September 11 forever changed the way governments and the private sector view security. Bombings in Bali and attacks in London took place within weeks of each other last year and underscored how vulnerable the world has become to acts of terrorism.
Many of the targets are marine and aviation transportation networks and because APEC is home to the world's top ports and some of the world's busiest airports it's a threat that the group's Counter-Terrorism Task Force takes especially seriously.
Cooperation between the public and private sectors is critical to combat security risks. Public- private partnerships dominated the discussion at the Secure Trade in the APEC Region (STAR) IV Conference in February. APEC members in Hanoi urged that more partnerships at both the domestic and the inter-regional level are needed. They emphasized that the private sector, including small and medium enterprises, should not be viewed simply as fund providers but as partners in implementing security measures and included in the decision-making process.
"Government and industry must work together toward common goals," notes David L. Cunningham Jr., president of FedEx Express in the Asia Pacific. "Securing and facilitating international trade flows is a long-term task that requires holistic and long-term thinking. Standards need to be harmonized globally."
Information sharing between the public and private sector "is critical in mitigating risks," adds Earl Agron, vice president of security at APL, a subsidiary of Neptune Orient Lines which is a global transportation and logistics company. "The private sector is going to be sharing more and more information with law enforcement and different countries will be sharing information amongst themselves. All of this requires trust among the parties involved."
Significant public-private partnerships are already underway. Since December 2003, Australian airline Qantas pays for government-trained employees called Sky Marshals who are trained by Australian Federal Police to sit on flights. Qantas is also training local staff at airports to which it flies and supplementing training and security equipment for local commercial or private security guards. It provides training and equipment for instance to ground handling agents and local security services at airports in Indonesia, the Philippines and India. The carrier is also working on enhanced cockpit doors and access control procedures, cockpit door surveillance systems and cargo screening, MANPADS, secondary screening at certain foreign ports, crew slipping arrangements at certain foreign ports, flight path and schedule variations, and pandemic avian influenza procedures. "In order to implement good security we need to know what those risks are," explains Mark Edmonds, the airline's security risk-assessment manager. "The Department of Transport and Regional Services is keen to let everyone know that their approach is to share threats with the transport industry and that is very valuable to us."
At A$250 million last year, the airline's spending on security is larger than the budgets of some of Australia's state police forces. The funds went to paying sky marshals, implementing 100% checked bag screening at all major airports, and air-side access controls, which can inspect or search all personnel moving to the air-side of airports.
FedEx is also actively involved with governments around the region on initiatives to increase trade and security. It is one of 31 associations and companies on the Private Sector Consultative Group working with the World Customs Organization (WCO) in Brussels to draft the details for a global framework of standards for security and trade facilitation - the SAFE Framework. It is also a member of C-TPAT. In partnership with the private sector, the Customs-Trade Partnership Against Terrorism is a program managed by the U.S. Department of Homeland Security, which aims at trying to secure the entire logistics chain.
C-TPAT requires cooperation by government, importers, carriers, brokers, warehouse operators and exporting manufacturers. Qualifying to become a member of C-TPAT is a collaborative effort. Once C-TPAT certified, a company eventually goes through a validation exercise with Customs. For this validation, the C-TPAT representative from the private company and one or two C-TPAT Supply Chain Specialists will do a site investigation and review the security practices in place. "During the validation there is a give and take of ideas and sharing of best practices," explains APL's Agron. "The customs officials will look at your practices and make suggestions on how to improve it, or may see something they like and recommend it to other companies." A catalogue of best practices is now available on the C-TPAT website and available to all members.
In exchange for private sector cooperation and commitment to improve security, importers benefit from reduced cargo inspections by Customs. C-TPAT members are also assigned a supply chain specialist so if a company has a problem or question or needs more information they can call upon that specialist for help. Membership also brings invitations to workshops on anti-terrorism.
Representatives from private industry are helping in other ways too. They have participated in the ISO working group on "supply chain security management, assessment and plans," known as ISO28001, and took the WCO standards to a higher level, notes Agron. This is one way private industry can help ensure a consistent application of the WCO Framework.
Government-led initiatives require input from the private sector. In New Zealand, the customs service in consultation with business developed a Supply Chain Security Strategy to provide greater security assurance over exports, imports and transshipped goods. So far 22 secure export partners have joined - all of which have shown that they have adequate security measures in place to ensure that export goods cannot be tampered with or used to smuggle contraband. Their consignment of goods are then sealed with a Customs-approved seal that signals it is under customs control and can be considered secure by overseas administrations.
In the U.S., meanwhile, officials are working with the private sector to help improve the 24 hour advance manifest rule - a requirement for the electronic transmission of detailed manifest information 24 hours in advance of a container's loading. Those containers, for which manifest information is too vague or submitted too late, are issued with a 'Do Not Load' directive, which stays in place until the container satisfactorily meets all the requirements. Shipping agencies that fail to provide their information in time face monetary penalties or civil claims for damages arising from delays in shipments. Vessels ignoring the 'Do Not Load' directive are denied permission to unload the container at any port in the U.S.
Prior to 24-hour rule, ocean carriers only had to notify U.S. Customs 48 hours ahead of their arrival in the U.S. and the information they provided was very general. "Before, you could use cargo descriptions such as general merchandise, but today you have to provide much more detailed cargo descriptions," explains Agron. "We hope to improve container profiling and risk analysis. We have suggested additional data elements such as better cargo descriptions, origin of goods, ultimate consignee and exporting country. There's other business information that would also be helpful such as purchase order data, where the container was stuffed, and who stuffed the container...That's the work in progress."
Another example of public-private partnership is Operation Safe Commerce, a U.S.-funded initiative that tests different supply chain solutions. Under this program, APL has partnered with the ports of Los Angeles and Long Beach, the Port of Singapore Authority and Sandia National Labs and is helping to test technologies and supply chain solutions. "We are contributing our knowledge of marine terminals, ocean carriage and our knowledge of our portion of the international supply chain," says Agron. "We test the entire supply chain - for example from the factories in Singapore and Malaysia where the cargo is stuffed into the container to where it gets unloaded at the Port of Authority in Singapore, to the discharging of it in the U.S....We're testing different technology to scan for vulnerabilities at the package level (before it is loaded into the container) and then again at the container level where containers go through both a gamma ray machine and an advanced radiation portal that scans for radiation." At the end of the test-bed program, APL and its partners will make recommendations to the U.S. government, which will then make decisions based on their results.
The Container Security Initiative (CSI), which involves the posting of U.S. Customs officials at major ports in order to pre screen cargo destined for the U.S., is another area where the public and private sector must cooperate. American customs officials do not have the authority to inspect cargo, relying instead on their counterparts from each host economy to undertake physical checks. "You can't have an Achilles heel anywhere in the system - if you have ten ports and nine of them are very well-equipped and the staff is well trained with regards to technology and you have one that is the weak link, then the whole system falls down because the terrorists will definitely exploit the weak link," says Gordon Chu, co-chair of the Trade Investment Facilitation Working Group within APEC's Business Advisory Council.
Private sector representatives argue the new technology must be sensible and fit specific needs. "We need to ensure that industry is not forced to accept expensive security solutions that will do little for security while adding significant friction and cost to the international supply chain," says Agron. "There is a mountain of both large and small [technology] companies hoping they win the lottery with their solution. We need to pause and go about looking for the right technology in a more measured way."
This is yet another area where public-private partnerships can come into play. "To come up with the right [technological] answers, both the public sector and private supply chain stakeholders need to collaborate," sums up Agron. "It is up to the public sector to define the risk in sufficient detail so that both sectors can work together to define solutions. Once those solutions are defined, technology companies, universities, and national labs should be given the challenge to develop the end product that satisfies the security needs."