detailee (FBI); Jeffrey
James, Detailee (IRS); Richard Fahy, Detailee (ICE); Elise J.
Bean, Staff Director and Chief Counsel to the Minority; Laura
E.Stuber, Counsel to the Minority; Eric J. Diamant, Detailee
(GAO); Merril Springer, Intern; and Adam Wallwork, Intern.
OPENING STATEMENT OF SENATOR COLEMAN
Senator Coleman. This hearing of the Permanent Subcommittee
on Investigations is called to order. Good morning and thank
you all for being here today.
Today's hearing presents the first opportunity for this
Subcommittee to examine key homeland security programs under
the recently restructured full Committee on Homeland Security
and Governmental Affairs. I look forward to working
collaboratively with the full Committee and holding several
additional oversight hearings on homeland security in the
future.
After September 11, unfairly or not, Customs and Border
Protection (CBP) was thrust onto the front lines of our war on
terrorism. CBP was placed in the untenable position of having
to transform itself overnight--from an agency focused on
interdicting guns, drugs, and money--to the agency chiefly
responsible for protecting us against a chemical, biological,
radiological, or nuclear attack. Commissioner, I want to thank
you for your efforts to date in leading this transformation.
Today's hearing will focus on the Federal Government's
efforts to secure maritime commerce and the global supply
chain. In early 2002, U.S. Customs and Border Protection
launched both the Container Security Initiative (CSI), and the
Customs-Trade Partnership Against Terrorism (C-TPAT), to
address the threat of terrorism and the security of the global
supply chain. These programs were, and still are, the right
concepts for security in our new threat environment. Under the
leadership of Commissioner Bonner, CBP aggressively implemented
these programs, rather than endlessly debate the details here
in Washington. That accomplishment alone is worth applauding.
However, these programs have been in existence for over 3
years and it is time to start asking some tough questions and
identifying how we can improve upon these promising concepts.
While I believe these programs are indeed the right concepts,
our oversight investigation into these programs has revealed
significant shortcomings that we will address here today. In
concert with our efforts, the Government Accountability Office
(GAO), conducted two extensive audits of these programs. These
reports reveal some significant problems and outline the
substantial work that is required to transition these promising
initiatives into effective and sustainable programs.
As Secretary Chertoff stated at a full Committee budget
hearing in March, ``the worst thing would be this: To have a
program for reliable cargo that was insufficiently robust so
that people could sneak in and use it as a Trojan Horse. That
would be the worst of all worlds.'' Rest assured that PSI will
conduct the necessary sustained oversight to strengthen these
programs and ensure that they are not used as a Trojan Horse by
those whose very raison d'etre is to destroy us.
If there was one thing my colleague, Senator Kerry, and
President Bush agreed on in their debates this past fall, it
was the threat of nuclear terrorism. When both were asked about
the ``single most serious threat to the national security of
the United States, Senator Kerry responded, nuclear
proliferation, nuclear proliferation.'' In response, President
Bush concurred and told the audience, ``I agree with my
opponent that the biggest threat facing this country is weapons
of mass destruction in the hands of a terrorist network.''
Senator Kerry and President Bush agreed because the stakes
are so very high. In a recent estimate, a 10 to 20 kiloton
nuclear weapon detonated in a major seaport would kill between
50,000 to one million people and result in direct property
damage of $50 to $500 billion, losses due to trade disruption
of $100 billion to $200 billion, and indirect costs of $300
billion to $1.2 trillion. This is unfathomable and demonstrates
why these programs are essential to homeland security.
Recently, Director Robert Mueller, ominously assessed the
terrorist threat at the annual Global Intelligence Briefing by
stating he is concerned ``with the growing body of sensitive
reporting that continues to show al Qaeda's clear intention to
obtain and ultimately use some form of chemical, biological,
radiological, nuclear, or high-energy explosives in attacks
against America.''
Many terrorism experts believe that maritime container
shipping may serve as an ideal platform to deliver these
weapons to the United States. In fact, we recently saw that
containers may also serve as ideal platforms to transport
potential terrorists into the United States. This was
demonstrated on January 15 and again on April 2 this year, when
upwards of 30 Chinese immigrants were found emerging from
containers arriving at the Port of Los Angeles. I know that the
Chair, Senator Collins, was surveying that port and is very
familiar with the situation. The individuals were actually not
seen sneaking out of a container by the cameras, rather by an
observant crane operator. The Subcommittee's concern is that
smuggled immigrants could include members of terrorist
organizations and/or that the container could have contained a
weapon of mass destruction.
The Customs-Trade Partnership Against Terrorism, or C-TPAT,
attempts to secure the flow of goods bound for the United
States by developing voluntary partnerships with the trade
community. C-TPAT members--primarily importers--commit to
improving the security of their supply chain and provide CBP
with their supply chain security profiles for review. In
exchange for this commitment, CBP provides C-TPAT members
benefits to include upwards of seven times fewer inspection of
their cargo at U.S. borders.
Our concerns with C-TPAT include, one, these substantial
benefits, including fewer inspections, that are provided to
importers before a thorough review or validation of their
supply chain security profiles, and two, of those validations
that occur, the process lacks what I would call rigor or
independence. To me, a validation is an independent physical
audit of the supply chain security plan provided to CBP.
However, CBP views a validation as an opportunity to ``share
best practices'' and explicitly states that ``validations are
not audits.''
Furthermore, of the 2,676 certified C-TPAT importers
receiving reduced inspections, only 6 percent, 179, have been
validated. Hence, 94 percent of the C-TPAT importers currently
receiving seven times fewer inspections have not had their
supply chain security personally validated by a CBP officer.
This is simply unacceptable.
The Container Security Initiative (CSI) was implemented to
enable CBP to target high-risk containers for inspection at
overseas ports prior to their departure for U.S. ports.
Currently operating in 36 foreign ports, this program is based
on the concept of ``pushing out our borders.'' While this
concept is laudable and it is a good concept, a review of CBP
data by this Subcommittee and GAO raises significant concerns.
Many CSI ports are unable to inspect the quantity of
containers necessary to significantly improve security. Our
Subcommittee has identified some CSI reports that routinely
``waive'' the inspection of high-risk containers, despite
requests by CSI personnel for an inspection. As a result,
numerous high-risk containers are not subjected to an
examination overseas, thereby undermining the primary objective
and purpose of CSI.
More specifically, CBP inspects approximately one-third of
1 percent of the total number of containers headed for U.S.
shores from CSI ports. Equipment such as nuclear detection
devices and non-intrusive inspection machines used for overseas
inspections are untested and are of unknown quality. And CBP is
unable to compare the performance of one CSI port to another.
And finally, Customs identified 1.95 percent of containers
transiting through CSI ports in 2004 as high-risk, and that is
not a bad thing. However, of those containers deemed high-risk,
only 17.5 percent are inspected overseas.
Let me make the record clear. We have had a lot of
discussion about numbers. CBP asserts that 90 percent of high-
risk containers are inspected abroad, and when GAO states that
72 percent of high-risk containers are inspected abroad, they
are referring to high-risk containers referred for inspection.
When I state that only 17.5 percent of high-risk containers are
inspected abroad, I am referring to all containers designated
high-risk by CBP. So you have, and there is a chart showing
this,\1\ a number of containers designated high-risk, but then
a smaller percentage which are designated for inspection, and I
believe at least domestically here that we inspect all high-
risk containers. And yet abroad, I think our figure of 17.5
percent is the valid figure.
---------------------------------------------------------------------------
\1\ See Exhibits No. 1 and 2 which appears in the Appendix on pages
108 and 109 respectively.
---------------------------------------------------------------------------
While these findings are troubling, Customs has already
moved aggressively to improve these programs by fulfilling the
recommendations of the GAO audits. These changes are
encouraging and are worth highlighting. I look forward to
Commissioner Bonner's discussion of these substantial
modifications. However, based on our oversight, I believe much
work remains for Customs to build more robust and effective
security programs--in partnership with industry--to confront
the very real terrorist threat. This partnership will entail a
transformation of the trade community, where security becomes
embedded in the global supply chain. Instead of security being
a cost of doing business, security needs to become a way of
doing business.
I want to take this opportunity to thank Ranking Member
Levin, Chairman Collins, Senator Lieberman, and Representative
Dingell for their support and interest in this important
subject. Securing our Nation's borders and ports demands a
bipartisan and bicameral approach. I would also like to thank
Richard Stana, of the GAO, and his outstanding team of Stephen
Caldwell, Deena Richart, and Kathryn Godfrey for producing two
insightful reports that will contribute to improving our
homeland security.
I would like to welcome and thank the Commissioner of U.S.
Customs and Border Protection, Commissioner Bonner, the
Director of Homeland Security and Justice Team at GAO. Richard
Stana, Commander Steven Flynn of the Council on Foreign
Relations, and Stewart Verdery, the former Department of
Homeland Security Assistant Secretary for Border and
Transportation Security for appearing before this Subcommittee
today. I look forward to their testimony and an engaging
hearing.
With that, I would like to recognize my Ranking Member,
Senator Levin.
OPENING STATEMENT OF SENATOR LEVIN
Senator Levin. Thank you very much, Mr. Chairman. I
appreciate your effort, your energy, your commitment on a very
difficult subject. It is an important security issue that we
are addressing here this morning and the Chairman's leadership
in this effort is essential and I commend you for it.
I also want to commend our other colleagues, as you have,
including Congressman John Dingell, the dean of the House, for
his ongoing interest in this issue and for the major
contributions that he has made to the investigation.
On September 30, 2004, President Bush said ``the biggest
threat facing this country is weapons of mass destruction in
the hands of a terrorist network.'' On February 16, 2005,
Porter Goss, Director of CIA, or Central Intelligence, told the
Senate, ``It may be only a matter of time before al Qaeda or
another group attempts to use chemical, biological,
radiological, or nuclear weapons.'' In 1998, Osama bin Laden
declared that acquiring chemical or nuclear weapons ``is a
religious duty.''
These types of statements show that blocking avenues that
could be used to smuggle weapons of mass destruction into this
country is of utmost importance to our security. Today's
hearing focuses on one of those avenues: The 23 million
containers that enter the United States each year.
The Container Security Initiative (CSI) and the Customs-
Trade Partnership Against Terrorism (C-TPAT), are two programs
designed by Customs as part of what it has called a multi-
layered strategy to detect and prevent weapons from entering
the United States through containers. The two reports being
released today by the Government Accountability Office (GAO),
have identified deficiencies in both programs and are the focus
of today's hearing.
Container security has special significance to me because
each year, over 3 million containers cross the Michigan-
Canadian border, 3 million containers a year. Many of these
containers carry municipal solid waste from Canada and enter
Michigan by truck at three ports: Port Huron, Detroit, and
Sault Ste. Marie. Each month, in one of those ports, Port Huron
alone, approximately 7,000 to 8,000 containers of Canadian
waste enter Michigan across that border.
Leaving aside the issue of why our Canadian neighbors are
sending so much trash to my home State of Michigan each day,
key question is whether our Customs personnel have the
technology and resources necessary to inspect those containers
and ensure that they are not carrying weapons of mass
destruction into our country.
One key type of detection equipment used to screen
containers for security purposes uses X-rays to examine their
contents. But X-rays of trash containers are usually
unreadable--the trash is so dense and variable, that it is
impossible to identify anomalies, such as weapons or other
contraband. This photograph taken at a Michigan port of a
container carrying Canadian trash illustrates the problem.\1\
Anything could be stashed in the middle of one of these trash
containers, and our border personnel would have no way of
detecting anomalies in the picture, and that is what they look
for, anomalies. In trash, everything is anomalous. It is the
definition of trash.
---------------------------------------------------------------------------
\1\ See Exhibit No. 12 which appears in the Appendix on page 217.
---------------------------------------------------------------------------
The effectiveness of Customs detection equipment when it
comes to trash containers is an issue that I have raised before
with the Department of Homeland Security and other agencies and
I raise it again today. The bottom line is that if we are
relying on this equipment to detect WMD or other contraband in
containers filled with trash, we are putting our faith in a
faulty and limited system. We need to address that problem.
The GAO reports raise a number of other very troubling
container security issues that need to be addressed, and just a
few of them, I will highlight here.
First, inspection failures at foreign ports. The Chairman
has addressed this issue and I will quickly summarize. One key
problem identified in the GAO reports is the ongoing failure of
the CSI program to convince foreign governments to inspect
containers identified by U.S. personnel as high-risk cargo. I
want to emphasize what the Chairman said. This is cargo we have
identified as high-risk cargo. Now, the GAO found that 28
percent of the containers referred by U.S. personnel to a host
government were not inspected. Maybe someone wants to argue
over the percentage. I will stay with the GAO. But whether it
is 10 percent, 20 percent, or 28 percent, every one of those
containers that are high-risk containers identified by us
should be inspected.
One out of four containers, according to the GAO numbers,
identified by U.S. personnel as high-risk cargo were not
inspected. If these high-risk containers are not being
inspected overseas, then why are we letting them into the
United States?
Another issue is overseas personnel costs. Another issue of
concern involves CSI staffing levels overseas, and whether we
are spending a needless amount of money to maintain U.S.
personnel at foreign ports. We obviously want U.S. personnel at
foreign ports, but the idea that we are paying an average cost
of $430,000 annually, per year, to keep each American overseas
is amazingly high. It is a figure which is incredibly high to
me, and the latest figures from Customs indicate there are
currently 114 Customs employees overseas at 36 ports.
Now, it is helpful to have that staff working directly with
host nations, and I am all for it. We ought to do it at a much
more reasonable cost than that, but I am all for it. But
typically, only one or two CSI team members deal directly with
the host government's customs officials, while others work
primarily at computers, analyzing data. The question is whether
it is cost effective to place an entire CSI team at a port when
only one or two individuals are personally interacting with
foreign government personnel.
Then we have the C-TPAT program. We have an automatic
reduction in containers' scores because of that Partnership
Against Terrorism. The reduction in the score is automatic and
the question is whether or not it should be, where you
automatically ease inspection standards for each shipper that
signs up for the program. Right now, as soon as the shipper
files the application to become a C-TPAT member, Customs
immediately reduces the shipper's Automatic Targeting System
(ATS) score by a sizeable amount of points, without any
verification that a reduced score is appropriate.
A sizeable, automatic point reduction is of concern because
it may be enough to move a shipper from a high-risk category to
a medium- or even low-risk category, reducing the chance that
the shipper's containers will be inspected, even if the shipper
hasn't yet met the program's minimum security requirements, and
that is the issue. C-TPAT members shouldn't get the benefits of
the program's just for signing up. The shipper should also have
to show that it is meeting the program's security requirements
to get the benefits.
Customs carried on the approval at a fairly slow pace, and
validating those plans has also been fairly slow. So after 3
years, Customs approved only about 50 percent of the security
plans submitted by C-TPAT members and rejected about 20
percent. Of the approved plans, Customs has actually validated
compliance for only about 10 percent, which means that almost
90 percent of the firms that are given reduced Customs scrutiny
have never undergone a validation process showing that they are
entitled to the reduced scrutiny. That is a large validation
gap that invites abuse and we ought to try to correct it. It
may be an appropriations issue, I am not sure.
Finally, GAO has determined that DHS has no specified
minimum technical requirements for the inspection equipment
being developed and used at CSI ports and we need those
standards in order to know whether the equipment being
purchased is doing the job that needs to be done.
It is an enormous problem, this container security issue
which the Committee is addressing today. It is going to require
an enormous effort to address, but again, I commend our
Chairman for his leadership in addressing these gaps and
addressing these problems. He is doing it for exactly the right
reason, which is the security of this Nation. We want to be as
positive as we possibly can be to give the assistance to
Customs that they need to carry out these programs efficiently
and effectively.
Senator Coleman. Thank you, Senator Levin. I think it is
interesting to note that Senator Levin, myself, and the
Chairman all have States that are border States, and so these
issues are particularly important.
It is always an honor to have Chairman Collins here. This
has really been her issue. She has personally vested time and
energy in it. She has put it on the radar screen. She has been
out to various ports, surveying the situation there, and so I
just want to publicly thank her for her deep concern and
leadership in raising these questions, and hopefully the work
of the Subcommittee will assist her in her efforts to ensure
greater security and greater safety for all our ports and
borders. So with that, Chairman Collins.
OPENING STATEMENT OF CHAIRMAN COLLINS
Chairman Collins. Thank you very much, Mr. Chairman. Let me
commend you for your efforts to assess and improve the security
of our vital maritime industry.
You are correct that this issue is of great personal
interest to me. I have long been concerned and convinced that
our ports are one of our, if not the greatest, vulnerability
that we have, and your hearing builds very well on previous
oversight hearings that we have held at the full Committee.
Coming from a State with the largest port by tonnage in New
England, I am keenly aware of the importance of our seaports to
our national economy. Ninety-five percent of U.S. trade, both
imports and exports, moves through our seaports, and in the
year 2004, the value of these imports alone exceeded $600
billion.
I also understand the link between maritime security and
our national security. In my judgment, based on the work that
we have done and supplemented by the excellent work of this
Subcommittee, the weakest link in maritime security is the
cargo container. It used to be when I would see a giant cargo
ship come into a port, I viewed it as a marvel of the global
economy. Now, I worry that one of those containers may include
the makings of a dirty bomb, a group of terrorists, or even a
nuclear weapon.
In 2004, nearly 27,000 of these potential Trojan Horses
entered our country each day through our seaports. That amounts
to roughly 9.7 million containers in that year. We know that
most of the inbound containers are transporting legitimate
goods--TV sets, sneakers, or toys. But we also know that
smugglers for years have exploited the vulnerabilities of our
container system to smuggle in contraband, such as drugs,
illegal aliens, and other illegitimate commerce.
Given the current technology and the sheer volume of
traffic, we simply cannot inspect every container without
bringing trade to a standstill. We cannot follow every
container through its global journey, nor can we track every
container and every piece of cargo along the roads, rails, and
airways that bring them to ports. No one nation can secure the
international supply chain.
The two programs we examine today are designed to make
securing the supply chain exactly what it should be, a shared
responsibility, a shared partnership between the public and
private sectors, a shared responsibility among nations.
While these programs are extremely well conceived, their
level of success can only be described as modest. A substantial
majority of our ports worldwide are not part of the CSI
program. The overwhelming majority of private sector entities
have not enrolled in C-TPAT. Terrorists are nothing if not
opportunistic. These gaps in security may well be too wide to
ignore.
Equally troubling, however, are the indications that the
CSI and C-TPAT agreements in place are not as strong in
practice as they appear to be on paper, and both of my
colleagues already outlined some of the GAO's findings in this
regard and we will hear from the GAO later today, so I won't
repeat it here.
We should, however, recognize the fact that Customs and
Border Protection was compelled to roll out these two programs
very quickly during a time of great stress and uncertainty.
Given the urgent need to take action against terrorism
following September 11, it is understandable that these
programs began with what is frequently called the implement and
amend approach. In other words, get it started and fix the
problems as they come up.
We must ensure, however, that the problems are, indeed,
identified and fixed. The consequences of failing to do so
could be staggering. The West Coast dock labor dispute in the
fall of 2002 cost our economy an estimated $1 billion for each
of the 10 days that it lasted. It not only brought the affected
ports to a halt, but it also harmed businesses throughout this
country and among our international trading partners. And that
astonishing amount of economic damage was the result of an
event that was both peaceful and anticipated.
Just think what a deliberate attack on one of our large
ports, or even a small port, could do to our economy. It would
bring it to a standstill. It would result in all seaports being
closed down temporarily, and obviously, it could cause a
significant loss of life.
The use of the Trojan Horse analogy is apt. Earlier this
year, as the Chairman indicated, I toured the Ports of Los
Angeles and Long Beach. The size of these facilities and the
amount of activity is just extraordinary to behold. But so,
too, are the risks and the vulnerabilities they offer for
terrorists to exploit.
I saw from the air from a Coast Guard helicopter the
enormous number of containers being unloaded from ships in
these two ports. By coincidence, as the Chairman mentioned, my
visit came immediately before 32 Chinese nationals were
smuggled into the Port of Los Angeles on two cargo containers.
Fortunately, that Trojan Horse held people seeking a better way
of life, not terrorists seeking to destroy our way of life.
They were caught, but what is particularly disturbing about
this case is they were not caught due to any security
initiative or the technology or extensive television network
surveillance cameras that were in place, but rather, as the
Chairman indicated, by an alert crane operator. It is also
troubling that the same kind of incident happened a second time
just a few months later.
We cannot continue to rely on luck or even alert crane
operators to provide for the security of our seaports, our
Nation, and our people.
Mr. Chairman, I look forward to hearing the testimony
today.
Senator Coleman. Chairman Collins, I again want to thank
you for your leadership on this important issue.
Senator Akaka.
OPENING STATEMENT OF SENATOR AKAKA
Senator Akaka. Thank you very much, Mr. Chairman. I am glad
to join you in this hearing and I thank you for convening this
hearing on the Container Security Initiative and the Customs-
Trade Partnership Against Terrorism. These programs represent
critical layers in the protection of American cargo and ports.
Cargo security is especially important to my State of
Hawaii because, as I noted in many previous hearings, Hawaii
receives 98 percent of the goods it imports via the sea. An
interruption in sea commerce could have a staggering impact on
the daily lives of the people in Hawaii.
Last week, Department of Homeland Security Secretary
Chertoff stated that we need to create a world that is banded
together with ``worldwide security envelopes,'' which he
described as secure environments through which people and cargo
can move rapidly, efficiently, and safely. Programs such as CSI
and C-TPAT, which use voluntarily submitted information to
focus scarce screening resources on high-risk shippers and
cargo should be the cornerstones of Secretary Chertoff's
vision.
It is important not only to examine whether these programs
function well, but how they will fit into Secretary Chertoff's
vision of a worldwide security envelope. I have yet to see
details that convince me that DHS has executed the planning
necessary to achieve such a coordinated global effort.
Unfortunately, there is only minimal coordination of
international programs across the Department. For example,
there are Immigration and Customs Enforcement, ICE, agents
investigating illegal customs activities in countries that have
CSI ports, and yet, often the Customs and Border Protection and
ICE teams--can you imagine this--do not talk to each other.
CSI teams are scrubbing data daily, looking for anomalies
relating to weapons of mass destruction, but we also must be
concerned about drug smuggling, human trafficking, counterfeit
goods, and invasive species. We need to ensure that our
international partnerships are not program specific.
DHS's Office of International Affairs could play a critical
role in coordinating operations abroad of the various entities
within the Department. We need effective coordination to ensure
that our various security programs are integrated and are
mutually reinforcing.
I look forward to the testimony of our witnesses, and thank
you so much, Mr. Chairman.
Senator Coleman. Thank you, Senator Akaka. Senator
Lautenberg.
OPENING STATEMENT OF SENATOR LAUTENBERG
Senator Lautenberg. Thanks, Mr. Chairman, for holding this
hearing. We have a duty in Congress to step back every once in
a while and oversee how things are going. This is such an
opportunity.
I concur with your comments, Mr. Chairman, about the
Chairman of the entire Committee. She has been very much
interested and diligent about homeland security issues, so it
is a welcome addition to the dialogue here that Chairman
Collins is with us.
In this case, I am afraid that the report card is one that
will not make anyone particularly proud. The Administration has
failed on port security. I'm concerned that if we review every
program at DHS with the zeal that this Subcommittee shows here
today, we might find even more frightening results.
It has been almost 4 years since September 11 and we still
inspect only 5.5 percent of all containers coming into the
United States. Two programs, the Container Security Initiative
and the Customs-Trade Partnership Against Terrorism, are aimed
at detecting terrorist weapons brought to our country. But CSI
has resulted in inspections of only 17.5 percent of high-risk
cargo.
The Customs and Border Protection may claim that they can
only ask foreign countries to inspect for WMDs, but terrorists
ship things other than weapons, too, like drugs, which are sold
to pay for terrorist operations, and we rely on other nations
to perform these inspections. We don't have standards for the
equipment that they use to inspect. We don't even oversee some
of these foreign inspections. In some cases, DHS personnel in
the CSI program are stationed an hour away from where the
actual loading takes place.
There are big problems with the CSI program, as I expect
our witnesses will discuss in more detail. The bottom line,
however is that the Federal Government has not been doing
enough to protect our citizens from container-borne threats.
As for the C-TPAT program, it is alarming to me that after
September 11, that the Administration would fashion a voluntary
homeland security program to try and improve supply chains. If
a voluntary program were all that was needed, then the industry
could have done that on its own. If September 11 taught us
anything, it should be the government has a duty to protect its
citizens from terrorism, not simply rely on companies to
upgrade security at isolated parts of a worldwide logistics
system.
We saw that very sharply in our inspection of cargo at the
airports--the baggage screenage. The private sector was doing
it as a business and doing it very poorly. I am pleased to say
that I have seen marked improvements in those inspection
routines. If the Administration knows what security measures
should be taken to improve security of our logistics system,
they should require them, not make them, optional.
And finally, the Port Security Grant Program is now
administered by the Office of Domestic Preparedness. Last
September, the Administration announced a round of grants to
help secure our ports. But those resources were not targeted to
the ports that are most at risk, and it is a subject that I
have discussed fairly frequently about security grants in
general. Some of the grants went to facilities in Oklahoma,
Indiana, and Kentucky, hardly the front lines of the war on
terror, certainly not with the port presence that we have in
the States that are represented here.
I think it is just common sense that Port Security Grants
should be based on risk, not politics. And I know that the
Inspector General has agreed with my position. We cannot afford
to play politics with port security. The consequences of
failure are simply too great.
Some 20 million people live near the New York-New Jersey
port facilities, which are vulnerable to terrorist attacks.
Hazardous materials move in and out of the port through
pipelines and over roads and freight rail lines, and Newark
Liberty International Airport is within a mile of the harbor or
the port. So it is easy to imagine what is at stake for my
State and the Nation if our port is attacked.
I am upset with the failures of the Administration on port
security and I hope these hearings this day will help
illuminate the dangerous lapses and loopholes that leave our
citizens at risk. I hope these hearings help us find solutions
for moving forward. Thank you, Mr. Chairman.
Senator Coleman. Thank you, Senator Lautenberg.
I would now like to call our first witness for today's
hearing. It is my pleasure to welcome the Hon. Robert C.
Bonner, Commissioner of U.S. Customs and Border Protection for
the Department of Homeland Security.
Commissioner Bonner, I appreciate your attendance at
today's hearing and look forward to your testimony regarding
CBP's efforts to secure maritime trade and the global supply
chain, and let me say up front, we recognize the enormity of
the task. I believe there are over 9 million eight-by-eight
cargo containers that enter this country annually, and so we
are looking at needles in a very big haystack. I also want to
publicly thank you for your efforts to date.
We do recognize that strides have been made, tremendous
improvements have been made. But certainly the purpose of
oversight is to look at what we have and say, how do we make it
better? The stakes are simply so high here, they are so high
that, clearly, this is the kind of oversight that is needed.
Before we begin, pursuant to Rule 6, all witnesses before
the Subcommittee are required to be sworn in. I would ask you
to please stand and raise your right hand.
Do you swear that the testimony you are about to give
before the Subcommittee is the truth, the whole truth, and
nothing but the truth, so help you, God?
Mr. Bonner. I do.
Senator Coleman. We will be using a timing system today. I
think the oral testimony should be no more than 10 minutes.
When you see the amber light come on, come to a conclusion. But
your entire testimony will be entered into the record as a
whole.
With that, Commissioner, please proceed.
TESTIMONY OF HON. ROBERT C. BONNER,\1\ COMMISSIONER, CUSTOMS
AND BORDER PROTECTION, U.S. DEPARTMENT OF HOMELAND SECURITY
Mr. Bonner. I appreciate that, Mr. Chairman. I appreciate
the kind words, and Senator Levin, Chairman Collins. I am very
pleased to appear before the Subcommittee, Mr. Chairman, today
to have this opportunity to discuss two very important
initiatives of Customs and Border Protection and these are the
Container Security Initiative and the Customs-Trade Partnership
Against Terrorism, or C-TPAT. And I want to thank the Members
of the Subcommittee for your support of CBP and the work that
it does every day to help protect America and keep it safe, and
by that, I mean the help that this Committee, the Subcommittee
has given us to help secure our borders and our ports.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Bonner appears in the Appendix on
page 53.
---------------------------------------------------------------------------
I might also say, Mr. Chairman, that the GAO and this
Subcommittee and the staff of the Subcommittee have offered
over the course of time some very valuable suggestions to us
and recommendations with respect to both CSI and C-TPAT, and I
can tell you that we appreciate the interest and oversight, and
we also have taken many of these suggestions and
recommendations to heart because we have implemented a good
many of them.
These initiatives that I want to talk about a bit this
morning, as you know, seek to add security to our country, but
to do so without choking off the flow of legitimate trade that
is so important to our economy.
I would say one of the realizations that I had, and I am
sure many people did on the morning of September 11, was that
on that morning, the priority mission of U.S. Customs, now
Customs and Border Protection, became national security. The
mission became nothing short of doing everything that we could
responsibly with the resources we have to prevent terrorists
and terrorist weapons from getting into our country.
But I will also say, having been there, that there was
another realization that came to me the following day, on
September 12, 2001, and that is as important as it is that we
increase our security and make it more difficult for al Qaeda
and al Qaeda-associated terrorist organizations to be able to
attack America and to get into this country or to get weapons
into this country, we had to do that without shutting down our
economy. On the morning of September 11, U.S. Customs went to
the highest security-level alert that existed at that time,
short of actually just shutting down the ports of entry into
our country.
And the result as, by the next day, September 12, we had
virtually shut down our border. The wait times at the
Ambassador Bridge that comes from Ontario over to Detroit, the
bridges into Buffalo from Canada, they literally froze up. We
went from wait times on September 10 that averaged about 10
minutes to 12 hours by September 12 and September 13.
And so it was important that we figured out, as best we
could and as quickly as we could, how we did the security in a
way that didn't shut down our economy in the process, because I
can tell you, by the 13th and 14th of September, as a result of
the actions that we took, companies, many companies that relied
on just-in-time deliveries in the United States were ready to
shut down their plants. In fact, a few plants of the major
automobile manufacturers did shut down on September 14.
So we have needed, as we have looked at this issue, to
figure out ways that we could accomplish essentially what I
would describe as twin goals: The goals of securing our country
in a way that does not shut down the flow of legitimate trade
and damage our economy. And those twin goals, and I have
described them many times, are part and parcel of CBP's
strategy of a smart border and an extended border strategy, one
that pushes our zone of security out beyond our borders so that
we know what is headed our way before it arrives here at our
ports and so that our borders are our last line of defense, not
our first line of defense. And when I say our borders here, I
mean all of our ports, official ports of entry into the United
States, all the official crossing points.
Our strategy, by the way, that we put together and we have
implemented is essentially based upon four interrelated and
interlocking initiatives. It is no one initiative. This is a
layered approach that we have taken to increase significantly
the security of maritime cargo and all cargo moving into the
United States.
But it is built upon four key initiatives, and the first is
the 24-hour and Trade Act rules, and these were rules and
regulations we put into place requiring advance electronic
information, initially on all ocean-going sea containers 24
hours before they were shipped to the United States, and now on
all cargo shipped to the United States.
The second initiative was building and developing the
Automated Targeting System that is our risk targeting system at
CBP's National Targeting Center that uses targeting rules that
are based upon strategic intelligence and anomaly analysis to
assess for risk of terrorism every single cargo shipment that
heads to the United States before it arrives. And in the case
of sea cargo containers, before it even leaves foreign seaports
to the United States.
The third is the Container Security Initiative, and that,
of course, is our partnership with governments, other
governments of the world to screen high-risk containers before
they are loaded on board vessels for the United States. To
implement CSI, we have entered into CSI agreements with over 23
countries and we have implemented, that is made operational CSI
at 36 of the largest foreign seaports of the world, seaports
that include everything from Rotterdam to Singapore to,
recently, Shanghai.
Now, these didn't all start at once. They started with one
port. You have to start someplace. That was the Port of
Rotterdam, by the way, as a result of an agreement with the
Dutch, with the Netherlands, and the most recent port being
Shanghai, China, one of the largest seaports in Asia.
The fourth initiative was the Customs-Trade Partnership
Against Terrorism, or C-TPAT, and that is our partnership with
the private sector, with the major U.S. importers, with ocean-
going carriers and others that own, operate, or are key
participants in the supply chain from overseas to the United
States. Today, C-TPAT has more than 5,000 certified C-TPAT
companies who have, I submit, increased the security of the
supply chain, literally from the foreign loading docks of their
foreign suppliers to U.S. ports of arrival, and they have done
it, in part, in exchange for benefits from Customs and Border
Protection in the form of faster processing of their goods on
arrival.
Let me say just right out of the box here, none of those
initiatives existed on September 11. All of them have been put
in place since September 11, and taken together, these
initiatives are part of our layered strategy and they do
provide greater protection to our country against terrorist
attacks, and importantly, they provide greater protection for
the primary system of international trade. These initiatives
help protect the trading system itself against potential
terrorist exploitation.
I might add, by the way, while I didn't list it as an
initiative, of course, part of our strategy, too, has been
adding significant additional detection technology at our own
borders, at our own ports of entry, both seaports and land
ports, to better detect against potential terrorist weapons.
But CSI and C-TPAT, they are revolutionary initiatives, but
they were initiatives that, in my judgment, in our judgment, we
needed to move forward with, and we needed to move forward with
them quickly, indeed, as quickly as possible because for all
practical purposes, there was no security of the supply chain
to protect essentially the movement of goods to the United
States before September 11, or very little.
But these initiatives are and they were always intended to
be--let me make this point very clear--dynamic and evolving
initiatives that have improved and need to continue to improve.
These initiatives work in concert with each other and with the
National Targeting Center and with advance information and risk
management.
As a result of one of the recommendations of the GAO, we
have decided to, for example, reduce the credits for
being a certified C-TPAT partner. We didn't eliminate them,
but we have reduced them and we have gone to a tiered system.
Let me also say that, with respect to these initiatives, I
think it is important to understand that essentially as we
proposed and launched them, that many people actually said that
it couldn't be done. Many people said it would take years to
get them done, that there were sovereignty concerns and all of
that.
And I can tell you that customs agencies in other countries
around the world, they use their inspectional capabilities for
inbound containers. It was a revolutionary idea to say, based
upon the United States making a request that we deem this
container high-risk and after analysis something that should be
inspected outbound, that we want foreign countries to inspect
containers going outbound rather than inbound into their
respective countries.
And there may be some disagreement on the percentage here,
but based upon the number of containers that we have requested
be inspected by our host nation colleagues in these 36 foreign
seaports, those requests have been honored about 90 percent of
the time. There have been occasions where we have gotten
additional information from the host nation where we could
actually assess the risk as not being sufficient to require an
outbound inspection, and there have been--I think the point is,
you have to be there, you have to work with these countries in
order to make sure that we have as many of the highest-risk
containers that are searched outbound before they come to the
United States.
If they are not searched there, though, this is a layered
defense strategy and we have mandated that every container that
we deem to be high-risk for purposes of inbound, and that is
every container that scores above 190 pursuant to our Automated
Targeting System, it must be inspected upon arrival into the
United States if it has not been inspected in an outbound CSI
port.
Mr. Chairman, I see my time is up. I just want to conclude
by saying that I believe that these initiatives are working. I
am convinced that America is safer today because of them. I
look forward to working with this Subcommittee, with the full
Committee, with the Congress, with GAO to further improve,
because there are some further improvements we want to make to
make these initiatives even more effective. Thank you, Mr.
Chairman.
Senator Coleman. Thank you very much, Commissioner.
I want to first talk about C-TPAT and the concern that we
have. Can we have Exhibit 4\1\ displayed? Let us first talk
about the process by which someone becomes a member.
---------------------------------------------------------------------------
\1\ See Exhibit No. 4 which appears in the Appendix on page 111.
---------------------------------------------------------------------------
The concern is if there is a recognition--can we turn that
sideways? Thank you.
By virtue of membership, the benefit is a diminished
likelihood of inspection. Is that the purpose?
Mr. Bonner. That is the essential bargain that incentivizes
the investment by private sector companies to improve their
supply chain security.
Senator Coleman. The concern is that to receive benefits, a
company provides Customs and Border Protection with their
supply chain security profile. The supply chain specialist
looks at the written information, checks various databases, and
upon successful completion of this paper review, a member
receives seven times as few inspections. Is that a fair summary
of the process today?
Mr. Bonner. Well, before we have modified this, and we did
it recently, I thought it was about six times less likely that
you would receive a security inspection if you had committed to
meet the security standards and criteria of C-TPAT.
Senator Coleman. One can talk about the number of times,
but in effect, are you virtually ensuring that shipments will
not be searched?
Mr. Bonner. No, by no means. But it does recognize that if
you have committed--and by the way, in many instances, we are
talking about major U.S. importers that we have dealt with,
that U.S. Customs has dealt with for many years who are signing
on the line that they are committing to meet the security
criteria of C-TPAT, and that means that they are making a
commitment to use their leverage against their foreign
suppliers and vendors to meet the security criteria of C-TPAT.
We are actually reaching into a part of the supply chain
that is beyond the regulatory reach of the United States. I
want this Subcommittee to understand that. In other words, we
could not even regulate what a foreign supplier does in terms
of supply chain security, but large U.S. importers which are C-
TPAT members have the leverage to require those security
criteria to be met under their purchase contracts and purchase
orders, and that is what C-TPAT companies are doing. They have
committed to do that. If they are not, by the way, they are
subject potentially to criminal prosecution, penalties, and the
like.
So there is some measure of assurance that they have
actually done what they have said they are going to do because
we have dealt with them over the years. We know that they can
be trusted.
Now, we haven't ended it there, as you know, Mr. Chairman.
We have said, trust but verify, and I have heard the
recommendations of the GAO and I believe that we need to--and
we are ramping up the verifications of C-TPAT members. Right
now we have about 12 percent of the U.S. importers that are
certified C-TPAT members that are validated. That is to say, we
have verified that they are meeting their commitments with
respect to their foreign supply chain. We have another 40
percent that are in progress.
So over half of the current C-TPAT partners, we have either
validated or we are in the process of validating their supply
chain, and we are hiring up and ramping up the number of supply
chain security specialists at Customs and Border Protection in
order to be able to do this more rapidly and to make sure that
the C-TPAT members out there know that we are going to
validate, and frankly, if they aren't living up to their
commitments, and most of them are, virtually all of them are,
but the ones that aren't are going to be suspended and
decertified and thrown out of the program.
Senator Coleman. We have a discussion about numbers here.
At least as I understand it--I think Exhibit 3\1\
demonstrates--that we currently have 9,011 applicants to the
program----
---------------------------------------------------------------------------
\1\ See Exhibit No. 3 which appears in the Appendix on page 110.
---------------------------------------------------------------------------
Mr. Bonner. That is about right.
Senator Coleman. I have applicants, of which 4,857 have
been certified by staff members and now receive the benefits.
But in terms of validation, only 546 of those certified have
had their security programs verified or validated. Is that
accurate?
Mr. Bonner. I think that is about right. Ten to 12 percent
have had the validations completed and there are another,
roughly, of the importers, another about 40 percent or so that
are in progress.
Senator Coleman. But all those that are certified receive
the benefit of participating in the program.
Mr. Bonner. That is right. We have reduced that benefit now
recently based upon some of this recommendation.
Senator Coleman. Now you have a tiered benefit. As a result
of the investigations----
Mr. Bonner. You are absolutely right. There are benefits in
terms of some degree of reduced inspections because you have
committed and represented to U.S. Customs and Border Protection
that you have and are meeting the minimal supply chain security
criteria for your supply chain back to your foreign vendor. So
that is true.
Senator Coleman. I believe that in the two instances that
the Chairman spoke of, where Chinese nationals were smuggled
into this country, involved C-TPAT members. Is that correct?
Mr. Bonner. It was a C-TPAT ocean-going carrier. The
importer wasn't C-TPAT nor was--but the one link that was C-
TPAT there was the ocean-going carrier, in other words, the
company that was actually carrying the container from--and that
was from, in both cases, from the port of Shekou, which is in
Shenzhen, China, to the Port of Los Angeles-Long Beach.
Senator Coleman. Let me go back on the validation process.
Can you briefly describe that?
Mr. Bonner. Well, yes. The validation process, we try to
avoid the word ``audit'' because it has historic repercussions
for the trade, Customs audits, and this is pre-September 11,
before I became Commissioner, but it usually meant months that
people would be in your company poring over all of your papers
for compliance purposes.
But it is a verification. The validation is a verification
that you have, in fact, implemented the commitments that you
have made and that you have said you are carrying out to
improve the security of your supply chain, for example, that
you actually do have in your purchase order contractual
requirements of your foreign suppliers that it meet the
security criteria that the C-TPAT importer has told it must do
in order to be a certified C-TPAT importer, and that they do
periodically monitor to see that their contract, that the
contractual obligation is carried out.
Now, we are verifying that--that is an essential part of
the supply chain--as part of our validation process, Mr.
Chairman.
Senator Coleman. The GAO report has raised concerns that
the validation process does not have any standard operating
procedure. There is not a uniform system of validation. Is that
a fair criticism?
Mr. Bonner. I know that there was a criticism in the GAO
report, and as a result of the criticism, we have put together
a validation plan and I believe it sets forth our strategy for
validations, how we prioritize validations, what we want our
validators to look for.
By the way, I will agree, at the very beginning of this
process that we were--how do we know what the best practices
were for the supply chain security? We went to major companies
and we found out what it was. We had to develop expertise in
this area. I think we have a lot now.
But I believe we have met the concern of--a number of
concerns that GAO raised, one of which was that we needed to
have a validation plan, how we were going to go about it, what
the rules of the games are. I am not saying, by the way, there
can't be improvements here. Mr. Stana may well suggest some and
we are interested in continually improving how we validate, and
the fact that we want to validate the C-TPAT members and we
have a regime now and a staffing level that is going to help us
do that far more rapidly than we were able to do when we
launched this program, starting with seven private sector
companies that partnered with us back in December 2001.
Senator Coleman. Commissioner, I will sum it up this way. I
understand the vision of C-TPAT is to identify best practices
and then use those. The concern, however, is that you have a
substantial number of operations--and they are not all Wal-Mart
and they are not all internationally known operations--that
receive substantial benefits prior to certification, prior to
validation, and the program is expanding.
I think that is the concern in this here report, and I
appreciate the fact that you are continuing to look at this, to
develop a tiered system, to improve the validation process, but
I think those concerned, based on the risk if we fail, and you
are in a business where failure, you can't allow it. If we
fail, folks are going to come back and say, how did you let
this operation get through? They simply applied. It was done on
paper. You never looked at their operation, never did any
physical review, never did any audit, never did any validation,
and they are going to be pointing right at you and I think it
is going to be tough to respond if, God forbid, the unthinkable
happens.
Mr. Bonner. Well, nobody gets benefits unless they have
been certified, and as you know, Mr. Chairman, of the security
plans that have been put forward to us, we rejected one out of
five. About 1,000, we have said, no, this doesn't cut it. This
is not meeting the security criteria that is required for C-
TPAT.
But I understand what you are saying and we agree, I think,
that we need to--actually, as a result of things that the
Subcommittee and the staff has done here, I have taken a look
with my staff and we have not eliminated, we have reduced the
level of benefits for just being certified and moved to a
tiered system so that you do get more increased benefits after
we have actually validated or verified that you have met your
commitments.
Senator Coleman. That is appreciated, Commissioner. Senator
Levin.
Senator Levin. If you are certified but not validated, you
get less benefits?
Mr. Bonner. That is right.
Senator Levin. You said before the changes, there was six
times less likelihood of what?
Mr. Bonner. Well, if you----
Senator Levin. Less likelihood of----
Mr. Bonner [continuing]. Were certified, just on average--
this is just taking a statistical analysis--if you were a
certified C-TPAT member, you had made the commitments, said you
were doing them, and so forth, it was less likely that you
would get inspected. The reason is----
Senator Levin. Six times----
Mr. Bonner [continuing]. You got a credit. You literally
got a credit against the Risk Targeting Scoring System for
being a certified C-TPAT partner----
Senator Levin. You were six times----
Mr. Bonner [continuing]. The effect of which----
Senator Levin. Got you. You were six times less likely.
Mr. Bonner. Yes.
Senator Levin. After the changes, where you now tier the
benefit, depending on whether it has been validated, if you are
not validated, what is the multiplier? Are you four times less
likely?
Mr. Bonner. Let me tell you what it means in terms of the
scoring credit. We reduced the scoring credit from about 125
for being certified, plus you could also get a potential of
even more than that just for being certified, we have reduced
that down to 75. And we have done an evaluation, Senator, we
have done an evaluation at Customs and Border Protection and
this is our National Targeting Center, it is our Office of
Intelligence, and so forth, an evaluation of looking at the
various risk factors that are in our targeting rules, and there
are 300 targeting rules that can fire with respect to any
particular container and there is a certain level of points, if
you will, that are assigned if a container--and they go from--I
don't want to go into great detail here----
Senator Levin. Yes, I wish you wouldn't.
Mr. Bonner [continuing]. By country of origin and so forth.
Senator Levin. I wish you would just try to give me the
bottom line. You were six times less likely to be inspected
after you are validated. Before you are validated but after you
are certified, is that about three times less likely, would you
say?
Mr. Bonner. I can't really give you an answer. We just
implemented this in the end of April and we are going to need
to see how it works out. I believe it will be that there will
be some degree of increased inspections over what it had been
before for just being certified, and it may well be that there
is some degree of increased benefits if we have actually
validated the C-TPAT member.
Senator Levin. In terms of the number of containers coming
into the country, as I understand the figures, roughly 9
million come by sea, 8 million by truck, and 6 million by rail.
Does that sound about right?
Mr. Bonner. Well, it is 11 million by truck. Seven million
come across the Canadian border. It is between 9 and 10
million, last year, sea containers.
Senator Levin. OK.
Mr. Bonner. That has actually gone up about--almost 50
percent since 2001----
Senator Lautenberg. That is across the entire country?
Mr. Bonner. Across the entire country.
Senator Levin. So we have more coming in by truck than we
do by sea?
Mr. Bonner. That is correct.
Senator Levin. And we have about 6 million by rail, is that
about right?
Mr. Bonner. That is about right. I don't have that figure
before me, but there are--we do get rail cars from both Mexico
and Canada, as you know, Senator.
Senator Levin. The program applies to all these containers?
Mr. Bonner. The C-TPAT program, yes, it does.
Senator Levin. Now, in terms of the--you said you can't--
you do the C-TPAT by agreement with the importers, basically,
and that we are able to reach back into the supply chain in
ways you could not do but for that voluntary agreement with the
importers, is that basically what you said?
Mr. Bonner. In essence, that is right.
Senator Levin. I am not suggesting we change our approach,
but isn't it true that we could simply say, unless you can
certify to us that you have reached back, you cannot import?
Why do you just assume that we cannot enforce our rules without
an agreement on the part of importers? That is a lot better way
to do it, I am not arguing with that. But I am just saying the
premise that you establish here, it seems to me is one I want
to challenge.
Mr. Bonner. Here is the problem. Ultimately, it is--you are
building in the critical foreign security--security is actually
at the foreign supplier where the container is actually being
loaded or stuffed. That foreign supplier, we don't have any
regulatory power over that foreign supplier.
Senator Levin. Correct.
Mr. Bonner. As I was discussing this, and this goes back
literally to October or November 2001, what do we do under this
circumstance? I mean, we are going to increase security in
terms of things moving through our ports, but is there a way to
extend the border out and could we do this in partnership?
I will say this. It is very difficult to think of a
regulatory regime that is enforceable against the foreign
supplier. So you have to literally go through the U.S.
importer----
Senator Levin. That is not my question. My question is, you
could require a certification of the importer that certain
protective actions have been taken by that importer, couldn't
you?
Mr. Bonner. Well, yes, you could, I think, but some
importers would say--if you are trying to do this by
regulation, some importers will say, well, look, we can't do
that. We don't have leverage over our foreign suppliers. Our
foreign supplier is a big distributor in China or Malaysia and
we don't have that leverage.
Senator Levin. You have huge leverage over them. Unless we
can certify to the U.S. Customs, we ain't buying your stuff.
That is huge leverage.
I just want to challenge your statement, because it seems
to me it could lead to some actions or inactions on our part
which I won't accept. Now, I want to do it by partnership. I
would rather do it your way. But I don't want to accept the
premise that you could not require an importer to certify that
he has actually achieved that same level of protection through
agreement with whoever his supplier is that you can do in a
voluntary way. I will leave it at that. I just want to tell you
I challenge your premise.
Mr. Bonner. If you just, though, if you think about it, if
you are trying to regulate, you are telling every U.S.
importer, you must do this and you must establish this level of
supply chain security, and there are companies, small
companies----
Senator Levin. No, we are not saying you must----
Mr. Bonner [continuing]. Small importers that can't do
that, and, therefore, can't participate in C-TPAT, either,
because they are not able to do the security of the supply
chain that is necessary.
Senator Levin. So it is a practical way to do it. It is the
better way to do it. I am just saying you are not limited to do
that, and to suggest that our government is limited in that
way, it seems to me, is giving away much too much. We someday
may have to require certification of certain things to protect
our borders which does not depend upon a voluntary agreement
but says, unless you certify that, you cannot bring in
materials. Let me leave it at that----
Mr. Bonner. I take your point. I still think, overall, a
voluntary partnership approach made a lot of sense at the
time----
Senator Levin. I agree with that.
Mr. Bonner [continuing]. This is November 2001. I still
think it makes a lot of sense.
Senator Levin. I do, too. I am not challenging your effort.
I think it is the right way to go.
You have indicated that all of the high-risk cargoes are
inspected either overseas or here, that is mandatory, is that
correct?
Mr. Bonner. Yes. I probably should define high-risk, but
yes.
Senator Levin. Yes, but, as you define it, because there
was an article in the paper that suggested that you are not
quite that confident that those inspections take place at one
point or another. It was a New York Times article, I believe,
that was either today or yesterday which said that Customs
officials would not provide documentation to show that all the
high-risk containers not inspected in foreign ports were
checked once they arrived in the United States, but they said
they were reasonably confident the checks had been made. Is
that a more accurate way to state it, or are you more confident
than reasonably confident?
Mr. Bonner. Let me tell you my view on it, the reason I do
have some confidence that the high-risk containers do get a
security inspection, and that is that I am going to define
high-risk container--there are different ways of defining it--
--
Senator Levin. I understand.
Mr. Bonner [continuing]. But I am just going to define it
right now as this is the rough cut through our Automated
Targeting System at the National Targeting Center that says
this container has a threshold scoring of 190 or above.
Now, by the way, you can do further analysis as to whether
that is high-risk or not, but we have essentially said and
implemented, and this goes back to the summer of 2002, we
basically said to our ports of arrival, and that is the Port of
Newark and that is the Port of Los Angeles, that every
container that scores over 190 will be inspected at the port of
arrival in the United States unless it has, in fact, had a
security inspection at a CSI port overseas. In other words, we
are not requiring it be done twice if, in fact, that CSI
inspection has taken place.
But that is why I can say with a fair degree of confidence
that every container that scores above 190 and is defined as
high-risk for the terrorist threat in that way is going to be
screened, if not at CSI ports, and we are still trying to push
that number up, but is going to get an inspection on arrival,
and that is a defense in depth. We have extended our border out
and we are trying to get the extended border closer to what we
do on arrival. But that is why I think I can say with some
confidence that every high-risk container defined that way does
get an inspection, either at CSI ports outbound or on arrival
in the United States.
Senator Levin. That is a little more assuring than
reasonably confident, as reported in yesterday's New York
Times. That is all I am saying. I am glad to hear it. You are
more confident than reasonably confident. I am glad you are. I
hope you are right.
I will just wind up by saying I am out of time, so we can't
get into this trash issue, but I have looked at those X-rays.
Mr. Bonner. We have talked about that before and----
Senator Levin. We are going to have to find a way, one way
or another, because it is unacceptable to have thousands of
these trucks coming in. It is all anomalous cargo. You can't
see it on an X-ray. One way or another, we are going to
protect--we have to find a way to protect our people.
Mr. Bonner. As you know from our conversations, I don't
think we should be--we shouldn't have trash coming in from
Canada into the United States, but I cannot----
Senator Levin. Amen.
Mr. Bonner [continuing]. I cannot prohibit it. I am going
to need some statutory authority to say that is prohibited
material.
Senator Levin. If you can't reasonably assure us the way
you just did on this other cargo, if you can't reasonably
assure us through an X-ray, and you sure can't because it is
all anomalous, then you have to tell them, hey, after this
point, no more trash.
Mr. Bonner. We are running it all through radiation
detection, too, to let you know, but----
Senator Levin. I am not talking radiation.
Mr. Bonner. I know. We will talk about that some more.
Senator Levin. We need your help on that.
Senator Coleman. Thank you, Senator Levin. Senator Collins.
Chairman Collins. Thank you, Mr. Chairman.
Commissioner, I want to follow up on the issue that Senator
Levin just raised about containers that appear to be high-risk
and have been referred to host government officials for
inspection. In its report, GAO found that since the CSI program
started, 28 percent of the suspect containers referred to host
government officials for inspection were not, in fact,
inspected for a variety of reasons. But more recently, GAO
notes that the percentage of inspections has gone up to 93
percent, so we clearly are getting more cooperation from the
host governments which is very important.
One of the reasons that containers might not be inspected
cited by the GAO and noted in the New York Times story
yesterday, is they have already been loaded and are on their
way to our shores. That creates the worst-case scenario. So I
want to follow up on your exchange with Senator Levin.
Are you saying that when you have a high-risk container
that has been targeted for inspection but was not inspected by
the host government, it is now inspected upon arrival?
Mr. Bonner. Yes, I am saying that. I am making an
assumption that it was targeted because it had a risk targeting
score for the terrorism threat of 190 or above, and I will say
in each and every case--now, I mean, I can't sit here and say
that somebody didn't fail in their job in some way.
But if you looked at, for example, just taking last month,
April, there were--the total number of containers that scored
over 190 was about 32,000, and 99.9 percent of those containers
were inspected on arrival. So I do have a pretty high degree of
confidence that if has been loaded and we deemed it as a high-
risk, that we would get it on arrival.
Now, we are getting better, too, with the host nation in
terms of getting information quicker so that we are reducing
even that small percentage, which I think was not great, but
that small percentage of containers that had been loaded.
And I want to point out one other thing that is important,
I think, in just thinking about this issue, and that is if we
have specific intelligence about a container or there is just
enough risk factors that we deem it to be totally high-risk, I
have no-load authority, and we have used that sparingly, but
that is the authority to tell the carrier, don't load that
container or unload it at that seaport. Now, we use that very
sparingly because we don't want to, frankly, sour the
relationship with the host nations which are cooperating with
us in the Container Security Initiative unless we really have
to.
Chairman Collins. It does look like there has been
considerable progress in that area.
Is it feasible to inspect en route, to have the Coast Guard
or Customs officials go out? The reason that I ask is,
obviously, having the inspection occur in the host country is
the best solution. Having it occur once it gets to our shores
could in some cases be too late. The whole idea is to keep the
danger away from our shores. Is it feasible to do an inspection
en route?
Mr. Bonner. It is difficult, but we have done it with the
U.S. Coast Guard. The Coast Guard boards. It has taken Customs
and Border Protection inspectors on board with it because we
are concerned about a particular container before it actually
is allowed to come into port. Now, again, that has been
relatively rare we have done that, but we have done it when
there was tactical intelligence that indicated that there might
be a terrorist threat with respect to containers on board a
vessel that make those--not just above 190 here, but those that
we are really concerned about.
So it is possible to do it. It is difficult, though,
because if you have a container ship with 3,000 containers
stacked on top of each other, it is very difficult to get
access, to be able to open it. We can't run it through X-ray
scanning machines and so forth. So it is difficult.
We have done it. To me, that would not be the preferred
solution. You are right. It is better to identify this
container and have that security inspection done before it
leaves the foreign port, before it goes on board that vessel.
But we can do it. We have done it on a relatively few
occasions.
Chairman Collins. Of course, our greatest fear is that a
cargo container would be used to smuggle weapons of mass
destruction into the United States, and some experts have
predicted an attempted terrorist nuclear strike within the next
decade. That is obviously a horrible scenario, but one that we
need to try to defend against.
For that reason, CBP has been deploying, I understand,
radiation portal monitors at U.S. seaports. I understand,
however, that these portals are deployed at the exit gates of
our seaports, yet containers may sit at a port for as long as 5
to 7 days before they are screened for radiation.
We know that many of our major seaports are located in
heavily populated areas--New York, Los Angeles--that clearly
could be targets. I am concerned that we don't do the screening
immediately upon arrival as opposed to at the exit gates. Is
this an issue you have looked at?
Mr. Bonner. We have looked at it. I couldn't agree with you
more. There are some difficulties in how do you do this.
First of all, the thing I would like to do, and we are
joining very closely now with the Department of Energy and have
over the past year or so, is to make sure that their megaports
program, where they have radiation portal monitors and funding
to put these in foreign seaports, is conjoined with our CSI
ports. And as we expand CSI ports, we not only have the large-
scale X-ray machines, which, by the way, countries that want to
be in CSI, they either use their own equipment--they already
had it or they have purchased it. We do not purchase it for
them.
But we would like to also get the radiation portal monitors
overseas, at least every container that we deem to be high-risk
after analysis by our CSI team goes through not just large-
scale X-ray imaging, but a radiation portal monitor. Right now,
it goes through some X-ray screening, but it is not as good as
a portal monitor.
Now, we have also looked at this issue of how do you do
this as containers are being offloaded, and we have been
looking at--unsuccessfully, I will tell you, so far--attempting
to get some radiation detection on the crane, literally, the
gantry that loads and unloads containers, so that as you are
unloading the container, you would get a determination whether
it is reading radiation. As you know, most of these radiation
reads, we know from our portal monitors that we have in place,
are innocuous material, but you compare it with the manifest
and so on.
So far, that hasn't worked out so well, and we think that,
nonetheless, we have to do the best we can here in terms of
being able to screen cargo containers for radiation emissions
and then resolving whether that is something of concern or, as
it usually turns out to be the case, not of concern.
So far, the best positioning we have for ports of arrival
is as those containers are being essentially put on board
trucks and moving out of the seaport. I wish there was a better
solution. We sure as heck have looked at this. And I invite
anybody here who has a better answer, tell us, because we are
right in the process right now of rolling out the radiation
portal monitors to our seaports around the country, we have
many of the major terminals of the Port of New York, which is
mainly in New Jersey, as well as the Port of Oakland and
several other ports. So if there is a better solution, we are
looking hard at it, but that is the best one we have right now.
Chairman Collins. That is a challenge. I am very intrigued
by the idea of having the monitor built into the crane somehow.
That really sounds very interesting.
As I understand it, the Department of Energy has deployed
portals in only two foreign seaports at this point, is that
correct?
Mr. Bonner. That is my understanding, Port Piraeus--we have
CSI in Piraeus, as well--and Port of Rotterdam. We are also on
CSI there. But we are working with them so they will work with
us in concert here, and they are committed to doing this at the
Department of Energy so that we expand the radiation portal to
the other 34 CSI ports as well as the new CSI ports that we
will be expanding to.
Chairman Collins. Is this a matter of insufficient
resources to pay for these monitors to be deployed, or is it a
lack of cooperation from the host countries, or is there some
other reason? Two is not very many.
Mr. Bonner. No. You are going to have to ask the people at
the--this is the second line of defense--mega ports initiative
at the Department of Energy. I don't feel comfortable telling
you. But we have offered and they have accepted that every CSI
port we go to to implement CSI, that they will essentially be
joined at the hip with us moving forward now, and that is very
important.
And they do have funding. Ironically, I suppose, in some
ways, they have funding to put radiation portal monitors at
overseas ports. We don't have that funding. We don't have
enough funding to totally complete our implementation plan for
radiation portal monitors at our own seaports and land border
crossings and the like. But we are making good progress with
the funding that we have.
Chairman Collins. Thank you for that information and thank
you for your good work.
Mr. Bonner. Thank you.
Senator Coleman. Thank you, Senator Collins. Senator
Lautenberg.
Senator Lautenberg. Thanks, Mr. Chairman.
Mr. Bonner, you agreed to the fact that there were some 9
million-plus containers that come here each year. I don't know
whether you are aware of it, but the New Jersey-New York port
takes almost 30 percent of those containers each year. Two-
point-six million out of 9 million is almost 30 percent, right?
And so it is a very high volume that reaches our shore, and it
has been noted by several of the other Senators that these
ports are located typically in very highly populated, densely
populated places. Am I correct with my arithmetic?
Mr. Bonner. I know that the Port of New York-New Jersey is
the second largest in terms of the movement of cargo containers
after the port of L.A.-Long Beach. I would say that is in the
ballpark.
Senator Lautenberg. OK.
Mr. Bonner. It is 2 or 3 million containers a year that
come into the Port of New York.
Senator Lautenberg. I don't want a long discussion about
arithmetic. It is or it is not.
Mr. Bonner. I don't have the exact number, but that is
about right.
Senator Lautenberg. Thank you. But the volume is what I
think deserves some attention in terms of grants that are given
for port security. Mr. Chairman, we have 30 percent of the
containers coming into a very highly, densely populated area.
It is said that the distance between Newark Liberty Airport and
the Port of New York-New Jersey is the most dangerous two miles
for terrorist targeting in the country and there is something
there that we really have to work on.
Now, what I don't understand, could you explain just this
one chart that I looked at, CSI ports, it is headed, Hong Kong,
Yokohama, and Le Havre. It says, percentage of exams requested
that were actually conducted----
Senator Coleman. I think it is Exhibit 1.\1\ We have it set
up, Senator Lautenberg.
---------------------------------------------------------------------------
\1\ See Exhibit No. 1 which appears in the Appendix on page 108.
---------------------------------------------------------------------------
Senator Lautenberg. Thanks. So the requests are made by us,
I assume, Mr. Bonner, and it says Le Havre, and I picked on Le
Havre particularly because it was a place I landed during World
War II and know that it was a very active harbor. But I also
know that Le Havre and France have had serious problems with
immigration, both legal and illegal, from North Africa, where
there are lots of people who are not so friendly to us. So is
the 29.61 percent the number of times that we said, we want to
inspect these cargoes, and was it denied, or that they were
actually conducted from the total volume of cargo that was
leaving there? Is that what that is?
Mr. Bonner. Well, it could be a number of reasons for it,
but I am troubled by that, the fact that usually most of these
CSI ports, our requests are honored 90 percent or more of the
time, and at Le Havre, that is troubling that it is so low.
Senator Lautenberg. I agree.
Mr. Bonner. And it is one of the most--it does stand out.
It is something, by the way, we are continuously evaluating and
working with the French customs authorities, and all other CSI
ports, for that matter, to increase the percentage of requests
that are honored, because that is the whole point of CSI. If
they are not----
Senator Lautenberg. And it ranks comparative to Hong Kong
and Yokohama--these are both very active ports--Le Havre has
substantially more cargo than Yokohama and yet the inspections
are a very low percentage of the high-risk suspected cargo. So
it is a matter of concern.
One of the things that also stands high in my mind, and
that is when we look at countries like Afghanistan, Egypt,
Libya, Jordan, Saudi Arabia, why aren't we focusing our efforts
on cargo originating in countries that pose some real threat?
And again, we would have to expand our CSI initiative.
Mr. Bonner. Maybe I could put my map board on here, but
that is a good question and let me just say the reason that we
put CSI--there are a number of reasons, but CSI is at ports,
seaports through which most of, let us say, the cargo shipments
from Port Saiid, Egypt, move through, are offloaded by feeder
ships onto ports in Italy, for example, where we do have CSI.
Most of the--not 100 percent, but most of the shipments, let us
say, out of Pakistan move through by feeder ship to Singapore,
are offloaded--or other ports in Asia--are offloaded, so we are
able to inspect a lot of the cargo containers that are coming
from what I would call the most high-risk areas in terms of
presence of potential terrorists.
Senator Lautenberg. And it would be unreasonable, wouldn't
it, to say that every piece of cargo that leaves there has to
go through some other port. That would be an awful lot of
trouble in terms of cargo delay and sending economic
opportunity to other ports.
But the question was asked by Senator Collins about the
inspections by Coast Guard. We have a lot of lightering of
cargo in, let us say, the Port of New York-New Jersey. At that
point in time, would it be possible for either Customs or Coast
Guard to get to those places, especially if those ships come
from some of these ports, and take a look around? There is
equipment that is fairly mobile that would give you some
indication of what might be a threat in one of those
containers.
Mr. Bonner. We would do it, if there were specific
intelligence or just the risk factors were sufficient. We would
figure out a way to do it. It is hard to do even on a lighter,
by the way, because you want to run it through large-scale X-
ray scanning machines. You can run it through radiation
detection, to some extent, not the monitors, but you can have
radiation detection devices.
But if I could go back, you made an interesting point. The
part of CSI, thinking about what it has done, it is not just
all about how many containers get inspected. We actually have
the capability right now because we have built out the
Container Security Initiative that if there were time of stress
where we elevated the threat level, we have the possibility
right now with relatively minimal disruption to require every
container coming from high-risk areas to come through, to be
offloaded at a CSI port before it comes to the United States.
Most of them do already, but we have that ability.
And think of CSI that way, because it is designed to be
essentially the insurance policy to keep the flow of trade
moving, particularly if there is a terrorist attack or we move
to, based upon intelligence, to a much higher threat level than
we are at today. So that is exactly it. Everything from,
potentially from--and I won't name the country here, but may
have to go through one of these CSI ports if it is coming to
the United States.
Senator Lautenberg. Mr. Chairman, I think it would be of
interest to get an update on this program to see whether, in
fact, we have expanded the program and to say whether you are
short of personnel. Do you have enough people to do all these
jobs?
Mr. Bonner. Well, I heard--I can't remember, it might have
been you, Senator Lautenberg, but maybe it was Mr. Akaka, but
just the cost--I know the cost seems a lot to place people
overseas, and it does cost more. The rule of thumb to me was
two times as much, but I will have to look at those costs.
But we only have about 200 people overseas for CSI, and
those are our targeters and those are the people that are
getting additional information and intelligence, in some cases,
from our host nation counterparts, and those are people whose
job is to also essentially jawbone our host nation to make sure
that it is inspecting the containers that are high-risk unless
we have been assured, based upon information that the host
nation has been able to give to us.
Senator Lautenberg. I don't mean to cut you off, but time
is running here and I don't have much left. You provoked a
question in my mind when you said something about the equipment
in those countries that are doing the inspections and implied
that you weren't sure what kind of equipment it was. Do we have
a standard that we send to these countries to say, listen, this
is the least effective equipment that you can use that can get
certification that we will pass?
Mr. Bonner. I have seen in many cases the X-ray imaging
equipment that these countries have, and I will tell you, with
one exception, and I won't name the country, but with one
exception, the large-scale X-ray imaging equipment that the CSI
countries are actually using for these outbound inspections
equals or exceeds what we have and what we use in the United
States.
So I am not against, by the way, having a standard on this.
I know that is a recommendation of the GAO. But it is not just
about penetrating power. It is also about the mobility of the
equipment and that sort of thing. It is a combination of
factors.
But I am just saying, I have looked at their machines
that----
Senator Lautenberg. But I thought in your response to
Senator Levin that there was a suggestion that we didn't know
in each case what kind of equipment or whether the equipment
was sufficient to give us any security.
Mr. Bonner. We know exactly what the equipment is. We have
assessed----
Senator Lautenberg. Every country?
Mr. Bonner. But we haven't said that you have to meet these
precise standards or specification. We know that in every
country, it equals or exceeds what we have in terms of our own
NII equipment----
Senator Lautenberg. So if ours is poor, theirs is poor?
Mr. Bonner. Except for one, and we are working on that
country. But they are paying for the equipment. We are not
buying it for them. So there is a certain amount of chutzpah to
say, you have to do X, Y, and Z, particularly if the
equipment--and as I say, I personally examined--not that I am
the expert here, but our teams that go over for CSI examine and
make an assessment----
Senator Lautenberg. I wouldn't think it was too nervy to
say, what kind of stuff have you got?
If you would, Mr. Chairman, the country unnamed in public
here, if it could be named under an executive commitment from
the Chairman, I would like to know which of the countries----
Mr. Bonner. I will----
Senator Coleman. I share that concern and we would like to
get that information, Commissioner.
Senator Lautenberg. Thanks very much. Thank you, Mr.
Bonner.
Senator Coleman. Just to follow up on Senator Lautenberg's
question about standardized equipment, I understand that there
isn't a standard, but your testimony is that with the exception
of one country, the standards equal or exceed ours.
First, my concern is that this program, CSI, is only in the
end as good as its weakest link. If there is a weak link, we
could pay a price for that.
As I understand from reports that I have read, the
equipment that may meet or exceed ours are the gamma imagers,
but in terms of radiation portal monitors, are there any
standards that you are aware of?
Mr. Bonner. Well, on the radiation portal monitors, I
addressed that. What we have done and what we need to do is to
link the Department of Energy, their funding for radiation
portal monitors overseas. This is their megaports initiative
with CSI. We have met with the Department of Energy a number of
times. They are committed to doing this and we are doing it.
And so that would be the radiation portal monitors, then, as we
join them into the array of detection technology for at CSI
ports, particularly for potentially high-risk containers.
Those portal monitors are essentially the type of radiation
portal monitors that we are deploying. We have deployed almost
500 of them now to our land border ports of entry and we are
making great progress with our seaports. That is the best
available technology there is in terms of being highly
sensitive to be able to detect against even potentially nuclear
devices and/or materials that could be used to make nuclear
devices.
We are working, by the way, on some advanced technology
which we hope to have within about a year or so. It is
essentially highly sensitive radiation portal monitors that can
detect even fairly low energy emissions of both gamma and
neutrons.
Senator Coleman. I understand that there are supposed to be
minimum standards--supposed to be--and I think the information
we got from the agency, that a number of items a prospective
CSI port must commit to, ability of their customs to inspect
cargo exiting or transiting their country, access to and use of
the non-intrusive inspection equipment, willingness to share
trade data and intelligence.
I believe the GAO report, and I know that this
Subcommittee's investigation found several countries not
complying with some of these minimal standards, instances where
countries were unwilling or unable to share intelligence, did
not have the non-intrusive equipment or were using substandard
equipment, and some lacked the authority to search U.S.-bound
cargo that was transiting their ports. Would you disagree with
that assessment?
Mr. Bonner. As broadly as you put it, there are issues that
we are working with with various countries. Not all of them,
some of them have been extremely responsive and receptive, but
there are some situations where they have agreed to acquire NII
equipment but they haven't--we have seen the purchase order,
their government is buying it, but they don't have it there.
But there is NII equipment. In some cases, we loan them NII
equipment for some developing countries.
So you can't be in CSI. It is not operational unless you
have the large-scale X-ray imaging equipment. So all of them
have it.
Now, I mentioned the one country that we are--their
equipment that they had purchased isn't where we want it to be
and we are working with that country to upgrade its NII
equipment.
Senator Coleman. CBP enters into declarations of principle
with the host country? Shouldn't you incorporate minimal
standards into these declaration of principles. And if they are
not going to share or can't share intelligence or they don't
have the equipment, simply say that they are not a CSI
operation. Otherwise, how do we have any assurance that we are
getting adequate inspections if you don't have these kind of
uniform standards that are critical?
Mr. Bonner. We definitely need the uniform standards. I
totally agree with that principle. But the way we do it, I
believe, is we work with the host nation, but if we can't
resolve an issue, we withdraw CSI. And CSI is very important
economically to the countries that have implemented CSI because
they are protecting their trade lanes, literally, between their
foreign seaports, whether that is Rotterdam or Singapore, and
the United States, and they understand that.
So I believe we can get--some of these CSI ports we just
got online in the last 2 months, in Dubai and Shanghai. Some of
them, we have had for a while. But we work very actively with
the host nation, and ultimately, we may clear what it is that
they need to do to be a CSI partner with us. And I believe we
can get there. But again, it is a matter of dialogue. It is a
matter of working with many different foreign governments and
foreign customs administrations.
So I believe we are making good progress here. We do
regularly evaluate where we are with respect to each one of
these CSI ports through our management team here at Customs and
Border Protection headquarters.
I am not disagreeing with some of the conclusions there.
They are probably right. Some of them, we have been able to
correct. Some of them, we are moving forward on. Some of them,
as Senator Lautenberg pointed out with respect to Le Havre,
even though France was the third country to sign a CSI
agreement, a declaration of principles with us, some of them
are not sufficiently honoring our request to inspect, do a
security inspection of high-risk containers before they leave
foreign seaports. We work that number up, but if it doesn't
ultimately get to where it needs to be, then, of course, they
are not meeting the CSI commitment and we will have no choice
but to--and we are reluctant to do this, but we will
essentially withdraw and we will not have that port as a CSI
port unless they are meeting their commitments.
Senator Coleman. And you have made it clear in your
testimony that there is a significant economic advantage for
these countries to have a CSI port. I suggest, Commissioner, we
can do better than making it clear. We can make it mandatory.
We can say, this is what we are going to require, or you are
not going to get the economic benefit.
Mr. Bonner. Yes. We could go back on that. We wanted the
declaration of principles to be the principles of CSI and not
get into all of the specific details, let us say standards and
that sort of thing. There was a reason for that. There were two
reasons for it. One is Circular 175 authority, and that is once
you say it is a formal agreement, we have to go through the
State Department.
It takes a lot longer to even get an agreement in place.
Second, when you start negotiating all of the specific terms
with countries--we tell them exactly what is expected, by the
way. When you start negotiating it and trying to put that in a
written, let us say, agreement, it takes--it would have taken a
lot, lot longer. Now, it might well be that at this point, we
can circle back and say we need to definitize those commitments
better, whether that is through an agreement, whether that is
through some side protocol for the declaration of principles.
And it also has to be the same for every country that is
participating in CSI.
Senator Coleman. And the concern is if it isn't the same,
you are really getting varying degrees of reliability on these
inspections.
Mr. Bonner. Well, if you don't have the right--let us say
the one country which its equipment may not be all we would
like it to be, if we are not satisfied with the X-ray scan or
image of the container, and based upon all of our information
we think it is a high-risk container, we are not able to rule
it out, we will ask for physical inspection, and we do and we
get physical inspections.
So there is--again, that is more time consuming, more
laborious, and the host nation is doing it. But we get physical
inspections when there is an anomaly or when--which is in a
relatively small percentage of the containers that are run
through X-rays--or if you don't have an adequate X-ray machine,
then we--the recourse is to do an actual physical inspection to
make sure that the container does not contain a terrorist
weapon.
Senator Coleman. If we could get Exhibit 1,\1\ the exhibit
with Yokohama and Le Havre and the other ports. Just two
questions regarding that.
---------------------------------------------------------------------------
\1\ See Exhibit No. 1 which appears in the Appendix on page 108.
---------------------------------------------------------------------------
The green, the higher risk, the number for Hong Kong being
15,000, a little over 15,000, Le Havre, 4,259. Is your
testimony that those that are high-risk that every one of those
15,129 containers are checked in this country, if not inspected
abroad.
Mr. Bonner. At least on arrival, if they haven't been
security inspected at a CSI port. And, the high-risk, the thing
about talking about CSI, we didn't start off with CSI. We
actually started off with saying, let us have an automated
system that uses strategic intelligence for purposes of what
containers we should inspect at our ports of entry, and let us
do it on a national basis and let us just say that if something
scores above a certain level, that is going to give us at least
a broad enough concern that we want it inspected on arrival.
That is what we did first. Then we expanded our border out with
CSI.
But, yes, that is a very high number because Hong Kong is a
port, the largest port in the world. It is responsible for
shipping 10 percent of all of those 9 million containers to the
United States come from or through the Port of Hong Kong. So it
has a huge number of containers and it has a huge volume.
The CSI team there made 1,086 requests of Hong Kong Customs
and Excise that they do a security inspection. I am not totally
happy with that number, but 832 times out of roughly a
thousand, they did, so 80 percent. We would like to get that
higher. Our CSI management team, some of whom are behind me
right now, work to push that number up so that our request,
when we say we are sufficiently concerned about this container
that we want it inspected, is closer to 100 percent. I mean,
that is what we are looking for. There will always be some
reasons why we probably won't reach 100 percent, but----
Senator Coleman. Let me ask another question about the
high-risk containers that are supposed to be checked here. Our
investigators looking into that, we were not able to either
find a paper trail or anything to actually confirm that they
were inspected here. And so I would ask if you would supply
that to this Subcommittee. How are you sure that, in fact,
those that are identified as high-risk are, in fact, inspected
when they arrive here?
Mr. Bonner. Well, I am assured because--as assured as one
can be, as the Commissioner, because we have mandated that at
our ports of arrival, that every container that scores above
190 will be inspected, and we started that essentially in about
the summer of 2002. So if we can't get it over there--and this
is before we had a single CSI port. The first CSI port came
online in September 2002, and that was Rotterdam.
So we started that program, and we never said with CSI,
look, we are using host nations' equipment, we are using the
host nations' resources, we are kibitzing whether we think that
their X-ray scan shows an anomaly or not. We have never said
that we are going to get total equilibrium. By the way, I would
like to see that, where we are actually getting everything
above 190 that would be given a security inspection overseas at
a CSI port.
But what we have said is after getting the 190, we have our
targeters there. We do further analysis. We do get information,
by the way, in many instances. I am not saying it is perfect in
every country, but we do get information that provides us
additional input as to whether a container is a potential risk
or it is not a potential risk. Sometimes this is just the--it
is the customs authority getting on the phone and saying, well,
we have a freight forwarder here. Who is the real shipper? Who
is the real party and interest, that sort of thing, just
getting additional information to make a more--a better
assessment of what is the highest risk, basically, and then
making that request to the host nation that would do it.
Now, if we need to at time of stress, this system is in
place. It is not like we have to build it. We don't have to
build the cockpit doors here. These are the cockpit doors for
maritime security. It is there. If we have a time of stress, we
can increase the level of our request and require and demand,
for the reasons you are saying.
And what is our ultimate lever here? You don't do it, the
Commissioner is exercising no-load authority. It is telling the
carrier they cannot put that container on board the vessel.
So we have a way of ratcheting this up, particularly at a
time of stress. So view it as a security system or a piece of
an overall security system----
Senator Coleman. And time of stress, what do you mean by
time of stress?
Mr. Bonner. By time of stress, I mean there is a terrorist
attack that might have been using the maritime cargo system in
some way. There is significant intelligence that indicates that
there is a significantly high risk of terrorist exploitation of
a, let us say, the Trojan Horse, an oceangoing cargo container
to carry a weapons of mass destruction. That is a time of
higher stress, and we now can ratchet the system up or we can
just say, you don't do it. The containers are staying at the
CSI port. They are not getting loaded.
So that is what I mean. It is a system that is--it does
what it does right now, and it does add security right now
because it has the capability of detecting and, therefore,
preventing and deterring, I believe, global terrorists, al
Qaeda, from exploiting this system. It has some deterrent
effect. But it is also a system that can be elevated when we
need to do so.
Senator Coleman. I would still maintain that we have a
system with some holes in it.
Mr. Bonner. I wouldn't want to--I don't rely totally on
CSI. That is why we have a layered and a number of initiatives
that are--that in combination give us greater assurance. But if
the--nobody can say that you can develop a foolproof system, or
at least a foolproof system that would not, in essence, choke
off and stave off the flow of legitimate trade and do enormous
harm to our economy.
So whatever system we have to put into place, there is some
balancing we have to do and should do to protect, as I have
said, the American livelihoods as well as American lives. You
have to balance that out as you do it. But part of that is
extended border strategy, and CSI and C-TPAT are very much two
of our important initiatives in terms of extending our zone of
security beyond our little ports of entry and our border.
Senator Coleman. Senator Carper.
Senator Carper. Thank you, Mr. Chairman, and Mr. Bonner,
welcome. Looking around at these empty seats, you wonder where
everybody is. We all have other hearings that we are trying to
get to, as well. I have two others and I apologize for not
being here to hear all of your testimony.
Let me start by just asking, what are some of the possible
consequences of our not doing a good enough job to reduce the
security threats that our Nation faces that flow through our
ports? What are the possible consequences of our not doing a
good job?
Mr. Bonner. They are great. A number of people, like Steve
Flynn, who is going to testify for this Subcommittee this
morning, who I talked to shortly after September 11, have
outlined the--if there is a terrorist incident or a terrorist
attack that utilizes, let us say, an oceangoing cargo container
and we have no security system in place, the consequence was
clear, and that is the whole system shuts down. It freezes,
which would very likely send the U.S. economy in a tailspin and
bring the rest of the world economy down with it.
So those are huge consequences, no doubt about it. The
question is, how do you build, and that is the question I faced
shortly--starting on the morning of September 11 and September
12, is how we would do this--how could we best do this. We are
not complete yet, but how could we best do this in terms of
building out a strategy that involves a number of initiatives,
not just the two we are talking about today, to make it far
more difficult, far less likely that this system can be
exploited.
I don't think there is a perfect system that I am aware of.
If somebody can devise the perfect system for providing the
absolute security in terms of the movement of goods and cargo
and at the same time do that without essentially choking off
the flow of trade and the economic consequences of that, I am
here to learn and listen, as I have been all along. But we have
taken steps that are really some revolutionary initiatives.
Senator Carper. Let me just follow things here.
Mr. Bonner. Yes.
Senator Carper. What are some of the things that you think
we are really doing well?
Mr. Bonner. Well, I think the things that we are--first of
all, I would say I take it in layers. The very first thing we
did was to say--and I said in talking to our people at U.S.
Customs, we need to have some ability to sort out what may be a
terrorist threat and what may not be a terrorist threat and we
need to use advance information that we get electronically and
automated targeting--we have to build our Automated Targeting
Systems to do this.
We have to establish a National Targeting Center so that we
can--somebody said, well, you are only inspecting 5.5 percent.
The question is, we are inspecting those not on a random basis,
but on a basis using strategic intelligence as to what poses a
higher risk. We know that some shipments pose no risk
whatsoever. So how do you do that, though? How do you make that
sort?
And the very first thing we did, and I think we--by the
way, it hadn't been done by any country before, but it was to
build--essentially mandate that we had to get advance
electronic information about every single cargo shipment to the
United States. Then we had to evaluate that against our
historic Customs database in terms of things that would be
unusual or anomalous about shipments, build in strategic
intelligence about where the threat is, what countries are more
likely to be a threat than others, and risk manage the
terrorism issue.
So I think that is not done, either. I mean, that is an
evolving thing. We literally meet daily to assess intelligence
that might and many times does change our targeting rules or
tweak up our targeting rules that we use to decide which
containers to inspect or not.
The next thing, though, we did was to say, look, we don't
have enough people or detection technology at our ports of
entry. That is why our ports of entry froze on September 12 and
September 13, because if you increase inspections and you don't
have enough people to keep all lanes open 24/7, you increase
inspections, you don't have any detection technology so you are
able to do it faster and speedier, your border is not going to
be fluid. You are going to end up damaging the economy.
And so we have added enormous detection equipment, both, by
the way, large-scale X-ray imaging machines at the Northern
border with Canada, at our major entry points, at our seaports,
that didn't exist--weren't there before September 11. We have
added radiation portal monitors. Ninety percent, right now, of
the commercial trucks that come from Canada into the United
States go through a highly sensitive radiation portal monitor.
Eighty percent of all of the passenger vehicles, the SUVs, the
cars, go through radiation portal monitors. We will have 100
percent of the Mexican border done this year with radiation
portal monitors. We have about 50 percent now. We are rolling
out to the seaports.
Look, I think that is an important step. It is giving us a
better way to detect against potential terrorist weapons, but
to do it without laborious manual inspections of everything
that would shut down our ports of entry, in my judgment. Now
what we are talking about at this hearing is what have we done
to extend our border outward and the two very key initiatives
CSI and C-TPAT, that we put into place to do that.
Senator Carper. That may fall into my last question, and
that is what are some of the quick layers we need to do better
where we could be helpful?
Mr. Bonner. I think one area that we do need to be better,
to do better, and we have been talking about it at this
hearing, and this Subcommittee and GAO and the staff here have
been helpful, but the C-TPAT program is a trust-but-verify
program. We are doing better with our validations, or verifying
that the supply chain security commitments have been met. But
we understand and we agree that we need to do more and we need
to do more more quickly, because we do give a certain level of
benefit, even though we have reduced it somewhat, to companies
that we think are reliable and trustworthy who are certified,
that is to say, they have told us that they are doing what they
say they are doing in terms of supply chain security.
But that is an area, look, it needs improvement. We do need
to--and by the way, we work on this literally every day. We do
need to elevate, make sure that we are getting an even higher
percentage of our request at CSI ports that are honored, that
is to say that the security inspection is done by the host
nation. We are above 90 percent now, I believe, or an average
of 90 percent--don't hold me to the exact figure. But we have
steadily moved that up. There are a few ports that are laggards
and we need to--we are working to get that up, and our goal is
to get pretty close to 100 percent, if not 100 percent, of all
the requests of outbound containers unless there is some really
good reason why it can't be done.
Senator Carper. Is there anything in particular that
Senator Coleman needs to be doing to help get this job done?
[Laughter.]
Mr. Bonner. Look, I think this Subcommittee and the
Chairman have been very supportive, but that doesn't mean
that--I do not believe in oversight. I think it is a healthy
thing that questions get asked. I want to make sure that if it
is put in the right context, that people understand what we
did, why we did it when we did it, and how fast we needed to do
it, but on the other hand, these initiatives, I think, are good
initiatives, but they can be improved. We want to work with the
Subcommittee and GAO to make sure that we implement what are, I
think, certainly in the main very sound recommendations that
are going to help us make these programs better.
Senator Carper. Mr. Bonner, thanks very much, and Mr.
Chairman, back to you.
Senator Coleman. Thank, Senator Carper.
Commissioner, I want to thank you for your appearance
today. I do want to add my voice, by the way, to the concerns
raised by Senator Levin regarding trash coming in from Michigan
and the inability to sort out what is in there, whether there
are things in there that could be very dangerous for all of us.
So I would seek your personal assurance that you will work with
this Subcommittee, work directly also with Senator Levin to see
if we--not if we can, we have to improve that situation or fix
it.
Mr. Bonner. I agree. I share the concern, so I will work
with you and Senator Levin on that issue.
Senator Coleman. Thank you very much, Commissioner.
Mr. Bonner. Thank you. Thank you, Mr. Chairman.
Senator Coleman. Now, I would like to welcome our final
witnesses for today's hearing, Richard M. Stana, Director of
Homeland Security and Justice Team at the Government
Accountability Office; Retired Coast Guard Commander Stephen E.
Flynn, currently a Jeane J. Kirkpatrick Senior Fellow for
National Security Studies at the Council on Foreign Relations
in New York City; and Stewart Verdery, a principal with Mehlman
Vogel Castagnetti, Incorporated, here in Washington, DC, and
the former Assistant Secretary of Border and Transportation
Security Policy for the Department of Homeland Security.
Gentlemen, I appreciate your attendance at today's hearing
and look forward to your testimony and perspective on CBP
programs discussed here today as well as your recommendations
for securing maritime trade and the global supply chain.
As you are aware, pursuant to Rule 6, all witnesses who
testify before this Subcommittee are required to be sworn in. I
would ask you to please stand and raise your right hand.
Do you swear the testimony you are about to give before
this Subcommittee is the truth, the whole truth, and nothing
but the truth, so help you, God?
Mr. Stana. I do.
Commander Flynn. I do.
Mr. Verdery. I do.
Senator Coleman. Please limit your opening statements to 10
minutes. Your entire statement will be entered into the record
in its entirety. If you can follow the amber lights, you will
know time is about up.
Mr. Stana, we will start with you. We will then go to
Commander Flynn and then we will go to Mr. Verdery. Mr. Stana.
TESTIMONY OF RICHARD M. STANA,\1\ DIRECTOR, HOMELAND SECURITY
AND JUSTICE ISSUES, U.S. GOVERNMENT ACCOUNTABILITY OFFICE
Mr. Stana. Thank you, Mr. Chairman. I appreciate the
opportunity to appear before you today to discuss the results
of our reports on the C-TPAT and CSI programs.\2\ As you know,
these programs are key elements of CBP's multi-layered strategy
to address security concerns posed by the 9 million cargo
containers that enter U.S. ports each year. Getting these
programs right is important if we are to prevent terrorist
weapons of mass destruction from entering the country. In my
oral statement, I would like to highlight some key points we
make in those reports, starting with the C-TPAT program.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Stana appears in the Appendix on
page 66.
\2\ See Exhibits No. 8 and 9, which appear in the Appendix on pages
115 and 154 respectively.
---------------------------------------------------------------------------
C-TPAT membership is open to all components of the supply
chain, including shippers and importers. In return for
committing to making improvements to the security of their
shipments, C-TPAT members receive a range of benefits which
significantly reduce the level of scrutiny provided to their
U.S.-bound shipments. These benefits can reduce or eliminate
inspections at the ports and reduce wait times for members'
shipments. While this arrangement seeks a reasonable balance
between enforcement and trade facilitation, CBP's process for
verifying the members' security arrangements has several
problems that could increase security risks and throw the
intended balance a bit off center.
The first problem is that CBP awards the benefits which
reduce or possibly eliminate the chances of detailed inspection
at the ports without verifying that members have accurately
reported their security measures and that they are effective.
When companies apply for the program, CBP reviews their self-
reported information about their security processes and checks
their compliance and violation history in various databases. If
it certifies a company after this indirect review, which it has
in most cases, the benefits begin in a few weeks.
Since the program's inception in 2002, CBP has directly
reviewed and validated members' security procedures for only
about 11 percent of the companies it has verified. More
importantly, this figure goes down to 7 percent of the
certified importers, and this group of members receives the
greatest number of benefits. Moreover, it is unclear whether
the other 89 percent could have serious vulnerabilities in
their supply chain security and still be awarded program
benefits.
The second problem is that the validation process itself is
flawed. For the 11 percent of companies that have been
validated, CBP did not take a uniformly rigorous approach to
reviewing the security procedures. Validations are supposed to
verify that security measures are in place and are effective.
However, CBP typically examines only a few facets of member
security profiles and CBP and the company jointly agree on
which security elements are reviewed and which locations are
visited. In some cases, the majority of a company's overseas
supply chain was not examined.
Further, CBP had no written guidelines to indicate what
scope of validation is adequate nor a baseline standard for
what minimally constitutes a validation. C-TPAT program
officials say that validation is not intended to be an audit of
voluntary members, but the review that is done does not always
add up to a reliable assessment of supply chain security.
A third problem is that CBP has not determined which and
how many members need to be validated and how many staff it
needs to devote to this important activity to mitigate security
risks. Although it initially intended to validate every C-TPAT
member, CBP devoted an inadequate number of staff to do that.
In August 2004, it began using what it calls a risk management
approach to prioritizing which members should be validated
first, as resources allow. CBP has established some selection
criteria, such as import volume, value of imports, and method
of transportation. While this is a step in the right direction,
CBP still needs to determine the validations that are needed to
help assure that members deserve the benefits that they are
awarded.
CBP is addressing the management weaknesses we noted in our
July 2003 report, but it still has a ways to go in some areas.
It hasn't yet completed a human capital plan and it hasn't
developed its performance measures fully and importantly. Our
review disclosed that its basic records management system was
in such poor shape that we could not rely on it to gauge
program operations or reconstruct management decisionmaking.
Turning now to the CSI program, we found some positive
factors that have affected CBP's ability to target and inspect
high-risk cargo shipments at foreign ports before they leave
for the United States. Among these are improved information
sharing between CBP and foreign customs staffs and a heightened
level of bilateral cooperation and international awareness of
the need to secure the whole global shipping system.
However, our work also disclosed several significant
problems in the CSI program. One problem is that about a third
of the cargo containers leaving CSI ports are not fully
screened before they depart. This is because diplomatic and
practical considerations made it very difficult to fully staff
certain ports to the level prescribed in its staffing model.
This has limited CBP's ability to screen all shipments leaving
some CSI ports.
Also, CSI hadn't yet determined which duties require an
overseas presence, like coordinating with host government
officials, and which duties could be performed in the United
States, like reviewing manifests and databases. Given the
diplomatic and logistical consideration and the high cost of
stationing staff overseas, CBP needs to consider shifting work
to domestic locations where feasible.
Another problem is that not all cargo containers that are
screened and referred to host nation customs officials for
inspection are actually inspected before they leave the ports.
Reasons for not inspecting these containers include the
availability of host nation information that suggests that a
container might not pose a security risk, the host nation's
customs officials could not get to the container before it left
the port, and in 1 percent of the cases, a host nation
inspection denial, most often because the risk identified
relates to a customs violation rather than a security concern.
Our audit check of a 3-month period found that CBP can and
does inspect most of these potentially risky containers when
they arrive at U.S. ports. However, we were unable to verify
that 7 percent of these containers that were referred for
state-side inspection were actually inspected upon arrival. I
think this might have been a point of confusion in Chairman
Collins's note that 93 percent were inspected. That number was
not the percentage inspected at CSI ports. That was the ones
that were not inspected at CSI ports and referred to U.S. ports
for inspection and documents show an inspection was done. As
the Commissioner mentioned, CBP also has issued ``do not load''
orders in a few cases where it felt strongly about the need to
inspect a container before it arrives at a U.S. port.
A third problem involves the lack of minimum technical
requirements for inspection equipment. Both CSI ports and U.S.
ports rely heavily on non-intrusive inspection equipment, such
as various types of X-ray and gamma ray imaging machines, to
conduct inspections of cargo containers. Equipment used at
various CSI ports can differ in their penetration capabilities,
scan speed, and several other factors. Without minimum
technical requirements, CBP has limited assurance that the
equipment in use can successfully detect all weapons of mass
destruction. It is important that CBP establish such
requirements because non-intrusive inspections at a CSI port
may be the only inspection some containers receive before they
enter the interior of the country.
Finally, CBP has made several improvements to the
management of the program, but some problems still exist. To
its credit, it has made some progress developing a strategic
plan and performance measures, but further refinements are
needed, particularly with developing meaningful measures of
bilateral progress, terrorism deterrence, facilitating economic
growth, and not disrupting the flow of trade.
In closing, we made a number of recommendations aimed at
addressing procedural, staffing, technical, and management
problems we identified in the C-TPAT and CSI programs and we
are encouraged by the constructive tone of CBP's response. It
is very important to resolve these problems as soon as
possible, because in CBP's multi-layered strategy for
mitigating the risk of a weapons of mass destruction being
transported in cargo containers, any weakness in one program or
layer could affect the other layers.
Mr. Chairman, this concludes my oral statement. I would be
happy to answer any questions you or other Members of the
Subcommittee may have.
Senator Coleman. Thank you very much, Mr. Stana, and thank
you for the good work being done by the staff and the folks at
GAO on these reports. It has been very helpful and really
outstanding, so I just want to say thanks.
Commander Flynn.
TESTIMONY OF STEPHEN E. FLYNN,\1\ COMMANDER, U.S. COAST GUARD
(RET.), JEANE J. KIRKPATRICK SENIOR FELLOW IN NATIONAL SECURITY
STUDIES, COUNCIL ON FOREIGN RELATIONS, NEW YORK, NEW YORK
Commander Flynn. Good morning, Mr. Chairman. It is an honor
to be here this morning to talk about this absolutely vital
issue. I really want to commend you and the Subcommittee and
the Committee for taking the container security issue on.
---------------------------------------------------------------------------
\1\ The prepared statement of Commander Flynn appears in the
Appendix on page 94.
---------------------------------------------------------------------------
I have been somebody who has been working the container
security issue for well over a decade. I want to start by
saying this has been a longstanding vulnerability which went
largely unrecognized prior to September 11. Even in the
immediate aftermath of September 11, there was not a whole lot
of activity happening across the U.S. Government, and I commend
Commissioner Bonner for grabbing this issue when the Department
of Transportation was otherwise focused on aviation and when
the Coast Guard focused on ships and terminals but wouldn't go
after the cargo issue. That leadership should be applauded.
But, of course, where we are at right now is how to deal
with an issue of enormous stakes, as we have been talking
about, and how we can move this thing forward. What I would
like to do in the few minutes I have here to provide oral
testimony, is talk about the stakes, my view of the threat, and
how I believe that C-TPAT is missing that threat in how it is
currently operating and some suggestions, recommendations on
how we could move forward.
I think the best way to illustrate the stakes is to
bifurcate them in two parts. One is that the container system,
the intermodal transportation system, could be a conduit for a
weapons of mass destruction. That is the one that consumes the
bulk of our attention. The second issue is that the system
itself is targeted, our trust in it erodes, and we stop using
it for a while, and that could potentially lead to a global
recession.
Now, those stakes are, I would argue, national security
imperatives of the first order. We have to deal with those two
problem sets. But the best way to illustrate the second one is
to visit a place like Hong Kong, the world's busiest container
port in the world and the busiest terminal there is one called
HIT Terminal. I was there a little over a year ago with the
brilliant Malaysian who designed the operation of that terminal
in 1992 to handle 3.1 million containers per year.
Today, HIT Terminal is moving 5.5 million on the same
footprint, on the same square acreage. That entails 10 Panamax
or post-Panamax container ships being loaded simultaneously
with 3 to 4 gantry cranes per ship, 35 moves per crane per
hour, 24 hours a day, 7 days a week, 365 days a year. He
quipped that ``we no longer take off Chinese New Year.'' There
is a 1-hour slippage time between ships.
Now, when something goes wrong, such as the computers go
down for 30 minutes, they will snarl truck traffic throughout
the Port of Hong Kong. If it goes down for 2 hours, the trucks
back up to the Chinese border. A little over a year and a half
ago, they told me they had a typhoon come through where they
had to shut the port down for 96 hours and they had a 140-mile
backup of trucks. Between 16,000 and 18,000 trucks were queued
up into the Chinese mainland.
This is a system of incredible fragility, that if we have a
disruptive event, the cascading effects are immediate and have
significant economic repercussions.
Now, it is also, therefore, a system that is very difficult
to police. C-TPAT and CSI, of course, are designed to help
advance that. The concepts of obviously targeting before it is
loaded and getting the private sector to be a partner in this
process makes sense. The critical issue that I have separated
myself from where CBP is going with this is the notion that CBP
can identify the right 5 percent and put this through the
scrutiny of, to put it in the words of Commissioner Bonner, the
100 percent of the right 5 percent and presume the other 95
percent is low-risk and does not require inspection, whether
overseas or even here at home.
The central problem with this premise is that its view is
that CBP has the ability to identify this high-risk universe,
which would clearly require that CBP has a level of
intelligence CBP does not have for this adversary.
But second, it is that Customs believes that that universe
where the terrorists are most likely to exploit would be the
places that make up the shadow world CBP has learned about by
failure for customs compliance in the past with trade laws and
so forth, new players we don't know much about, so they have no
track record, or they have had a history of smuggling before.
The assumption is that a terrorist intending to bring in a
weapon of mass destruction into the United States would
gravitate towards the place where CBP already sees aberrant
activity. That is what CBP targets. CBP inspects that, but
assumes that terrorists wouldn't gravitate to legitimate
companies.
Where I would argue that this is wrong-minded is that in
the case of a smuggler, it is an ongoing conspiracy. He has to
be in the shadow world. He does not smuggle drugs in once, or
he does not violate a revenue law once. He does it as an
ongoing conspiracy. And if he goes to a legitimate company,
they have controls and over time, and he is going to get
caught. So that doesn't make any sense.
That is a different problem from the lower-probability,
high-consequence risk of a weapon of mass destruction being put
in the United States with the goal of setting it off. In that
situation, he is happy to succeed once, and it may have taken
him 2 or 3 years to acquire the weapons. And so if he is
somebody who is interested in carrying out the strike and CBP
has already advertised up front that this legitimate company's
95 percent universe is viewed as low-risk and not subject to
even the most cursory inspections, that is where he will focus
his attention and he is going to take the time to do it.
It turns out we are expecting too much from private sector
companies to secure themselves with a fail-safe approach.
Security in any private sector, if you talk to any chief
security officers as I do, is much like other audit systems.
You look for behavior over time. A good security system is one
that has trip wires in the company to see whether or not the
rules are being violated, has an investigatory arm to go out
and check on the behavior, has a sanctions system for people
caught violating the behavior that sets a deterrent across the
company that employees should play by rules or you are going to
have a consequence. You are going to go to jail or you are
going to lose your job. It is a reactive system, in other
words. No system is designed to protect the system for the
first offense.
Basically, bringing a weapon of mass destruction into the
United States in the 95 percent universe CBP is defining as
low-risk is as simple as a large payment to a truck driver to
take an extra-long lunch break so as to gain access to that
load, and you are on your way.
So my concern is, not that we are getting companies to be a
partner in this process, but that automatically creates this 95
percent low universe that doesn't warrant CBP checking. Even
today, CBP focuses their attention on the high-risk universe of
what CBP has found these problems. But I am very concerned
about this 95 percent low-risk, and let me push it a step
further.
It is not only that I believe that it is the richest
opportunity for somebody to get in once, into the United States
to cause this event. I also believe that--and this takes a
little more sophistication on their part--if the goal is mass
economic disruption, the kinds of things Osama bin Laden has
been talking about, they will want to strike that low-risk
universe because it will then invalidate the regime, the
entire--all containers will look at high-risk.
So this leads us to rethink how we do inspections. Building
on C-TPAT, building on CSI, which are minimal approaches, one
is we have a greater assurance that companies are living up to
the security obligations. We talked about the issue of
jurisdiction today being a problem, it is clearly an issue. The
lack of capacity and resources is an issue. We have ways to
solve this. It is called third-party independent auditors,
folks who are bonded to do this job, and you audit the
auditors. It is the kind of format the Coast Guard uses
routinely through outfits called the Professional
Classification Society like the Bureau of Shipping. Resident
technical experts go out and check, and the Coast Guard check,
the checkers.
Customs has been reluctant to go to this approach, and
frankly, I don't understand why. It is a way you can get in
overseas jurisdictions and you can have a validation process
relatively quickly deployed.
The second piece, though, is that we have to move to a
system where we validate low-risk as low-risk. This is not a
physical inspection of everything moving through. And I want to
highlight specifically an initiative that I have been involved
with in the Port of Hong Kong. The Port of Hong Kong today has
an initiative where every truck coming into that busy terminal,
I just described, is going through a radiation portal, a gamma
imaging, an optical character recognition capturing the
container number and putting it into a database. Right now,
there are about 180,000 images sitting in this database since
January 1. Nobody in the U.S. Government has asked them to do
this. It is being funded by the Container Terminal Operators
Association, and a U.S. company has been involved with it,
SAIC, has put the equipment together. But nobody in the U.S.
Government has told them that this is desirable behavior.
Now, their interest in capturing this data up front is
really threefold. One is the ability to deter for every box,
that low-risk universe as well as what we would target as a
high-risk universe, that it is going to get scanned and we are
going to raise the risk of detection. If you spent 3 years
getting a weapon of mass destruction, do you want to put it
into a system where everything is getting scanned and hope it
is not detected?
The second piece that makes this an attractive approach is
if, God forbid, something happens, they have the black box.
They have the forensic tool that you can go back and say, it
came from the Port of Hong Kong but it was specifically this
supply chain. We may have missed it, but here is the tape. So
we indemnify the port and we isolate the problem to a supply
chain. That keeps the whole megaport from coming down. The kind
of dump the concourse problem we see in airports. They can
avoid that.
And the last piece that has value for them is the current
process of targeting, this typically requires a pulling of the
box from the stack, dragging it over to the one inspection
facility, putting it through the same screen that can be done
up front, costing the importer the money to do it there,
disrupting the terminal operation, and likely missing the
voyage. And what they see as attractive about this is you can
do that virtually and 99 percent of the time resolve the kind
of questions that a CSI targeter would have by just looking at
the image in real time, and you can look at them here in
Virginia or you can look at them in Hong Kong or wherever you
want to go.
That system, we could migrate globally quickly, and it is
not the end of all ends, but it is a layered approach in which
we move away from saying there is a very finite universe of
high-risk things and instead which we apply more broadly
across.
And so I would in conclusion here make the recommendation
we need to be thinking about a validation process that low-risk
players are low-risk. A birth certificate, the starting
process, third-party independent players, a tracking as it
moves through, a vetting at loading port. This is in the realm
of technically possible, commercially possible. We just need to
move forward aggressively.
Thank you very much, Mr. Chairman.
Senator Coleman. Thank you. Mr. Verdery.
TESTIMONY OF C. STEWART VERDERY, JR.,\1\ PRINCIPAL, MEHLMAN
VOGEL CASTAGNETTI, INC., ADJUNCT FELLOW, CENTER FOR STRATEGIC
AND INTERNATIONAL STUDIES, AND FORMER ASSISTANT SECRETARY OF
BORDER AND TRANSPORTATION SECURITY POLICY, U.S. DEPARTMENT OF
HOMELAND SECURITY
Mr. Verdery. Thank you, Senator Coleman, for the chance to
be here today. As was mentioned, I am a principal at the
consulting firm of Mehlman Vogel Castagnetti. I am also an
Adjunct Fellow with the Center for Strategic and International
Studies, but the views are my own that I will explain today,
and I would just go over a couple of the key points because I
know we have been here for a while.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Verdery appears in the Appendix
on page 102.
---------------------------------------------------------------------------
As you know, I was Assistant Secretary for Border and
Transportation Security Policy and Planning for the last 2
years, until my resignation earlier this spring. I was
responsible for immigration and visa policy, transportation
security, as well as cargo security, largely carried out in the
field by CBP, ICE, and TSA. I would be remiss if I didn't thank
the Committee for your outstanding efforts to support DHS
during my tenure--the intelligence bill probably the most
famous--but also your oversight responsibilities were very
helpful in focusing our energies and making us do a better job.
The point of today's hearing, I think, is to understand
that this is a layering of programs, and while we are focusing
on two very specific and important programs, CSI and C-TPAT,
they are not the only programs that are relevant and they
shouldn't be looked at in a vacuum. I think Commissioner Bonner
talked eloquently about the layering that CBP is responsible
for, but it is really beyond CBP, and I will talk about that in
a second.
I strongly disagree with any analysis, such as the press
accounts we have seen the last couple days, that somehow
suggests we are worse off with CSI and C-TPAT and the related
programs that they undergird than we would be without them.
There are minor flaws that need to be fixed--some of which
already have been--due to budget or operational concerns or
technology limitations or international agreements, and they
have to be worked on, but that should not lead one to the
conclusion that we are better off without them. It is not an
either/or proposition, as the title of the hearing might
suggest, and I know people make hearing titles to be catchy,
but it is incremental progress that should be considered that
the Department and the Congress supported their programs and we
need to think of it in that light.
Now, I will say, having looked at some of the major other
issues that we face in Homeland Security, we have done more in
other areas to come up with an overall strategic plan. You
think of visa policy, you think of entry/exit, you think of
aviation security, intelligence gathering. With cargo and
supply chain security, we have not really done that.
The programs we talked about are part of that, but they are
not a plan in and of themselves, the programs that CBP and the
Coast Guard and other parts of our government implement, and
that is why, at the direction of Secretary Ridge and especially
Deputy Secretary Loy last year, we were instructed in my office
to build a National Strategic Plan for Cargo Security. For any
of you who were at the cargo summit that DHS put on in
December, you saw the first draft of that. It is a public
document. That is now being reviewed within the Department as
part of Secretary Chertoff's second-stage review, and my
understanding is that will be something that he is focusing on
moving forward throughout this summer. He is coming up with a
rubric under which all programs can be handled.
Let me talk about a couple of things that are beyond CSI
and C-TPAT just for a second before returning to this.
I do agree with the witnesses today. We do need a zero
tolerance for weapons of mass destruction and to devote
whatever energies it takes to build that into our system. It is
a layered approach, but we have to have that as a 100 percent
layer along the way at some point, preferably overseas, if not
overseas then domestically. And so we are moving in that
direction with the procurements and the deployments we have
talked about. I think it is absolutely critical that we rely on
our Science and Technology Directorate who has come up with a
procurement announcement earlier this year to get the best
equipment out there and to have standards.
I also would encourage the Congress to support the proposed
Domestic Nuclear Detection Office, the DNDO, as a great
opportunity to coordinate efforts that do cross agencies within
DHS and even beyond DHS in this absolutely critical area.
The second phase that is beyond these programs is the
Maritime Domain Awareness Effort led by the Coast Guard and the
Navy under Homeland Security Presidential Directive 13, signed
last winter. This will bring visibility into shipments between
when they leave a foreign port and when they arrive
domestically. Couple that with the improvements in in-transit
protection that we need, first, a regulation that is in the
works on mechanical seals, subsequently with high-tech seals or
so-called ``smart boxes'' to provide detection notification.
Those are things that will bring a measure of accountability
between departure and arrival that we absolutely need.
Turning briefly to CSI and C-TPAT, I completely agree with
the GAO's suggestions in many respects, and I found their work
to be very helpful in my responsibilities and think they do a
great job.
In terms of CSI, I think that CBP does need to redouble
efforts to get people overseas to support these efforts.
Deploying people is not an easy thing. We worked on it in many
other programs besides CSI, and finding the space to get these
people overseas, getting the agreements in place with the State
Department is not simple. So it does take time and people have
to be somewhat patient.
I am not sure I agree with the suggestion that we should be
returning those people back to the United States to do work
here. Once we get people overseas and have gone to that
trouble, we ought to be having them work more with host
governments to develop leads, to work with local law
enforcement and customs officials to figure out the best ways
to make that targeting the most effective we can. That can only
be done overseas, working with people on the ground.
I also would recommend that people try to make these
deployments for as long a term as possible to develop those
long-term relationships and not have people deployed on TDY
basis.
In terms of C-TPAT, I am heartened that CBP, working with
myself and Under Secretary Hutchinson, have increased the
number of validators that are coming online to make the system
more whole. I do agree that--and I take some blame here in not
coming up with this idea myself--there should be a tiering
among the companies that have been accepted or certified but
not validated, and I think it is an entirely appropriate
measure of risk management to have a tiering for companies that
have essentially made promises that have not been confirmed.
It does strike me that these companies have track records
in dealing with the government that ought to be considered and
that they should be given some measure of benefit, but not the
full benefits that are given to fully certified C-TPAT members.
The last thing I want to mention in my oral remarks is the
need for a more broad, more expansive policy office within the
Department. I noted with some irony that neither of the GAO
reports even mentioned the fact that there is any type of
policy oversight within the Department for CBP or any of the
other agencies at the bureau level. We see that this issue
really does cover issues beyond CBP's responsibilities,
especially on the international front, and the reports don't
even mention a DHS policy coordination effort or a BTS policy
coordination effort and I think that speaks volumes of the
dilemma that we have.
The work has to be coordinated between Coast Guard, between
TSA, between the Science and Technology Directorate, and
especially overseas, where we need to bring the full weight of
the DHS relationship to bear on each of the programs. We should
not be having Customs overseas negotiating separate agreements,
and the Coast Guard overseas, ICE, and TSA, they need to be
worked together. And so my hope and my expectation is that the
Department will come up with a robust policy office providing
guidance to all the operational bureaus as well as managing
international affairs as part of the Secretary's second-stage
review that is ongoing.
I thank you for the chance to be here today. I look forward
to your questions.
Senator Coleman. Thank you very much for your testimony.
I want to go over a couple of things that Commissioner
Bonner stated. He indicated very clearly that all high-risk
containers overseas, if they are not inspected overseas, are
inspected when they get here. Was GAO able to verify that?
Mr. Stana. No. In fact, of the 65 percent of the containers
that were classified as high-risk and were reviewed by the
staff overseas, our detailed work at the ports suggested even
within that 65 percent, there is no guarantee that all those
were high-risk or not high-risk. That is the first point.
The second point is when the CSI port people call the U.S.
port people and notify them that they couldn't get it inspected
for whatever reason, we found no records that could assure us
that in all cases the inspection was done stateside. So we
don't have the high level of assurance that Commissioner Bonner
has.
I might add also, if you recall, about a year ago, we did
some work on the ATS system and there were some problems there
identifying cargo risks and making appropriate designations.
This whole CSI system is predicated on ATS.
Senator Coleman. Explain ATS.
Mr. Stana. ATS is the Automated Targeting System, the
system of rules that Commissioner Bonner was describing. There
are many of them, hundreds of rules that, based mainly on
manifest data, create a point score and risk designation.
We found problems with the ATS system that suggests that it
also is not absolutely reliable in identifying high-risk cargo.
So you put those three together and it suggests problems. I
understand where he is coming from, but I wouldn't speak with
the same level of assurance.
Senator Coleman. Mr. Verdery says we are not worse off, but
I think one of the problems here is that we have a system based
on an ATS system of which there are concerns about it, the
system does a good enough job identifying the risk.
Commander Flynn. Well, it is true that we are probably not
worse off because we have these systems in place. In fact, they
are good faith efforts, as you pointed out.
The problem is, is that when you rely on these systems to
do the things that they are designed to do and they don't, it
creates other vulnerabilities. For example, in some ports, if a
container came from a CSI port, they may reduce level of
inspection or eliminate it, not necessarily on a point score
but because it came from a CSI port.
Senator Coleman. I am not arguing with you, Mr. Verdery, in
terms of worse off, but I worry about a false sense of
security. I worry about increased vulnerability because of
reliance upon a system that, at its core, has a few challenges.
Commander Flynn. I might just highlight, and this speaks to
the need for the coordination, but the National Targeting
Center, for instance, isn't hooked up to the Office of Naval
Intelligence or Coast Guard's efforts to target based on
maritime data.
But that targeting effort is based on prior history. CBP is
really operating in terms that past performance equals future
results. If you have been shipping terrorist-free for 2 years
and you have been complying with Customs rules, you are viewed
as no risk of terror having compromised a global supply chain.
Now, that is just something that no company can achieve and one
that we can't have automatic confidence in. It is not that we
can't find scary places, but the underlying intelligence that
goes into the ATS system is very weak, as we know from just the
intelligence that we have about this adversary overall.
So it is all built on that edifice of Automatic Targeting
System primarily with just applying it overseas. CBP is getting
it early enough that CBP can do some analysis and ask a few
more questions. But the rest of that universe is viewed as
something CBP does not need to look at, and I think that is
problematic.
Senator Coleman. I am going to come back to the issue of
auditing and what that means, but I just want to follow up on
another thing the Commissioner said. He was pretty confident
that, with one exception, the non-intrusive equipment that is
being used at the CSI ports meets or exceeds what we have here.
Would you concur with that?
Mr. Stana. We are doing some work on that issue right now.
We are doing a technology assessment of the different non-
intrusive inspection equipment being used. But I will say this.
In our classified report, you may recall a chart that we had of
three different types of equipment. They had different scan
speeds, they had different penetration abilities, and so on.
They are not all the same. Some may be better off in some
areas, some may be better off in others.
But what we are suggesting isn't so much to set a standard
so that one port improves or that one country improves. What we
are suggesting is, is you may want to set a standard so that
you have scan speed and penetration ability that is consistent
so that when you get an inspection done, it is a consistent
inspection and you can have confidence in it and you don't need
to reinspect the cargo container.
Commander Flynn. Mr. Chairman, if I can on that issue, one
of the biggest problems is the disconnect, between radiation
portal monitors and gamma scanning and whether or not detection
can happen. CBP may have good equipment, but when they are not
used together, the central problem is this.
Radiation portals won't help you with shielded weapon,
which would be a loose nuke. It won't help you with a shielded
RDD, a dirty bomb. And it won't help you with highly-enriched
uranium because it doesn't give off enough of a signature vis-
a-vis the background. So to rely primarily on a radiation
portal technology, it is not helping us with the scariest
problem set.
But when you have a radiation portal, it forces the
shielding because they know you could detect it for the dirty
bomb problem, particularly. Then your imaging would say there
is a big cylinder object or whatever here in the middle of a
shipment of sneakers. That is a problem.
So part of the issue is DOE has been marching off deploying
radiation portals entirely isolated from DHS's effort. DHS only
uses the gamma for a very small population, because that is all
they have the resources to do. They ask other countries to
apply it in the same way. And these two worlds haven't come
together.
So it is not the technology itself is a problem, it is how
we integrate the technology, how we integrate it with data.
And I will just highlight another issue, keeping the
information. We are not storing the information after we get
these images. Storage is cheap, but CBP is tossing it away. CBP
is basically throwing away a forensic tool if something went
wrong, or even a tool that CBP can learn from over time. I
don't understand why that is happening, but for stuff coming
across the Canadian border, as soon as the image is taken,
within a day or so, the image is gone. CBP dumps it. It makes
no sense that CBP is not storing this and trying to learn from
it, as well.
So it is the technology has limits, but it is more about
how we integrate it, how we interface with software, how we use
human judgment as a part of the process.
Mr. Stana. And if I could just add one more thing, most of
the detection equipment we are speaking of is aimed at nuclear
or radiological threats. There are other types of weapons of
mass destruction that we do need to focus on and to build some
standards around.
Senator Coleman. Let me talk a little bit about the audits.
As I was listening, Commander Flynn, to your testimony, I was
wondering, where are you going with it? In other words, what
are you proposing? What is the solution?
Commander Flynn. We have a system now that if you talk
about the system of terrorism it is not going to be a pattern,
all you have to do is one shot, you have to get it through, so
the thing that we are looking at now of narcotics and other
things are based on, as you said, somebody continuing to use a
system and figuring out a way to avoid it. So the best targets,
I think the soft targets are those operations that have been
``validated,'' that, in effect, really almost guarantee not
being checked further.
If there was one concern I had with the Commissioner--one
other concern I had with the Commissioner's testimony was even
though there is a tiered system right now, the fact is that you
are giving, in effect, carte blanche to companies that have not
been audited, clearly not been audited.
Mr. Stana. Yes. I think that is a cause for concern. I
heard the tier approach. I think it is a step in the right
direction, but the fact of the matter is, with the vetting
process, you are assuming that the kinds of vulnerabilities
that you addressed in the past are indicative of the security
chain vulnerabilities of the future, and this assumption is
made without a validation. What they are doing is giving a
number of benefit points to a vetted company without
validation, and the number of points is sufficient to move them
from a high-risk category to a low-risk category.
Senator Coleman. In part, is the problem of validation
perhaps almost--perhaps a difference in philosophy? Customs and
Border Protection isn't really talking about auditing. Even
their validation is not an audit. Commander Flynn, you
ultimately said that you have to audit the auditors. That is an
audit.
Commander Flynn. Right.
Senator Coleman. And what I am not hearing in place today
is a system in which GAO actually would consider an audit.
Mr. Stana. Or at least a reasonable examination of the
supply chain security. What is happening is you have the CBP
and the company agree to what CBP will look at, and oftentimes,
it is not the crux or even the majority of the operation, and
that is troublesome.
Mr. Verdery. If I could just suggest, I think that in my
prepared remarks, I talked about the consideration of turning
parts of C-TPAT into a baseline regulatory regime. Not all of
it is probably suitable to go into your typical statutes and
regulations, but as we load up more and more bells and whistles
onto essentially a voluntary deal, I think the time has come to
consider whether or not this should apply to all players, all
importers and other folks in the supply chain, and also, I
think, provide a degree of transparency into how these
processes are done.
As I understand it, the recent changes on the tiering were
announced by E-mail. I am not sure this is the way government
business ought to be handled. And I do think that a regulatory
baseline in some respects of C-TPAT would provide that kind
of--it is not going to be an audit, but it would provide that
kind of level of assurance that you might give the public more
confidence.
Now, I don't think people should take too much the fact
that something is validated: That is a snapshot in time. That
is no guarantee that a week later, things haven't changed. So I
don't think you can divide the world into black and white.
These are companies we have to have ongoing relationships with
and a regulatory regime might be a way to make that more
productive.
Commander Flynn. If I can, Mr. Chairman, where I am going
with this is this validation is the entry-level argument, so it
is the birth certificate process. Agreed-upon protocols,
somebody goes out and checks that the company is actually
living up to them. Sarbanes-Oxley style, basically. Are you
living up to the controls? It is not done by the U.S.
Government, it is done by folks who are skilled at auditing.
And then DMS checks the checking process. So that is the kind
of mechanism there.
But then to assure that, in fact, this is happening, that
the low-risk is staying low-risk, you have confidence it was
stopped, you are tracking it through and you are spot-checking
along the way. It doesn't have to be 100 percent because
terrorists don't have unlimited resources or unlimited weapons
of mass destruction. If, in fact, it looks like the deterrent--
the probability of success in the system looks not so good,
even 50/50, they are going to go another route.
So by building this robustness to it--but my nightmare
scenario now is the weapon of mass destruction will go off in
Minneapolis and it will come via a C-TPAT company on a C-TPAT-
compliant carrier through an ISPS-compliant port, an ISPS-
compliant ship, and the entire regime will fall apart because
we didn't build the controls in up front to give us confidence
in it.
Senator Coleman. It is pretty sobering. I sense in your
testimony about keeping data, in part what you are saying is if
something does happen, you can at least identify this is the
problem so that the entire system is not cast aside?
Commander Flynn. To deal with the incident, the analogy I
would use, Mr. Chairman, is the black box in an airplane. We
don't put them in there because they are free and because they
make the planes fly better. But every time--the rare times that
jet airliners fall out of the sky, if the only thing that the
aviation industry and the government did was shrug and say, it
doesn't happen very often, it is one in a million times, people
wouldn't get back on planes.
Having the tools and the system to verify even after, to
support the investigation, so as to find an isolated supply
chain that was a problem. CBP can focus on it. It means you
don't have to close the border with Canada. You don't have to
close the seaports around the country. But if you can't do
that, you have to assume everything is at risk, and that
becomes a real problem for us.
Senator Coleman. My problem may be definition of terms. We
talk about things being certified. In the public's mind, I
think they think certification has some really strong value.
This is USDA-certified Grade A meat or whatever. Somebody has
looked at it. Somebody has inspected it. Somebody then checked
it out and they have made a judgment.
And what we are having here is we have application,
certification really being looking at paperwork, just looking
at paperwork and trusting--this is trust but not verify--that
you got what you got. That is a far cry from certification.
And then in terms of validation, you can have validation
which is not validating this is the way the system works. What
you are looking at, it is the blind man and the elephant. You
are literally looking at one little piece of it that may or may
not be representative of the rest of the system, and you are
looking at a piece, by the way, that you have agreed up front
to look at.
So it is a kind of thing that FDA wouldn't do. So that is
my concern, that we have phrases here--certification,
validation--that I don't think meet the standard definition
that most folks would think about. And again, when we go back
to the risks here, they are pretty significant.
Let me ask a question, though, about validation, even the
system that we have. It seems to me the program is growing very
rapidly, but we are only validating a small percentage. Is that
problematic?
Mr. Verdery. They have to catch up, and I think they are
catching up. Bringing on these validators, you have to get them
hired and trained and the like and they are catching up. I
think you heard the Commissioner say 11 percent are validated
now and they have 40 percent in the works. I do think that the
recruitment efforts, perhaps, ought to take a back seat for a
while to the validation efforts.
Sir, if I could just--I think, essentially, you have a
situation where you have an interim security clearance. We
allow those in other types of situations. And the question is,
do you provide any kind of benefit for somebody at that level?
I think it is a reasonable risk management tool to give some
benefit, even if you are not going to give a full panoply of
benefits.
And again, I think people would be a lot more comfortable
with this whole rubric or regime if at one point along the way
there was a 100 percent check for WMD, and that, I think, has
got to be a priority, to get those machines out, preferably
overseas. Where we can't get them overseas, have them
domestically. I think that would provide a kind of a backbone
to make this thing make more sense from a logical basis.
Senator Coleman. Let me have Mr. Stana first, and then I
want to follow up on this point.
One, this question of catching up, what is your best
estimate of our capability to catch up?
Mr. Stana. It is going to take years at this rate. I mean,
we are not much further along now in hiring new people than we
were months ago. For that reason, a couple things have to
happen. They are going to have to prioritize which ones to
validate first, and I would start with the importers who are
receiving the greatest benefits. And yet only 7 percent of them
have been validated.
Second, I haven't really studied Steve Flynn's idea about
going to the private sector or going elsewhere to get a bonded
third party with appropriate background checks to do some of
the validations. That approach might hold some promise. I would
need to study it a little bit, but those kinds of auditing
models are available elsewhere in government.
But I am not comfortable in saying that a cargo container
can move from a high-risk designation to a low-risk designation
simply because the importer filled out the paperwork correctly
and we don't have any noncompliance history in our data files.
I don't know if that is enough in this day and age.
Senator Coleman. Commander Flynn.
Commander Flynn. I would agree with that. I just would
point to the Port State Control Regime that the Coast Guard
uses. The way you close the gap is you bring third parties who
have expertise in the supply chains, which Customs has very
little of. That is not a skill set that is a result of being a
Customs official. They are trying to build it now. Instead of
hiring a lot of new government employees on this front, you
build that set for oversight purposes, but you go out to the
marketplace and you say to the importers, as a part of being C-
TPAT, you have to have a third-party player who has verified
your compliance.
Port State Control works this way. If you are an oil tanker
coming into the U.S. waters, you have to have on file with the
Coast Guard a certificate of financial responsibility,
insurance, that you have come in. In order to get the
insurance, you have to have a Classification Society go on
board and confirm that you live up to the international safety
standards. Then the Coast Guard spot checks when the ship comes
in to say, are you living up to--have you, based on its
expertise--was that inspection done with due diligence? If it
was not, the ship is held up. But every other ship that used
that classifier is also held up. That creates the incentive for
everybody to go to the top-shelf certifier.
So there are ways in which the market can be used for
expertise and to validate. Now, clearly when it is a security
validation or a safety one, you need some liability protection,
and that is why there will have to be a robust oversight
process for this, as well.
But the only way to close the gap, I would argue, would be
to take this third-party model. Otherwise, it will be years and
years and as far as we can go.
Senator Coleman. And Mr. Stana, on behalf of the requestors
of your work, Chairman Collins, Senator Lieberman, myself, and
Senator Levin, I would ask you, and we will put this in
writing, but continue to follow up on this. I think this is
very important work, and I think we have made a lot of
progress.
And again, from the beginning, I have mentioned that we
need to applaud the efforts that have been taken. These are
steps in the right direction. My concern, though, is that there
are still significant vulnerabilities, and even in regard to
issues like validation and certification, I am not sure that we
are speaking the same language here. I think we have to be
speaking the same language so that we can have some consistent
levels of confidence that we are catching the problem before it
ultimately is a huge disaster.
I also noticed that Gene Aloise, the Director at GAO, who
led the team that produced the Megaports report is here and I
want to thank Gene for his efforts, and again, your entire
team.
I am going to keep the record open for 2 weeks. There is
additional information that we want. I want to thank everybody
for their testimony. This has been a very productive and very
informative hearing.
With that, this hearing is adjourned.
[Whereupon, at 12:22 p.m., the Subcommittee was adjourned.]
A P P E N D I X
----------
[GRAPHIC] [TIFF OMITTED] T1825.001
[GRAPHIC] [TIFF OMITTED] T1825.002
[GRAPHIC] [TIFF OMITTED] T1825.003
[GRAPHIC] [TIFF OMITTED] T1825.004
[GRAPHIC] [TIFF OMITTED] T1825.005
[GRAPHIC] [TIFF OMITTED] T1825.006
[GRAPHIC] [TIFF OMITTED] T1825.007
[GRAPHIC] [TIFF OMITTED] T1825.008
[GRAPHIC] [TIFF OMITTED] T1825.009
[GRAPHIC] [TIFF OMITTED] T1825.010
[GRAPHIC] [TIFF OMITTED] T1825.011
[GRAPHIC] [TIFF OMITTED] T1825.012
[GRAPHIC] [TIFF OMITTED] T1825.013
[GRAPHIC] [TIFF OMITTED] T1825.014
[GRAPHIC] [TIFF OMITTED] T1825.015
[GRAPHIC] [TIFF OMITTED] T1825.016
[GRAPHIC] [TIFF OMITTED] T1825.017
[GRAPHIC] [TIFF OMITTED] T1825.018
[GRAPHIC] [TIFF OMITTED] T1825.019
[GRAPHIC] [TIFF OMITTED] T1825.020
[GRAPHIC] [TIFF OMITTED] T1825.021
[GRAPHIC] [TIFF OMITTED] T1825.022
[GRAPHIC] [TIFF OMITTED] T1825.023
[GRAPHIC] [TIFF OMITTED] T1825.024
[GRAPHIC] [TIFF OMITTED] T1825.025
[GRAPHIC] [TIFF OMITTED] T1825.026
[GRAPHIC] [TIFF OMITTED] T1825.027
[GRAPHIC] [TIFF OMITTED] T1825.028
[GRAPHIC] [TIFF OMITTED] T1825.029
[GRAPHIC] [TIFF OMITTED] T1825.030
[GRAPHIC] [TIFF OMITTED] T1825.031
[GRAPHIC] [TIFF OMITTED] T1825.032
[GRAPHIC] [TIFF OMITTED] T1825.033
[GRAPHIC] [TIFF OMITTED] T1825.034
[GRAPHIC] [TIFF OMITTED] T1825.035
[GRAPHIC] [TIFF OMITTED] T1825.036
[GRAPHIC] [TIFF OMITTED] T1825.037
[GRAPHIC] [TIFF OMITTED] T1825.038
[GRAPHIC] [TIFF OMITTED] T1825.039
[GRAPHIC] [TIFF OMITTED] T1825.040
[GRAPHIC] [TIFF OMITTED] T1825.041
[GRAPHIC] [TIFF OMITTED] T1825.042
[GRAPHIC] [TIFF OMITTED] T1825.043
[GRAPHIC] [TIFF OMITTED] T1825.044
[GRAPHIC] [TIFF OMITTED] T1825.045
[GRAPHIC] [TIFF OMITTED] T1825.046
[GRAPHIC] [TIFF OMITTED] T1825.047
[GRAPHIC] [TIFF OMITTED] T1825.048
[GRAPHIC] [TIFF OMITTED] T1825.049
[GRAPHIC] [TIFF OMITTED] T1825.050
[GRAPHIC] [TIFF OMITTED] T1825.051
[GRAPHIC] [TIFF OMITTED] T1825.052
[GRAPHIC] [TIFF OMITTED] T1825.053
[GRAPHIC] [TIFF OMITTED] T1825.054
[GRAPHIC] [TIFF OMITTED] T1825.055
[GRAPHIC] [TIFF OMITTED] T1825.056
[GRAPHIC] [TIFF OMITTED] T1825.057
[GRAPHIC] [TIFF OMITTED] T1825.058
[GRAPHIC] [TIFF OMITTED] T1825.059
[GRAPHIC] [TIFF OMITTED] T1825.060
[GRAPHIC] [TIFF OMITTED] T1825.061
[GRAPHIC] [TIFF OMITTED] T1825.062
[GRAPHIC] [TIFF OMITTED] T1825.063
[GRAPHIC] [TIFF OMITTED] T1825.064
[GRAPHIC] [TIFF OMITTED] T1825.065
[GRAPHIC] [TIFF OMITTED] T1825.066
[GRAPHIC] [TIFF OMITTED] T1825.067
[GRAPHIC] [TIFF OMITTED] T1825.068
[GRAPHIC] [TIFF OMITTED] T1825.069
[GRAPHIC] [TIFF OMITTED] T1825.070
[GRAPHIC] [TIFF OMITTED] T1825.071
[GRAPHIC] [TIFF OMITTED] T1825.072
[GRAPHIC] [TIFF OMITTED] T1825.073
[GRAPHIC] [TIFF OMITTED] T1825.074
[GRAPHIC] [TIFF OMITTED] T1825.075
[GRAPHIC] [TIFF OMITTED] T1825.076
[GRAPHIC] [TIFF OMITTED] T1825.077
[GRAPHIC] [TIFF OMITTED] T1825.078
[GRAPHIC] [TIFF OMITTED] T1825.079
[GRAPHIC] [TIFF OMITTED] T1825.080
[GRAPHIC] [TIFF OMITTED] T1825.081
[GRAPHIC] [TIFF OMITTED] T1825.082
[GRAPHIC] [TIFF OMITTED] T1825.083
[GRAPHIC] [TIFF OMITTED] T1825.084
[GRAPHIC] [TIFF OMITTED] T1825.085
[GRAPHIC] [TIFF OMITTED] T1825.086
[GRAPHIC] [TIFF OMITTED] T1825.087
[GRAPHIC] [TIFF OMITTED] T1825.088
[GRAPHIC] [TIFF OMITTED] T1825.089
[GRAPHIC] [TIFF OMITTED] T1825.090
[GRAPHIC] [TIFF OMITTED] T1825.091
[GRAPHIC] [TIFF OMITTED] T1825.092
[GRAPHIC] [TIFF OMITTED] T1825.093
[GRAPHIC] [TIFF OMITTED] T1825.094
[GRAPHIC] [TIFF OMITTED] T1825.095
[GRAPHIC] [TIFF OMITTED] T1825.096
[GRAPHIC] [TIFF OMITTED] T1825.097
[GRAPHIC] [TIFF OMITTED] T1825.098
[GRAPHIC] [TIFF OMITTED] T1825.099
[GRAPHIC] [TIFF OMITTED] T1825.100
[GRAPHIC] [TIFF OMITTED] T1825.101
[GRAPHIC] [TIFF OMITTED] T1825.102
[GRAPHIC] [TIFF OMITTED] T1825.103
[GRAPHIC] [TIFF OMITTED] T1825.104
[GRAPHIC] [TIFF OMITTED] T1825.105
[GRAPHIC] [TIFF OMITTED] T1825.106
[GRAPHIC] [TIFF OMITTED] T1825.107
[GRAPHIC] [TIFF OMITTED] T1825.108
[GRAPHIC] [TIFF OMITTED] T1825.109
[GRAPHIC] [TIFF OMITTED] T1825.110
[GRAPHIC] [TIFF OMITTED] T1825.111
[GRAPHIC] [TIFF OMITTED] T1825.112
[GRAPHIC] [TIFF OMITTED] T1825.113
[GRAPHIC] [TIFF OMITTED] T1825.114
[GRAPHIC] [TIFF OMITTED] T1825.115
[GRAPHIC] [TIFF OMITTED] T1825.116
[GRAPHIC] [TIFF OMITTED] T1825.117
[GRAPHIC] [TIFF OMITTED] T1825.118
[GRAPHIC] [TIFF OMITTED] T1825.119
[GRAPHIC] [TIFF OMITTED] T1825.120
[GRAPHIC] [TIFF OMITTED] T1825.121
[GRAPHIC] [TIFF OMITTED] T1825.122
[GRAPHIC] [TIFF OMITTED] T1825.123
[GRAPHIC] [TIFF OMITTED] T1825.124
[GRAPHIC] [TIFF OMITTED] T1825.125
[GRAPHIC] [TIFF OMITTED] T1825.126
[GRAPHIC] [TIFF OMITTED] T1825.127
[GRAPHIC] [TIFF OMITTED] T1825.128
[GRAPHIC] [TIFF OMITTED] T1825.129
[GRAPHIC] [TIFF OMITTED] T1825.130
[GRAPHIC] [TIFF OMITTED] T1825.131
[GRAPHIC] [TIFF OMITTED] T1825.132
[GRAPHIC] [TIFF OMITTED] T1825.133
[GRAPHIC] [TIFF OMITTED] T1825.134
[GRAPHIC] [TIFF OMITTED] T1825.135
[GRAPHIC] [TIFF OMITTED] T1825.136
[GRAPHIC] [TIFF OMITTED] T1825.137
[GRAPHIC] [TIFF OMITTED] T1825.138
[GRAPHIC] [TIFF OMITTED] T1825.139
[GRAPHIC] [TIFF OMITTED] T1825.140
[GRAPHIC] [TIFF OMITTED] T1825.141
[GRAPHIC] [TIFF OMITTED] T1825.142
[GRAPHIC] [TIFF OMITTED] T1825.143
[GRAPHIC] [TIFF OMITTED] T1825.144
[GRAPHIC] [TIFF OMITTED] T1825.145
[GRAPHIC] [TIFF OMITTED] T1825.146
[GRAPHIC] [TIFF OMITTED] T1825.147
[GRAPHIC] [TIFF OMITTED] T1825.148
[GRAPHIC] [TIFF OMITTED] T1825.149
[GRAPHIC] [TIFF OMITTED] T1825.150
[GRAPHIC] [TIFF OMITTED] T1825.151
[GRAPHIC] [TIFF OMITTED] T1825.152
[GRAPHIC] [TIFF OMITTED] T1825.153
[GRAPHIC] [TIFF OMITTED] T1825.154
[GRAPHIC] [TIFF OMITTED] T1825.155
[GRAPHIC] [TIFF OMITTED] T1825.156
[GRAPHIC] [TIFF OMITTED] T1825.157
[GRAPHIC] [TIFF OMITTED] T1825.158
[GRAPHIC] [TIFF OMITTED] T1825.159
[GRAPHIC] [TIFF OMITTED] T1825.160
[GRAPHIC] [TIFF OMITTED] T1825.161
[GRAPHIC] [TIFF OMITTED] T1825.162
[GRAPHIC] [TIFF OMITTED] T1825.163
[GRAPHIC] [TIFF OMITTED] T1825.164
[GRAPHIC] [TIFF OMITTED] T1825.165
�