Security in SCM

Penn State University Press
Security and the Global Supply Chain

Author(s): RAVI SARATHY
Source: Transportation Journal, Vol. 45, No. 4 (FALL 2006), pp. 28-51
Published by: Penn State University Press
Stable URL: http://www.jstor.org/stable/20713653
Accessed: 20-10-2015 16:53 UTC
REFERENCES
Linked references are available on JSTOR for this article:
http://www.jstor.org/stable/20713653?seq=1&cid=pdf-reference#references_tab_contents
You may need to log in to JSTOR to access the linked references.
Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at http://www.jstor.org/page/
info/about/policies/terms.jsp
JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide range of content
in a trusted digital archive. We use information technology and tools to increase productivity and facilitate new forms of scholarship.
For more information about JSTOR, please contact support@jstor.org.
Penn State University Press is collaborating with JSTOR to digitize, preserve and extend access to Transportation Journal.
http://www.jstor.org
This content downloaded from 103.27.8.45 on Tue, 20 Oct 2015 16:53:20 UTC
All use subject to JSTOR Terms and Conditions
RAVI SARATHY
Security
and
the Global
Supply
Chain
Abstract
This article examines implications for global supply chains posed by security threats in the
U.S. and elsewhere, and identifies actions for addressing those threats. The principal goal is to
design security into the supply chain rather than seek tomitigate consequences after thefact.
Redesigning supply chains to make them robust and resilient can help avoid and mitigate the
impact of disruptions, whether from security breaches or other causes. Such efforts require
collaborations with partners across the supply chains and with governments. The short-term
costs of such security measures can be balanced against the long-term gains from improved
supply chain performance and improved customer relations.
is a central fact of the global

Globalization
economy, involving increasing amounts of
overseas components sourcing, overseas pro
duction, global factory networks, and lengthy
geographically dispersed supply chains servic
ing international markets across the world.
However, the physical infrastructureunderpin
ning globalization is under threat (National De
fense University 2002), possibly compromis
ing nations' abilities to trade goods and
services internationally, in turn affecting eco
nomic growth, employment, and overall pros
perity. Overseas
shipping now accounts for
over 90 percent of worldwide trade, with the
preponderance of non-bulk cargo shipped via
containers. If ports are closed, trading partners
are no longer trusted, and container movement
Mr.
Sarathy is professor of strategy and international

business, Northeastern University, Boston,
Massachusetts
02115, and visiting professor, Australian
Graduate School ofManagement,
AGSM,
Sydney; e
mail
r.sarathy@neu.edu.
This article originated as a paper presented at a
Trade and Logistics,
conference on "International
Corporate Strategies and the Global Economy,"
University of Le Havre, September 2005. The paper was
further developed while the author was on sabbatical as
a visiting professor at the Australian Graduate School
AGSM, Sydney, Australia. Final
ofManagement,
herein benefited from
refinement for publication
constructive criticism by three anonymous reviewers.
is interrupted along with world trade, reducing

supplies of goods and in-process inventories,
shutting down factories, and causing layoffs
around theworld. Consumer choice is reduced,
with fewer goods and possibly higher prices.
Smooth operation of the international trade and
transportation infrastructure is essential to
global well-being.
When supply chain executives were asked
about their perception of supply chain chal
lenges, they ranked "assuring container secu
rity" as the most important challenge, over
managerial considerations such as reducing in
ventory, reducing lead time variance, and re
ducing stock-outs (A. T. Kearney 2004, Fig.l).
In the same survey, one executive noted that
his company was willing to do "whatever it
takes to guarantee container security" (ibid.,
4). Companies with strong brands are likely
to be even more concerned about the overall
impact of a security breakdown on theirbrand
value and corporate reputation. Security is now
an essential and central part of the supply chain
and all supply chain participants must develop
strategies and skills to cope with these new
security demands (Banomyong 2005). Russell
and Saldanha (2003) estimated that security
related supply chain modifications could cost
around $65 billion and suggested that firms
ANDGLOBALSUPPLYCHAIN 29
2006 SECURITY
would have to develop close partnerships with

both government and supply chain members
in order to tackle the security issues effectively.
This article begins by setting out a general
ized model of the supply chain and outlining
an approach tomanaging supply chain disrup
tion. In the second section, we highlight and
discuss the various points of security vulnera
bility across the supply chain. We also discuss
the role of government in responding to secu
rity threats and governments' interaction with
firms.We review how technology develop
ments can help in combating security threats.
We thendiscuss firm-level strategies fordevel
oping secure supply chains. We conclude with
suggestions for action for firms seeking to en
hance supply chain security.
of the Supply
Chain
and
Handfield
Monczka, Trent,
(2005) see
the supply chain as having three inter-related
segments: supplier relationship management,
internal supply chain management, and cus
tomer relationship management. Rice and Can
iato (2003) subdivide the supply chain in terms
of physical, information, and freight dimen
sions. They also point to additional distinct
aspects of the supply chain including the trans
portation modes used, transportation facilities,
A Generalized
Model
systems, people
manufacturing
employed
across the supply chain, and information tech
nology.
task is to design the overall
Management's
supply chain across the three subsystems, to be
consistent with its overall strategic objectives,
and then to configure how various tasks, pro
cesses, physical facilities and infrastructure,
means of transportation, human resources, and
product and information flow will be aligned
across the supply chain, while complying with
government regulations. This approach is dem
onstrated in Table 1. This generalized model
has several implications for coping with disrup
tions, including security-related disruptions:
For smooth functioning of the supply
chain,management would have to ensure
that all components of the supply
chain?tasks,
physical
goods flow,
transportation, informationflow, people,
etc.?are
deployed effectively and as
planned. Disruptions, whether security
related or otherwise, could occur at any
levelalongthesupplychain,at thefacili
ties level, at information flow or trans

portation of goods, or elsewhere. Ensur
ing smooth supply chain functioning
requires guarding against disruptions at
all levels of the supply chain.
Table 1 also clarifies the fact that only
one of the three subsystems, internal sup
ply chain management, is under full con
trol of management. The other two sub
shared
systems are governed
by
responsibility. Guarding against disrup

tions, including that from security
threats,would require collaboration with
suppliers and with customers.
Table 1 also highlights the importance
of strategy in the supply chain, with the
implication that supply chain disruptions
can prejudice achieving strategic objec
tives as much as affecting the delivery
of goods. Any changes to the supply
chain, to avoid or reduce disruptions,
should be consistent with overall strate
gic objectives.
as
Moreover,
supply chains become

globally dispersed and scattered across
many nations and cultures and encom
passing greater distances, there is a
greater possibility that disruptions can
occur at distant locations, making pre
vention and mitigating response more
(2002) em
complex. Trent andMonczka
phasize that global sourcing requires in
tegration across global locations and
functional groups. This means
that
to
and
dis
guarding against
responding
ruptionswill require collaboration across
nation states and cultures, with both do
mestic and foreign supply chain partners
and
customers.
and Supply Chain

Risk Management
Disruption
Risk management focuses on identifying the
sources and nature of risk, assessing the conse
to
quences, and then developing measures
avoid or mitigate risk (Kleindorfer and Saad
2005; Chopra and Sodhi 2004). These three
distinct phases of riskmanagement?namely,
risk specification, risk assessment, and risk
be used to analyze the supply
mitigation?can
chain as set out in Table 1.
30
1. A Generalized
Table
TRANSPORTATION
Model
.
,
Supply Chain -> Dispersion:
Supply chain I elements:
Strategicobjectives
Tasks
JOURNAL
of the Supply
Chain_
, Supplier Customer
Relationship
Management
Fall
InternalSupply Relationship
Chain Management
Management
Processes
Manufacturing facilities
Transportation
facilities
Freight (physical flow of goods)
modes
Transportation
flow
Information
resources
Human
Government
regulation/relations
Greater complexityas supply chain is integratedacross globally

scattered
Sources of Risk. Terrorism and security

threats are not the only cause of supply chain
disruptions. Threats to the supply chain can be
due to natural risks (hurricanes, floods, and
earthquakes), operational or routine risks (plant
breakdowns, material shortages) and random
but purposeful events such as terrorist-related
risk. Disruptions also can occur due to epidem
ics such as SARS, environmental accidents,
and from political instability.Mitroff and Al
paslan (2003) consider security- and terrorism
related risk along with disruptions caused by
normal accidents and natural events, distin
guishing terrorism-related risk by highlighting
the fact that acts of purposeful agents are at the
heart of such risk. This suggests thatprotecting
against security threats and terrorism-related
risks to the supply chain can be studied in the
context of responding to general disruptions to
the supply chain.
Risk Assessment. The risk assessment phase
focuses on the consequence or impact of spe
cific risks. In the case of a global supply chain,
risk assessment is concerned with understand
ing supply chain vulnerabilities along their en
tiregeographically dispersed length, as well as
among their various elements, from goods, to
information, transportationmodes, and people.
Sheffi and Rice (2005) adopt such a view in
developing a vulnerability map for a company,
categorizing both the likelihood and conse
quences of various threats, and highlighting
those threats that have a high likelihood of
occurrence
and
can
cause
severe
consequences.
locations
and functional
groups
Supply chain characteristics can themselves

contribute to vulnerability. Hendricks and Sin
ghal (2005b) suggest that an overemphasis on
by single sourcing,
efficiency?characterized
low inventories and buffer stock, and limited
create greater vulnerability to dis
slack?can
ruption. Similarly, supply chains that involve
greater geographic distance, extend to many
countries, and involve many distinct cultures
aremore vulnerable to disruption, as are supply
chains that place greater reliance on outsourc
ing and have numerous supply chain partners.
Security-related risks are magnified in supply
chains that are already vulnerable along the
lines outlined above.
Beyond the supply chain itself,how the sup
ply chain is linked to overall strategy can affect
vulnerability. For example, supply chains seek
to deliver a designed product. The product de
sign dictates how it is articulated into the sup
ply chain and how various elements of the
complete product are assigned to internal and
external sources. As noted above, a greater
dependence on outsourcing increases supply
chain vulnerability. The length of the product
life cycle also matters, with shorter product
cycles more affected by sudden supply chain
disruptions.
Lee and Whang
(2005) point to some of
the consequences of supply chain disruptions
(whether caused by security-related causes or
other reasons), including increased cost; deliv
ery disruption; interruptions in the smooth flow
of product and service; time delays; uncertainty
2006
SECURITY AND GLOBAL SUPPLY CHAIN 31
as to quantity, quality, and timely arrival; traf

fic and port congestion; and longer cycle times.
can include
Further, indirect consequences
lower service levels, which could affect long
term customer relations, and higher insurance
premiums due to security and other risks of
supply chain disruption. Hendricks and Singhal
(2005a) found that supply chain disruptions,
such as manufacturing delays, supplier failure,
quality problems, and internal errors, led to
firmunder-performance in the stockmarket as
well as in operational performance. They cite
reductions in operating income, returnon sales,
return on assets, and sales growth as conse
quences of supply chain disruptions, while also
noting increased costs and inventories. Such
performance shortfalls were observed to last
as long as two years after the initial disruption.
These consequences point to the real cost of
disruptions, including those caused by security
related causes, and suggest that the costs of
safeguarding against security problems should
be balanced against the gains from avoiding
disruptions, the gains from improved customer
relations and lower insurance premiums, and
the gains from avoiding outcomes such as dete
riorating supply chain performance.
Risk Mitigation After specifying and as
sessing risk, firms can respond by attempting
tomitigate risk. Mitigation can consist of at
tempting to reduce the damage caused by sup
ply chain disruptions, or taking actions to pre
vent or reduce the chance of supply chain
disruptions. Given the sources of vulnerabili
ties, an early warning system can focus on
these sources and help trigger timely awareness
of potential and actual disruptions, allowing
for earlier mitigation and reduction of losses.
Mitigation systems can also assign responsibil
ity,detailing who should focus on which areas
of security threats.
Mitigation can range from designing and
maintaining back-up systems in reserve and
developing response plans forworst-case sce
narios, to rethinking product design, rede
signing supply chains, and focusing on loss
avoidance rather thanmitigating losses.
The latterapproach, of proactive prevention,
is similar in spirit to the underlying philosophy
behind TQM
(total quality management),
which focuses on process control rather than
output control, using analysis tofind the causes
of out-of-control procedures, and then aims

to remedy these root causes. Lee and Whang
(2005) stress the importance of drawing on
lessons fromTQM in supply chain riskmitiga
tion, particularly in attempting to avoid secu
rity-related risk rather than responding after
the fact to events caused by security breaches.
In the next section, we draw on the above
ideas to analyze security and the supply chain
in greater detail.
Security and the Supply Chain
Security-based disruptions can occur at vari
ous points along the supply chain. Containers
are one of themajor sources of security con
cerns. Containers have been used to smuggle
illegal immigrants, weapons, and drugs. In It
aly, a suspected terroristwas found in a con
tainerwith a false aviation mechanic's certifi
cate, maps of airports, and security passes (he
later escaped while on bail) (The Economist
2002). The consequences of the use of aWMD
(weapon of mass destruction) or discovery of
such a device in a container can be serious;
estimates suggest that aWMD
explosion and
the resulting port closure could cost $1 trillion,
while a twelve-day closure following discovery
of an undetonated WMD could cost $58 billion
(O'Hanlon 2002, Gerencser et al. 2002).
Large containerships with cargo capacity ex
ceeding 4,000 ton-equivalent units (TEUs)
each will account for the bulk of container
traffic in the future. For example, in 2005,
the China Overseas Shipping Com
COSCO,
pany, launched the Cosco Long Beach, an
8,000-TEU containership, at theHyundai ship
yards. This transition to larger containerships
increases the need for governments, port au
thorities, and international traders to oversee
their security, as well as the security of increas
ingly larger volumes of containers. From the
perspective of U.S. firms and theU.S. govern
ment, securitymeasures are equally necessary
at the ports of departure of goods, as they are
at theirpoints of entry into theU.S. Of the top
ten U.S. container trade partners, seven are
from Asia, the other three from Europe (UN
CTAD 2003). China and Hong Kong together
account for about one third of total container
trade with theU.S., while the top ten foreign
ports together account for about half of U.S.
bound containers.
32
TRANSPORTATION
Of course, containers are only one part of the

overall security issue. Containership operators,
and operators of other vessel types such as dry
bulk ships, tankers, and LNG carriers, also need
to be secure, as do motor and rail carriers. In
theU.S. alone, more than eleven million trucks
and more than two million railroad cars cross
its borders (GAO 2004). Ships can themselves
become targets, as in the example of USS Cole,
when a small boat attempted to blow it up in
the Persian Gulf. People are also a security
those individuals con
issue, encompassing
nected with the manufacture, transportation,
handling, and loading of internationally traded
goods. This means evaluating supply chain
partners, suppliers, and service providers.
Thus, firms,along with their supply chain part
ners and governments, have to collaboratively
monitor and safeguard security at all points of
entry of their goods, whether itbe by ship, air,
rail, or road (GAO 2003). They need to be
concerned with cargo security, vessel security,
port facilities security, and personnel security
(Koch 2005).
Figure 1 summarizes these various points

of vulnerability in the supply chain. Security
related sources of risk can occur at various
points along the supply chain, including the
following:
Goods shipped as cargo, whose procure
ment and transportation is the principal
objective of the supply chain;
Factories, both captive plants and those
belonging to outsourcing partners,where
goods and components aremanufactured
and assembled, for eventual shipment to
foreign markets, including theU.S.;
Supply chain providers and partners such
as freight consolidators, and their em
ployees at each of these points along the
supply chain;
Supply chain facilities such as ware
houses, where goods to be exported or
for distribution to markets are stored
while
in transit; and the terminals
throughwhich the goods and containers
pass, and where containers are loaded
and unloaded;
Freight carriers, whether by truck, air,
rail, or ship;
People who have access to the goods,
containers, and supply chain facilities;
JOURNAL
Fall
that is, employees at themanufacturer,

the exporter, the freight forwarder, the
shipper, and other intermediaries;
Information, particularly about cargo
manifests, confidential supply chain in
formation, direct to customer delivery
information, and data intended for inte
gration with broader corporate data
bases.
Layered
Security: An Approach
Mitigating SecurityRisk
to
The wide range of vulnerability across the

entire supply chain summarized in Figure 1
underlines the difficulty of securing the supply
chain. Compromised security at any link along
the supply chain can prejudice the entire chain.
Hence, attempts to secure the supply chain have
relied on the concept of layered security. Such
an approach builds redundancy into the system,
so that security breaches at one level can be
guarded against at a subsequent level. Since
insecure supply chains affect both individual
companies and the entire economy, the U.S.
and other governments and multilateral agen
cies have been active in promoting regulations
and measures to develop secure supply chains.
Drawing on Figure 1, we can link security
related disruption possibilities to the points of
vulnerability across the supply chain. Figure 2
summarizes such an approach to layered secu
rity. The left side of Figure 2 lists these security
vulnerabilities, while the right details various
governmental and private firmmeasures topro
tect against or mitigate such risks.
The securitymeasures and regulations out
lined in Figure 2 are discussed in greater detail
below. At many points, government regula
tions set the scope of the security measures
thatwill be implemented by the supply chain
members. At other points, security measures
are left to the discretion of the individual firms
and supply chain intermediaries. For example,
the Advance Manifest Rule is a requirement
that foreign shippers and foreign ports partici
pating in theContainer Security Initiativemust
comply with. Foreign ports have a choice in
complying with the Container Security Initia
tive, which imposes specific security proce
dures on them. However,
the International
Maritime Organization's
International Ship
ping and Port Security Code is a set of stan
dards, with compliance left to the individual
2006
SECURITY AND GLOBAL SUPPLY CHAIN
33
Figure 1. Points ofVulnerabilityin theSupplyChain

Factories
-captive
-subcontractors
Supply chain
facilities:
Supply chain providers

and intermediaries
Warehouses
Transportation carriers: containerships, air, rail, trucks as well as barges

Port of loading
Goods; and
container loading
<-.i
Ports, airports,rail-yards,and ports

and
stations
en route
?
3
Onward transit in
Borders and destination ports
entities. In other areas, such as establishing

trusted relationships with overseas manufactur
ing subcontractors, individual firms develop
and follow their own guidelines, though it is
likely that over time industry best practices
will develop and firms will coalesce around
such best practices. Another related issue is
that there may be overlapping requirements
among regulations established by different
governments, such as those underlying theU.S.
C-TPAT program, and theEU's AEO program.
Again, it is likely that such regulatory standards
will converge over time, reducing the compli
ance burden on firms.
Manufacturing Locations. Security issues at
manufacturing sites can take inproduct tamper
ing and product substitution,which may render
them dangerous to users and the community,
and cause harmful consequences, as well as
affecting the firm's reputation and holding it
liable for damages and losses. Such events can
also hurt customer satisfaction and repeat busi
ness, delaying or impeding product rollout and
availability. Such problems may be less severe
at captive manufacturing facilities where the
firm can exercise a greater degree of control
importingcountry,
to customers
over hiring, access, and processes such as re

ceiving components and intermediate goods.
With regard to outsourcing partners such as
manufacturing subcontractors, steps such as es
tablishing trustedpartners as well as collaborat
ing in initiating careful screening at hiring,
establishing controlled access to facilities, and
examining factory processes to ensure that se
curity breaches are obviated can help mitigate
security-related disruptions.
Goods. Once manufacturing sources are se
cured, focus moves to the containers thathold
and transport goods. Major security concerns
include monitoring the loading of goods into
containers; securing container integrity,that is,
sealing the container after loading; monitoring
attempts to tamperwith the contents of contain
ers while in transit; and verifying the integrity
of the container on arrival. Newer technology
measures such as container seals and sensors
embedded in containers can deter tampering
while in transit.
Supply Chain Partners and Intermediaries.
Firms such as trucking companies and interna
tional freight forwarders are key elements and
partners in the supply chain. Firms, as well as
34
TRANSPORTATION
Figure
2. Layered
sources:
Captive and outsourced factories
Goods:
Stuffing the container
Security Measures:
Supply chain providers and

intermediaries
nodes
and
Governmental & Private
Trusted partners; audit securitymeasures; employee

screening at hiring; controlled access; secure processes
AMR: Advance Manifest Rule; "smart boxes":
container
Transportation
carriers
Fall
Security
Supply Chain Stages
Manufacturing
JOURNAL
security
devices,
sensors
CSI: Container Security Initiative, collaboration

with foreign ports
Smart
Portals
at ports
for screening
containers;
IMO: ISPS Code; secure facilities and access.
Monitoring people
(With access to goods, containers,
carriers,ports)
Establishing trust
Information flow
C-TPAT:
Customs Trade Partnership Against
Terrorism:
European Union: AEO, Authorized Economic

Operator. FAST Program (US-NAFTA)
RFID tags; Encryption, Secure Networks
Automated Targeting System; Standards setting
their customers, need to insist on and motivate

the use of secure practices. Programs such as
theU.S. government's C-TPAT program help
in this regard by setting security standards,
checking compliance, and offering incentives
for adopting secure practices, such as speedier
processing on arrival.
Transportation Nodes and Carriers. Cargo
security is sought through container screening
by using sensors, x-rays, gamma rays (to see
through clothing and detect concealed weap
ons), radiation monitoring, magnetic-field
based intrusion detection, and other forms of
container imaging at loading (as at Hong
Kong's port) and on arrival. This is supple
mented with a policy of selective physical in
spection of containers deemed
suspicious,
along with controlled access to the facilities
themselves. Container screening aims to use
non-intrusive techniques to inspect for danger
ous cargo such as nuclear materials and chemi

cal weapons. Port security is attempted through
controlled access, coupled with surveillance,
based on intelligent vision, consisting of fixed
and deployable cameras that not only see, but
also collect and analyze, images and detect
threats, if present.
People. Since people are involved at every
stage of the supply chain, security measures
need to ensure that all such individuals can be
trusted.Measures include pre-shipment review
of shippers and associates at the point of load
ing and departure, and monitoring people who
have had access to the container. The central
issue is, Can the manufacturer, the shipper,
the exporter, the freight forwarder, and other
intermediaries be trusted? Identification and
analysis tools that can be used consist of smart
IDs, biometrics, fingerprints,DNA, face prints,
and retina recognition, all allied with databases
2006
to determine individuals' antecedents. How

ever, political considerations and individual
privacy do enter the equation, and the use of
suchmeasures may be constrained by the vary
ing privacy laws thatmay be inplace in various
countries (Sarathy and Robertson 2003).
Information. Supply chain reliability and
performance depends heavily on the capture
and processing of accurate supply chain infor
mation. Hence, data security best practices
such as virus and data access protection are
widely deployed. The goal is to prevent unau
thorized access to data and thus prevent alter
ation of data thatmight falsify cargo manifests,
and render ineffective the use of theAdvance
Manifest Rule. Such safeguards also help pro
tect the confidentiality of supply chain infor
mation; similar concerns surround themanipu
lation of personnel data, which could affect the
validity of trustplaced in supply chain workers.
An emerging concern is guarding against at
tempts at hacking RFID tags and deleting or
changing the information stored on them (Juels
ofRFID tags
2005,Weis 2003). If theintegrity
is breached, the data stored on such tags can

no longer be relied on, and securitymeasures
thatrely on such RFID tags become ineffective.
Government and Multilateral

Agencies'
Attempts at Safeguarding Supply Chain
Security
Figure 2 summarizes safety regulations and
measures
that are pertinent to protecting
the
various
against
supply chain vulnerabilities.
measures
of
these
reflect U.S. govern
Many
ment actions, with parallel measures instituted
by theEuropean Union, theUN's International
Maritime Organization, and others. We sum
marize these measures and their intended ef
fects, beginning with the U.S. Customs and
Border Protection (CBP) agency's steps to
monitor inbound cargo, safeguard ports, and
identify trusted partners, incorporating a lay
ered security approach. The CBP process in
cludes the following:
- The Advance Manifest
Rule, requiring
submission of electronic cargo manifests
for all shipments at least twenty-fourhours
prior to being loaded on U.S.-bound ships
in the foreign ports. Because foreign ports
sometimes did not provide timely informa
tion to allow screening of containers with
theAutomated Target System (ATS) soft

ware, Customs initiated the twenty-four
hour manifest rule as a way of ensuring
that critical informationwas available suf
ficiently in advance of the containers being
loaded on toU.S.-bound
ships. This was
mandated through theTrade Act of 2002.
- Use of the Automated
Target System
(ATS) to evaluate such cargo manifests,
evaluate high-risk vs. low-risk containers,
and pick shipments for further exami
nation.
- The Container
Security Initiative (CSI),
which, with the cooperation of over forty
of theworld's largest ports, helps identify
dangerous containers before they leave the
ports for theU.S. and elsewhere. CSI can
reduce overall delays, as container screen
ing can occur at the overseas ports, while
awaiting loading, during down time.CSFs
intent is to cooperate with local port offi
cials to establish trustedcategories of ship
pers and theirnetworks (importer, shipper,
freight forwarder, land transportation,
dock workers, exporter, manufacturer,
etc.). Further, local officials can help iden
tifywhich of the shippers unfamiliar to
CBP are low-risk operators, helping make
the system efficient. The challenge is to
help supply chain partners?shippers,
freight forwarders, and third-party (3PL)
security param
logistics providers?meet
eters, with levels of knowledge and com
mitment equivalent to the shipper. CSI re
quires thatCBP personnel be stationed at
the various foreign ports that are part of
the CSI. These U.S. staffmembers have
to communicate with and cooperate with
local port officials and with local govern
ment regulations in order to be effective.
- Customs Trade
Partnership against Terror
ism, C-TPAT, is a public-private partner
ship, which gives participants expedited
cargo processing in exchange for tightened
security and cargo tracking at points along
the cargo transitand supply chain. Partici
pant firms receive security recommenda
tions from CBP (CBP 2005) and are re
quired to work with their supply chain
partners to implement these security best
practices. CBP officials review their secu
rity procedures, make recommendations
36
TRANSPORTATION
for improvement, and typically follow up

with an audit as well as an annual assess
ment. Based on these reviews, companies
are assigned scores which, if favorable,
give them expedited processing through
U.S. ports, and a reduced likelihood of
physical inspection. Newly created supply
chain specialists within theCBP organiza
tion help recruit new companies into the
C-TPAT
program and assist them with
their security programs and in establishing
teams are
their security profiles. C-TPAT
typically composed of CBP specialists, in
telligence officials, and Department of
Homeland
representa
Security (DHS)
tives, thus giving equal weight to trade
and security issues.
Physical Inspection of suspicious contain
ers at ports with non-intrusive inspection
and radiation detectors.
- Free and Secure Trade
(FAST) is a volun
aimed
tary program
specifically at effi
cient screening and clearance of commer
trade among the
cial traffic in NAFTA
U.S., Canada, andMexico. The FAST pro
gram requires carriers, drivers, importers,
and southern border manufacturers to pro
vide information for a security profile,
with known low-risk participants receiv
ing expedited border processing. FAST
works in conjunction with the C-TPAT
and PIP programs.
to
Approaches
Chain
Security
Monitoring
Supply
Other trading nations have similarly at
tempted to regulate supply chain security.Can
ada, for example, has its PIP (Partners in Pro
tection) program, similar to theU.S. C-TPAT,
and its version of theAdvance Manifest Rule,
requiring detailed information on shipments
being shipped into Canada to be filed within
twenty-four hours of sailing from the port of
loading. The European Union has legislated
procedures to qualify European shippers as Au
thorized Economic Operators (AEO), granting
them customs simplification and security facil
itation, depending on the level of certification
achieved. They plan to work with the U.S.
government to obtain reciprocal recognition of
the C-TPAT and AEO certifications.
The UN's InternationalMaritime Organiza
tion (IMO) has adopted the International Ship
Other Governments'
JOURNAL
Fall
and Port Facility Security Code (ISPS) as of

July 2004, though these represent guidelines
rather than specific regulations, with compli
ance left to individual ports and ship owners.
The World Customs Organization has devel
of
oped the SAFE Framework?Framework
Standards to Secure and Facilitate Global
use by itsmember countries. The
Trade?for
International Standards Organization
pub
lished its ISO/PAS 28000 standard, "Specifi
cation for Security Management
Systems for
the Supply Chain,"
in 2005. Fratianni and
Kang (2004) note that suchmultilateral cooper
ative approaches tomanaging security issues
in response to terrorism are likely to increase.
Private firmsmust comply with these regula
tions, where necessary, and adopt the recom
mendations as appropriate. They have todecide
furtherwhether additional internal measures
are necessary to complement these governmen
tal and quasi-governmental
regulations and
measures. In many cases, implementation has
tobe worked out by industryand cross-industry
consortia, and a key element is the cost of
compliance compared to the benefits of adher
ing to these regulations and recommendations.
In the case of regulations that are recent and
still evolving, private firms must decide
whether towork in concert with their competi
tors and supply chain partners to help shape
industry security standards before such stan
dards are determined by government agencies
and imposed on them.Firms active in the indus
tryhave a better understanding of industrypro
cesses and may be better able to judge how
a standard can be shaped to achieve greater
security while lowering costs of compliance
with the standards.
Technology and Supply Chain Security
New technologies offer interesting capabili
ties to help firms secure their supply chain.
Technology developments can facilitate secu
rity at several facets of the supply chain, both
"inside and outside the box," including the
following:
Supply chain personnel identification and
controlled access to supply chain nodes;
- Secure
loading of containers and verifica
tion with electronic manifests;
- Seals for
containers;
- Software for automated
targeting of sus
pect containers;
2006
- Use
of RFID
tags for monitoring what
is loaded onto the containers as well as
monitoring containers and their contents
during transit; leading to "smart boxes,"
containers equipped with RFID and com
plementary advanced container security
devices that can provide greater in-transit
security of containers;
Non-intrusive inspection of suspect con
tainers, at departure and at arrival;
"Supply chain intelligence"
keeping a
record of who has had access to the con
tainer at warehouses, at the dock, at load
ing and unloading, and in transit; as well
as continuously recording the physical lo
cations of containers and individual items;
- Communication
among
transportation
modes, containers, and supply chain net
works, linked to supply chain database
management, with use of encryption and
data security.
Three aspects of technology aids to security,
namely, theuse of RFID tags, smart containers,
and container screening and inspection, are dis
cussed in greater detail (David 2005; Tirsch
well 2005a; Tirschwell 2005b; McHale
2005;
Eisenberg
2005).
RFID Tags
Pfizerhas used RFID to fightcounterfeiting
of drugs such as Viagra, while San Francisco

Airport has used RFID to track baggage during
handling.
The RFID tag stores data, and when attached
to a sealed container and activated, wirelessly
communicates on a given radio frequency with
the logistics network. Active tags allow con
stant updating of information, such as where
the container stopped, who had access to it,
and whether contents had changed. Active tags
can process information relayed by sensors that
detect changes in pressure, radiation, chemical
signatures, etc. This continuously updated in
formation can be constantly communicated en
route. At the container's final destination, the
tag can be completely read, the data analyzed
and archived, and the tag deactivated and ready
for re-use if possible (A T Kearney 2004, 7).
The RFID tag data provide an audit trail of the
container's journey, and help keep track of its
location and contents, meeting the needs of
supply chain efficiency and security (Tirsch
well 2005c; Wall Street Journal 2005a; Ed
monson 2004). Since active RFID tags can be
reused and rewritten, they have to be protected
against unauthorized intrusion and hacking
(Weis 2003; Juels2005).
The U.S. Army has been a major proponent

of using RFID
tags to "provide a common,
integrated structure for logistics identification
smart containers, and tracking, locating, and
monitoring of commodities and assets through
out the Defense Department." The Defense
Department issued a Defense Federal Acquisi
tion Regulation Supplement (DFARS), which
mandated the use of passive RFID
tags on
certain classes of defense procurement such as
operational rations, clothing, individual equip
ment, tools, and weapon system repair parts
(GCN 2005). In the private sector,Wal-Mart
has been an earlymover in requiring a growing
number of its suppliers to equip their product
shipments toWal-Mart with RFID tags. Acer
uses RFID tomonitor and efficiently operate
both incoming supplies intoTaiwan and China
and then the reverse flow of final products to
international markets. Levi Strauss has used
RFID in item-level tagging, giving themmore
precise information about on-shelf availability
of their vast assortment of clothing and acces
sories, by details such as size, style, and color.
Reusable active tags cost more than passive

tags.An active tag systemwould require larger
investments to support repeated use over the
multi-year container life (Molar 2004). A De
fense Department study derived an estimate of
$70 to $100 per reusable tag (Department of
Defense 2005, 18), though, as early adopters,
theypaid premium prices. The costs of reusable
tags are likely to come down with growing
volumes of use. Nonetheless, equipping all of
a shipping company's containers with active
tags and related communication infrastructure
could be an expensive investment. The relevant
cost is the total system cost of antennas, read
ers, tags, software, installation, service, and
maintenance.
RFID usage and efficiency is affected by a

number of factors: cost and read reliability of
the tags, the range fromwhich tags can be read,
the speed with which tags can be read, tag
durability, the ability of tags to store and pro
vide rich information, and the extent towhich
tag usage can be relatively free of the need for
human intervention. RFID
tags can vary in
38
TRANSPORTATION
their performance dimensions, as not all users

have the same need for rich data, longer range,
and higher-speed communication. RFID read
ers also vary in their capabilities, with some
readers better able to perform in high noise
situations, with greater range, better security
features, and lower error rates. RFID solutions
also vary in theirability to interfacewith enter
prise databases and software. RFID has several
advantages over barcodes: no line of sight is
required as in reading barcodes, the tags can
withstand harsh conditions, as in ocean travel,
and multiple products can be scanned at once.
RFID Standards Development. The develop
ment of RFID standards provides insight into
the role that industry efforts can play in devel
oping standards that can help supply chain se
curity, as opposed to accepting government
derived and -mandated standards. The current
second generation standard, EPC Gen 2 Elec
tronicProduct Code, was originally developed
by the Auto-ID Center to complement bar
codes, and provide information to help identify
manufacturer, product category, and the indi
vidual item. Auto-ID Center is a non-profit
collaboration between private companies and
academia thatpioneered thedevelopment of an
Internet-like infrastructure for tracking goods
globally through the use of RFID tags carrying
Electronic Product Codes. The Gen 2 standard
uses a single UHF specification, allows differ
ent communication speeds depending on back
ground noise, is better at reading distant tags
at the edge of the reader's range, improves the
operations ofmultiple readers in close proxim
ity,and allows tags to communicate with multi
ple readers in parallel sessions.
In September 2003, the Auto-ID Center
passed on its work to university-based Auto
ID Labs, located principally atMIT. Another
organization, EPCglobal, was created to dif
fuse and expand the standards being developed.
is a non-profit organization jointly
EPCglobal
set up by theUniform Code Council (the orga
nization that oversees theUPC barcode stan
dard) and EAN International (the barcode stan
to develop global
dards body in Europe)
standards forRFID use, to promote EPC tech
nology, and to stimulate global adoption of
the EPCglobal Network, which facilitates the
seamless use of EPC and RFID across global
supply chains.
JOURNAL
Fall
RFID tagfraud. The expanding use of RFID

and its growing role in safeguarding supply
chain securitymeans that the system must be
able to guard against RFID tag fraud. For exam
ple, the Exxon SpeedPass has an embedded
an RFID
tag with user information so that a
motorist can wave a SpeedPass at the gas pump
and have payment charged to the account of
the person whose information is stored on the
SpeedPass. If this information could be altered
or copied, billing errors could occur and the
wrong account could be charged. Juels (2005)
has shown how an encryption code inExxon's
SpeedPass could be uncovered, allowing fraud
ulent alteration. This problem ismore signifi
cant in reusable and read-write tags. EPC Gen
2 standards have attempted to prevent such
fraudulent alteration by embedding lock codes;
if theRFID reader tries to keep feeding differ
ent lock codes, in order to enable the rewrite
capability, the tags could be deactivated for a
certain period. Weis
(2003) outlines several
security proposals to combat such security
such as limiting access to RFID
weaknesses,
tags through hash locks (a hash being a value
computed from a randomly selected crypto
graphic key), and the use of low-cost hash
functions such as cellular automata-based
hashes. Weis also outlines proposals to prevent
eavesdropping
on
tag's
content
when
broad
cast to the reader. Longer lock codes and en

cryption can help guard against such "hacks."
If attempts are made to change the product
identification, that is, itsEPC, software could
check to see ifa duplicate EPC exists anywhere
in the world (though this assumes real-time
access to a global EPC database and complete
interoperability).
Beyond security applications, RFID has im
mense value for supply chain management in
tracking quantities and themovement of goods
across geographically distant points in the sup
ply chain network. "RFID provides incredible
transparency and clarity in the supply chain,"
noted Robert Turk, who serves as national di
rector for supply chain at Siemens and played
a central role in Siemens' RFID efforts. Thus,
the costs of an RFID
system installation can
be balanced against the benefits from greater
supply chain efficiency and effectiveness, as
well as impacts such as lower pipeline and
buffer stock inventories and greater customer
2006
satisfaction from receiving accurate shipment

information and on-time delivery of orders.
Container Security and "Smart Boxes"
The term "smart boxes'' refers to containers
equipped with tamper-proof seals, sensors to
gather in-transit information, and reusable ac
tive RFID
tags that store and communicate
real-time information about the container's sta
tus throughout its transit. Information relayed
from theRFID system can be used to compare
the electronic manifest to physical goods in
the container, sounding an alarm if there is a
discrepancy. The tags could pinpoint the geo
graphic source of intrusion.However, sensors
attached to container doors may be unable to
detect intrusions into containers from the sides.
The tags collectively could gather vast amounts
of shipment information, communicating with
communication hubs, which use specialized
software to collect, organize, and analyze data
frommultiple tags and sensors, consolidate in
databases, and store for future retrieval. Soft
ware would be used to incorporate risk factors
to analyze data, and judge threats, suggesting
preemptive responses. The quantity of data
gathered inevitably raises issues of data secu
rityand confidentiality. Firms using smart con
tainers have to ensure that container shipment
data are kept confidential and not available to
others in the industry.
Container security devices (CSDs) may also
be prone to false alarms. The containers are
subject toharsh environmental conditions, high
seas, forty-foot swells, and enormous changes
in pressure (eight containers stacked on top of
each other), all of which can cause a sensor to
issue false readings. Too many false alarms
would make the system costly touse, and cause
information from alarms to be ignored in the
U.S. and at ports of departure and transit.Mas
sey (2005) suggests that a superior alternative
would be the external screening of containers
using gamma and x-ray scanners. Another
problem is tag switching, where tags can be
moved from one location (container) to another
without loss of function. One solution is to
embed the RFID antenna to the adhesive, so
thatattempts tomove the tag cause the antenna
to separate, making the tag non-functional
(Manufacturing Business Technology 2006).
The U.S. Department of Homeland Security
(DHS) has attempted to set open standards for
emerging products for container security.

Homeland Security's Advanced Research Proj
ects Agency (ARPA) has issued Broad Agency
Announcement (BAA) # 04-06, setting stan
dards for the CSD. DHS has similarly man
dated power source standards, requiring amini
mum 30,000-hour useful life.
Container
Screening and Inspection

Despite careful advance screening, therewill
be need to inspect some containers on arrival,
based on information gathered frommanifests
and during transit. This has led to the emer
gence of the "smart portals" concept, which
would involve non-intrusive inspection of con
tainers at ports and other points of loading
and unloading. It may be more economical
to inspect containers with external scanning
devices than equip each container with individ
ual security devices and selectively inspect
them. Hong Kong initiated a pilot project to
inspect all containers (Wall Street Journal
2005b). The Hong Kong scheme requires con
tainers to pass through gamma ray scanning
stations,which would show images of the con
tainer contents similar to an x-ray and probe
suspiciously dense objects thatmay have been
shielded and hence not detectable with x-rays
(Flynn 2006). Technicians would analyze these
scans and pick containers for further inspection
if the images raised suspicion. A second scan
would monitor for radiation from nuclear de
vices and superimpose these images over the
gamma-ray scan to detect the source of radia
tion, if any. A scan of the container ID number
would enable the linking of scan data with other
container manifest data and the geographical
origin and transitof the container, with all the
information stored and available in databases
forworldwide access.
The U.S. also uses gamma-imaging and radi
ation detectors, but relies on its software-based
Automatic Targeting System, togetherwith the
cooperation of foreign ports and shippers in its
CSI and C-TPAT programs, to identify at-risk
containers for intensive screening on arrival.
Such images are generally not stored and are
not available to other ports, and would need
to be supplemented with information from
CSDs on board containers, to gather informa
tion on the origin and route of containers, and
other related
information. Longshoremen
unions at some U.S. ports have been unwilling
40
TRANSPORTATION
to drive containers through the scanner, raising

health concerns over the safety of gamma-ray
scanners. An alternative would be to stage con
tainers in an open area and allow the scanner
to pass over them. This approach could be
hindered by space limitations at the ports and
by inclement weather. Itwould also be slower,
and could lead to a lower rate of containers
being screened. The debate over two distinct
approaches to screening containers is indica
tive of the difficulty of choosing appropriate
It points to the increased
security measures.
role that supply chain industry participants
need to play to choose approaches thatcan best
combine security needs with efficient business
operations, rather than await government-man
dated approaches and requirements.
The technologies described above are pri
marily concerned with the security of goods

and the containers they are shipped in. Other
links along the supply chain, such as factories
and ports themselves, and the people involved
along the supply chain, all need similar tech
nology-enhanced means of safeguarding secu
rity. For example, technology can be used in
controlling access to the docks and other cargo
facilities, through identification cards relying
on fingerprints and other biometric data. How
ever, since the greatest danger to containers
is when they are not moving, procedures and
technology to detect tampering are valuable.
Technology to detect the integrityof container
seals is critical to in-transit container security.
The first two aspects of risk management,
sources of risk and risk assessment, are being
addressed by U.S. government and private sec
torefforts,as discussed above and summarized
in Figures 1 and 2. Some of the securitymea
sures help reduce or avoid risk and thus also
address risk mitigation. In the next section, we
analyze firm-level efforts tomitigate risk.
Security and the
Supply Chain
Once security risks have been identified and
assessed, the next step is risk avoidance and
risk mitigation. A main objective is to design
supply chains that can withstand security at
tacks, and are secure, robust, resilient, and flex
ible. A robust supply chain is less vulnerable
to disruption. A resilient supply chain is one
thatcan bounce back quickly from a disruption.
Firm-level
Strategy:
JOURNAL
Fall
For example, a firmwith modular process and

product design can adapt to rawmaterial supply
interruptions and shortages, and develop a
speedy response to such contingencies without
seriously affecting product availability. Resil
ience also could be achieved by maintaining
spare capacity or surplus inventory. Flexible
organizations are generally resilient, and Rice
and Caniato (2003) link flexibility to the firm's
capabilities, in areas such as product design
and capacity contracting. In redesigning supply
chains to be robust, firms need to ensure that
the supply chain design is consistent with the
firm's overall strategy.
A Robust SupplyChain
Tang (2006, Table 1) defines a robust supply

chain as one that can reduce costs and improve
customer satisfaction and customer relations
under normal supply chain operations, while
sustaining supply chain operations during ma
jor disruptions. He suggests implementing ro
bust strategies, such as using multiple suppli
ers,
maintaining
strategic stocks, using
modes
of
multiple
transportation, and postpon
ing product differentiation to downstream
stages. Hendricks and Singhal (2005a, 2005b)
list additional measures
that can create ro
bustness, such as standardizing product design,
using flexible contracts, using spot markets,
and contracting for flexible capacity, with some
of this capacity set aside as reserve or reactive
capacity.
Metrics
Firms need metrics tomeasure supply chain
vulnerability and robustness (Trent and Monc
zka 2005). Measurements can help analyze the
root causes of supply chain disruptions and
suggest corrective actions thatcan improve and
control the supply chain processes. Without
soundmetrics, firms cannot assess, control, and
improve supply chain performance. Periodic
reporting and auditing of supply chain perform
ance, focusing on metrics that address security
and robustness, along with general supply
chain efficiency measures, can facilitate pre
ventive and corrective actions before serious
failure occurs. Technology can facilitate the
development of suchmeasures, such as through
the use of RFID in gathering real-time supply
chain information, or by using identification
based controlled secure entry to factories and
2006
ports.Measurements can improve supply chain

visibility, serve as lead indicators thatcan warn
of impending supply chain disruptions, and
allow for early corrective action, avoiding or
mitigating the bullwhip effect of upstream dis
ruptions. Metrics can be tailored to address
industry-specific security issues, i.e., banks
have toworry more about data security,while
manufacturing security would focus more on
physical product flow. Security-specific met
rics can help assess whether newly imple
mented security-oriented measures have been
successful in reducing security threats.
Models
Metrics can help model the relationship be
tween security-related investments and out
comes in the form of reduced or contained
disruptions. Kleindorfer and Saad (2005) and
Lee andWhang (2005) outline models to exam
ine aspects of the tradeoffbetween risk mitiga
tion and costs. Kleindorfer and Saad (2005)
focus on the tradeoff between risk mitigation
investments and the expected cost of disrup
tions, using empirical data from theU.S. chem
ical industry.Lee andWhang (2005) look at the
relationship between various securitymeasures
and cost savings, using a queuing model and
incorporating inspection and transit lead time,
and estimating safety stock levels required
based on product demand estimates and replen
ishment time. They apply themodel to data
formanufacturer shipping fromMalaysia-Sin
gapore to Seattle and show that inventory can
be reduced even with enhanced security. (They
also show, as an alternative, thatwith enhanced
security, customer service levels can be im
proved, resulting inpotential increases inprofit
without increasing inventory levels.)
Partners
Every supply chain stage can include units
and actors internal and external to the firm.
Security concerns and guarding against vulner
ability are differentwithin and across the firm's
boundaries. Security is most compromised at
theweakest link, and thus supply chain security
requires alertness and attention to security
across the entire supply chain, by the firm as
well as by its partners. Hence, the firm has to
evaluate supply chain partners from a security
perspective, and conduct both early and ongo
ing assessment of theircontinuing commitment
41
to security. Supply chain security must be of

the same standard along its entire length.Many
of theU.S. government supply chain security
efforts have pushed security operations up
stream, i.e., through theCSI, making the issue
of security at overseas supply chain partners
particularly relevant.
The number of partners in the firm's supply
chain, their size, experience, and ability all
influence supply chain security. Smaller supply
chain partners may be more vulnerable, and as
they are less diversified, theymay be less able
to withstand disruptions, and the impacts of
any disruptions might be magnified. At the
same time, their smaller size may affect their
ability to undertake large investments in secu
rity and supply chain robustness.
The firmhas to decide how much to trustand
collaborate with its partners in strengthening
security (as opposed to dealing with them at
arms' length) and also examine how tomoti
vate partners to reduce and avoid risk. When
incremental investments in security are re
quired, the firm has to structure supply chain
contracts and consider incentives tomotivate
its supply chain partners to offer equivalent
levels of security; otherwise, security can be
probed and prejudiced at theweakest link in the
supply chain. Moreover, continuous security
collaboration is necessary to prevent degrada
tion of security levels over time. Information
sharing across supply chain partners, including
transportation providers, ports, and govern
ment authorities, can be instrumental in safe
guarding security. Such information sharing
can lead to best practices sharing, and parallels
the TQM dictum that all stakeholders have to
be engaged with a total organizational focus
for successful implementation.
Security concerns and the associated incre
mental security costs could lead shippers and
theircustomers toprefer sourcing locations and
partners that are security-compliant, leading to
loss of business at ports not participating in
CSI, and for exporters and shippers from such
non-participating locations. Reducing supply
chain complexity may also bias firms to region
alize their supply chains, reducing distances
traveled within the supply network, as an ave
nue to reduce security burdens. Trust may have
an intangible value leading topreferring certain
providers over other supply chain partners and
42
TRANSPORTATION
locations despite their lower total costs. A re

cent example is the political furor over an at
tempt by Dubai Ports to gain control of several
U.S. ports thatwere for sale. Ultimately, Dubai
Ports had to divest theU.S. ports toU.S.-con
trolled entities. If similar preferences for
trusted partners continue, economic growth
will be affected, particularly the economic de
velopment of ports and emerging markets in
countries viewed as more trustworthy.
Corporate Social Responsibility
Security-based disruptions often have an im
pact on the community, and firmshave toman
age not only their own supply chain, but also
think about community health and safety, em
ployee well-being, and the impact on commu
nity relations and on the environment. The gov
ernment and thepublic are likely tohave higher
expectations of larger firmswith regard to their
efforts to enhance security. Robust supply
chains might protect the firm from security
related disturbances, but the community might
still sustain the considerable impact of these
disruptions. Hence, firms have to work with
community agencies, local governments, and
other entities tohelp avoid and plan formitigat
ing the impact of such untoward events. Be
yond societal expectations, firms also have to
comply with legal requirements for standards
of care, and act with discretion to limit their
liability in the eventuality of security-related
disruptions. Individual and data privacy issues
are also factors that govern the firm's ability
to gather and share data about individuals em
ployed along the supply chain. Finally, security
mishaps can affect thebroader image and repu
tation of the firm?another reason to exercise
the highest levels of care to prevent security
based disruptions.
Readiness
Organization
Sheffi (2001)
compartmentalizes
supply
chain security into the following distinct
stages: preparation to guard against disrup
tions; the occurrence of a disruptive event; the
immediate or first response to the disruptive
event; the initial impact of thedisruption, grad
ually escalating till the full impact is felt, over
a longer period of time; the preparations for
recovery; and final recovery to resume normal
operations. These stages suggest thatorganiza
tional structure and readiness can help reduce
JOURNAL
Fall
the likelihood of the disruptive event, dampen

its impact, hasten the firm's move towards re
covery, and facilitate timely full recovery in
speedy fashion. Specifically, the preparation
stage can encompass crisis preparedness, set
ting up an emergency operations center
equipped to function in the face of disruption,
with backup systems, information and data
bases, and trained personnel. This can be com
plemented with the development of an emer
gency operating plan and a business continuity
sets the tone for security
plan. Leadership
involve
awareness, and senior management
ment in the development of security-related
policies is essential. Appointing a chief security
officer can drive security awareness, though
organizations have to balance the degree of
centralization surrounding development and
implementation of security with some degree
of autonomy and empowerment over a widely
dispersed supply chain. Mitroff and Alpaslan
(2003) outline a Wheel of Crisis, which can
guide preparedness and training of employees
and partners in reducing the impact of disrup
tions. Elkins et al. (2005) recommend steps
such as expanding strategic sourcing, reconfig
uring the supply base, focusing on real-time
operations management, and developing enter
prise-wide riskmanagement strategies.
The firm can also resort to simulations, re
hearsals, and staged events, to train and test
readiness to handle crisis. For example, MIT
has staged supply chain derailment exercises,
using a simulation of a SARS-type epidemic
at a plant in China that is the sole source of a
new product on the eve of theproduct introduc
tion,. The multi-functional and inter-organiza
tional teams working on this exercise can com
pare their approaches at resolving the crisis,
learning and being ready for a real-life crisis.
Also helpful are "red team" attacks, to probe
vulnerabilities in the supply chain, with the
results of such an exercise used to tweak the
supply chain and help make itmore robust and
resilient. Such simulations and exercises can
raise the organization's
and its employees'
overall awareness of security.
Benefits and Cost
from Supply Chain

Security
Supply chain security systems are costly,
with upfront investments and ongoing op
erating costs. At a minimum, systems such as
2006
container security or RFID

tags will include
the costs of system installation, monitoring,
responding to system alerts and information,
and maintenance. Other lifecycle costs could
include technology upgrades, software devel
opment, database maintenance, and smart con
launched the Operation

tainer retrieval. DHS
Safe Commerce program, in partnership with
commercial users, to test security options and
develop information on the costs and benefits
of operating such systems. This gives users a
voice in setting standards and testing proto
types, and allows them toweigh in on alterna
tive approaches and solutions and their cost
implications. Containership charter rates have
been on the rise, so the added cost of security
related activities affects competitiveness. C
allow
TPAT membership
and discussions
members to influence security mandates and
procedures so as to balance costs and benefits.
Benefits. The principal intentof supply chain
security innovation is to avoid and minimize
disruptions, which, if achieved, would be the
overarching benefit. Such investments can
have corollary and simultaneously positive im
pacts in lowering total supply chain system
cost, through greater in-transitvisibility of cy
cle time and material flow, and timely and
accurate shipment data and transportation sta
tus. Better, accurate, and timely supply chain
information allows for managing the supply
chain with lower buffer stock and pipeline in
ventories, with greater confidence about supply
chain performance. Supply chain operators can
detect where the delays are occurring so that
the supply chain can be improved and made
more efficient. The increased visibility of con
tainers, their location and progress through the
supply chain, and detailed knowledge of con
tainer contents and expected arrival allows for
savings in inventory levels, reduced lead time
variance, increased manufacturing uptime, re
duced out-of-stocks, reduced theft,and better
service to the importer, as well as better rela
tionswith customers and suppliers (Bhatnagar
and Viswanathan 2000; A T Kearney 2004, 9;
Sheffi2001; SheffiandRice 2005).
DHS has indicated that containers with ac

tiveRFID can expect green lane treatment, that
is, no inspection upon arrival and immediate
release. This will reduce transit time and reduce
43
pipeline inventory, a benefit valuable inmain

taining supply chain efficiency in a crisis, as
containers whose security and contents are eas
ily verified are more likely to be released early
in a crisis. While some of these benefits are
intangible, there aremeasurable, tangible bene
fits, including the fill rate (of factory invento
ries used in production) and timely completion
and shipping of finished good orders. These
benefits can be balanced against the costs of
security-related
measures.
security initiatives
Supply-chain-focused
can also yield market benefits. For example,
RFID tags can continuously monitor demand
and thus allow the firm to adjust production
quantities, order components, and route fin
ished goods to end-user markets with the great
est unfulfilled demand. This can enhance cus
tomer satisfaction, result in repeat business and
customer retention, and ultimately enhance
overall profitability. Additionally, integration
of supply chain information with the broader
manufacturing operations and marketing data
bases can help automate customer receipt of
goods and promote faster payment of receiv
ables, lowering working capital needs. Table
2 summarizes the costs and benefits of security
oriented supply chain enhancements, consider
ing their impact on both supply chain efficiency
and effectiveness.
Costs. Some security costs are likely to be
unavoidable.
Governments
may mandate
threshold levels of cargo security, and govern
mental agencies in charge of security, such as
DHS, might promulgate new fees to pay for
security costs. Regulations from entities such
as CBP could increase the adoption of con
tainer sealing and motivate increased participa
tion inCSI and C-TPAT initiatives. For exam
ple, passive container seals could become
mandatory on all maritime containers. Passive
tags would be relatively inexpensive, costing
about $0.40 to $0.50 each, while the active
tag system might cost $70 to $100 per unit,
depending on features such as memory, com
munication capabilities, ability to read and re
ceive and transmit data from different sources
and sensors, andmulti-band and multi-standard
transmission.
containers are selected for physical

screening or universal screening as proposed
by the port of Hong Kong, there are costs of
When
Table
2. Costs
Effect on:
Costs/
negative
impacts
and Benefits of Security-related
Supply Chain Efficiency

-Cost of
securityrelated technology
investments?which
deter
may
necessary investments
-
Time
to implement
Additional
hiring
Multiple
standards
Supply Chain Effectiveness

-
security-related
cycle time
stretching out delivery
constrained
Supply chain partner choices
of
costs
Higher
emergency
across
partners and
still under development
of deliberate
inventory,
reserve
Increased
by securityprofile and capabilities

-Difficulties in
integratingenhanced
with existing
chain
information
supply
and field evaluation, leading to duplication and

communicationdifficulties
-
Enhancements
Supply Chain
security processes
cost of security-related
personnel
as solutions
countries,
approval
Fall
JOURNAL
TRANSPORTATION
44
redundancy,
databases
and marketing
manufacturing
on to users
costs passed
Security-related
in the form of incremental user fees
-Cost and
complexityof compliance with
security measures
government-mandated
and regulations
Under-investment
capacity
in security
due
to
difficultyof quantifyingtheirlong-term
Benefits/
positive
impacts
Enhances
security
-Reduced
pipeline and bufferstock inventories
due to better information
-Better
shipmenttracking
-
Reduced
Reduced
pilferage
out-of-stock
states
benefits
Enhanced
customer
concerns
to
"green
lane"
Supply chain redesign aided by wider
availability
of accurate
and
timely metrics
Supply chain redesign leading to robust

and resilientsupply chains
Improved linkage ofmarket demand with
manufacturing
unloading and inspection of these selected con

to containers from such
tainers. Damage
screening is another expense thatmight burden
carriers and importers. Moreover, containers
with security problems might go unclaimed,
leading to fines and disputes over responsibility
the onus be on the ex
for such fees: Would
or
in the
porter, shipper,
importer? Keeping
mind the example of the airline industry,where
much of the incremental security costs have
been passed on to the consumer in the form of
ticket price surcharges, it is likely that supply
chain security costs would be charged eventu
ally as user fees or built into port tariffs.
Many importers rely on third-party logistics
providers (3PLs). In such a framework, 3PLs
would be expected toprovide the security solu
tion, and perhaps bear liability. If supply chain
activities are outsourced through 3PLs, secu
rity-related costs are likely to be passed on to
the 3PL's clients, through a transaction pricing
or a subscription model. Even if the (importer)
firm ismanaging its logistics, and purchasing
services directly from shippers, itmight still
choose to buy security-related services as a
due
service,
greater supply chain visibility

-Reduced
delays caused by security
schedules
and quantities
stand-alone service from security specialists.

Thus, the supply chain network might further
specialize, with the emergent new role of secu
rity specialist firms, and the consequent evolu
tion of supply chain integratorswho can work
to include such security specialists in the over
all supply chain management.
Tradeoffs
between Robustness
Efficiencyin theSupply Chain
and
The discussion around building secure sup

ply chains suggests that the firmmay need to
make a tradeoff between efficiency and ro
bustness. Adding additional buffer stocks or
contracting for excess capacity could lead to
higher costs. However, the longer-term benefit
of improved customer relations and timely
product introductionsmay help the firm avoid
the costs of underperformance resulting from
supply chain disruptions, and the tradeoffmay
be between incurring short-termcosts and gain
ing long-term benefits. The true difficulty is
that the short-term costs are incurred in the
present to avoid larger and extended-period
2006
costs in the longer term. It is difficult to quan

tify the benefits of costs avoided, and thismay
explain why researchers such as Rice and Cani
ato (2003) andZsidin (2003) have foundthat
firms take inadequate action tomitigate supply

chain risks. They conjecture that disruption
risks are difficult to quantify and hence under
rated,making itdifficult to justify large preven
tive investments in supply chain robustness and
security. Firms stand to gain long-term benefits
by quantifying the business case to justify sup
ply chain security investments. They can build
on models quantifying savings which are used
to justify investments in TQM and customer
service, using a similar approach to estimate
the savings and economic benefits from avoid
ance of security-related disruption (Rice and
Caniato, 26, Ex. 1).
for Action
Suggestions
We now conclude with suggestions for ac
tion that flow from our discussion of supply
chain security issues. Table 3 sets out the prin
cipal areas for strategic focus and action, and
also highlights challenges that firms face in
each of these areas.
across the Supply Chain
Collaborating
chains
involve several entities, in
Supply
the
its
firm,
cluding
industrypartners, govern
ments, and supply chain intermediaries. A key
task is assigning roles and responsibilities for
each of the major actors, and then ensuring
collaboration to jointly strengthen security.
Governments aremore concerned with borders
and infrastructure facilities, while it is appro
priate that the firm focus on goods, itspartners,
and employees. Improving global supply chain
security is a long-term effort requiring govern
ment - business partnership. Corporations can
participate in a dialog with government depart
ments and officials from theU.S., other coun
tries, and multilateral organizations, in estab
lishing threshold levels of desired security and
shaping and implementing regulations related
to trade and shipping security. The firmwill
benefit from the convergence of security regu
lations and practices across countries. It should
focus on encouraging such convergence of se
curitymeasures across countries, which is no
trivial task, as nations attempt to balance secu
rity with other considerations. For example,
when U.S. Customs designated some European
ports as CSI-compliant, European Union offi

cials sued these CSI-designated
countries on
the grounds that theCSI designation gave those
ports an unfair advantage over ports from other
European nations (Edmonson 2005).
Firms can also benefit from industryconsor
tia and can play a lead role in focusing on
specifics, such as choosing specific technolo
gies, influencing standards, and clarifying legal
liability in case of terrorist attacks. Through
such consortia, firms can negotiate with gov
ernments and local entities over sharing the
costs of securitymeasures. Security issues will
weigh heavily on insurance availability and
premiums charged, and will affect supply chain
contracts in terms ofwho bears which security
related costs and who bears risk, how will risk
be shared, and who bears responsibility in case
of security failure (Rosetti and Choi 2005).
Insurance firms, based on their accumulated
experience with risk assessment and incurred
losses in a variety of industries and geographic
locations, can provide valuable cross-industry
insights and suggestions for best practices.
They can provide insight on specific security
vulnerabilities, on methods of ameliorating and
avoiding such risks, and on themerits of com
peting technology solutions available to tackle
such risks.
ConfiguringtheSupply Chain:
Robustness, Resilience
Security should now be an integral part of
supply chain management. This means think
ing about security not only during the transpor
tation phase, but also in choice of supply chain
partners, in locations to source from, locations
tomanufacture in, and countries tomarket to.
Security-linked supply chain interruption and
breakdown can have cascading effects on in
ventory levels, manufacturing ability and vol
ume, and product development and availabil
ity. The longer and more stretched out the
supply chains, themore interruptionsare likely,
not only because of terrorism,but also due to
other events such as port strikes.
However, redesigning the supply chain to
make itmore robust through developing re
serve capacity, gaining
additional
slack
or
increased
levels
addi
through
inventory
tional scheduled cycle time, creating deliberate
redundancy, or redesigning new product devel
opment to gain greater flexibility can also pay
Table
Areas
Focus
Strategic
with
Collaborating
across
Strategie Areas
3, Security and the Supply Chain:
Working
the insurance
the supply
chain
governments,
for Action
industry consortia,
standards,
time.
industry,
and multilateral
of borders,
balancing
and
people,
alternatives
for reserve
geographic
reach.
and auditing
of labor. Assessing
security readiness.
with
supply chain
Establishing
trusted partner profiles. Moving
towards shared technologies,
information, and best practices.
partners
screening,
Assessing,
Harnessing
technology
and
technologies
security,
early warning
Developing
Cost-benefit
Developing
short-term
analysis
security
awareness,
organization
Developing
of
for
scenario
Organizing
an emergency
crisis
planning,
for security,
simulation.
society,
Security,
and corporate
the economic
impact
capital
of security
on local,
disruptions
economy.
regional, and national
other consequences?
Analyzing
related
personnel
impacts,
standards.
on field performance.
Estimating likelihood and
of security-based
consequences
disruptions,
tradeoffs,
value of
analyzing
incremental
and
redundancy.
a culture
Developing
of security.
Applying lessons fromTQM

efforts,obtainingorganizationwide
and
engagement
function,
Understandingand helpingmitigate
social responsibility
in
focus.
Establishing
supply chain partner liaison
determiningthe level of
human
decentralization,
needs, and training.
and common
estimating
robustness
plan, appointing
preparedness
chief security officer. Conducting
security
industry consortia
qualitative
long-term benefits from
secure and robust supply chains, vs.
their short-term costs.
systems.
cost
disruptions. Negotiating
sharing with partners and
readiness,
and
Estimating quantitativeand
and
benefitsfromavoiding supply chain
Internal
providers
specialists.
Driving technologyimprovements
estimates
dependable
costs and long-term
governments.
as security
based
security-specific
Developing
metrics.
overall performance
and models
providers
features,
container
shared
Planning
investments.
technology
Supply chain
and enhancing
partners'
and ability to enhance
partners, countries,
security. Which
most effective in strengthening
Addressing
motivation
influencingtechnologydirections,
screening.
metrics
to robustness.
Collaborating with technology
ranking
supply chain benefits RFID,
container
add
securityprotection?Role of 3PL
security-relevant
and their broader
competing
most
alternatives.
design
capacity,
Defining roles, establishingdivision
Cooperative
Understandingwhich security
measures
Modeling robust supply chain
in the supply chain: analyzing
robustness,
resilience
strategies
and cost sharing,

responsibility,
with government.
and efficiency
robustness
over
particularly
Addressing points of vulnerability,
Configuring the
supply chain:
to be raised
likely
Negotiating areas of joint
facilities,
factories,
ports, goods,
information flow.
for Action
Challenges
Establishing thresholdsecurity
Determining
organizations.
roles and responsibility
respective
for security
Fall
JOURNAL
TRANSPORTATION
46
safety, environment
and legal liability.
partners
for foreign
particularly
and countries;
ongoing
group.
working
with local governments,
Working
in
first responders,
legislators
establishingjoint securityprograms,
roles
and demarcating
responsibilities.
and
Pushing
for cost
benefitanalysis in establishingnew
regulations
and programs.
2006
dividends inmaking the supply chain less vul

nerable to security-related disruptions. It is
worth noting that such redesign also can be
achieved through a process of continuous im
provement.
Security considerations will influence off

shore manufacturing decisions, outsourcing,
and choice of modes of entry decisions (Lu
2004). While security concerns and measures
can add to cost, they can also influence deci
sions on length of the supply chain and location
of supply sources. China, Hong Kong, and Sin
gapore together account for over half of the
container shipments to theU.S., and Japan and
EU are other key sources. As a pragmatic mat
ter, supply chain security initiativesmight ini
tially focus on working with these ports and
with supply chain partners,manufacturers, and
ship, truck,and rail transport suppliers at these
locations, to gain immediate security improve
ments in the supply chain. Over time, these
initiatives can be extended to the remainder of
the supply chain locations and partners. In turn,
this may bias decisions in favor of shorter
distance supply chains and positioning activi
ties closer tomarkets, i.e.,Mexico over China
in supplying U.S. markets (Edmonson 2003).
Accumulated information on supply chain dis
ruptions, over time, will then help the firm
judge whether such moves have in factmade
its supply chains more secure.
Cooperative
Strategies with Supply Chain
Partners
Firms need alliances along the entire supply
chain, to strengthen security and share security
related solutions, investments, technology,
data, implementation, and benefits. An intangi
ble issue is trust,as firms will prefer partners
who share security values and have shown a
demonstrated commitment to supply chain se
curity.Firms may want to structure supply con
tracts to motivate
security-oriented invest
ments by partners, and continually assess their
security preparedness as a condition of ongoing
collaboration. For example, itmight be advis
able to set up arrangements to share costs when
a partner's preventive measures offer supply
chain-wide benefits. In this regard, Rosendorff
and Sandier (2005) suggest thatgame theoretic
analysis can be useful in assessing the interde
pendent security choices made by allied firms
(Neal and Kunreuther 2005). Generally, the
larger the number of supply chain partners,

the greater the risk of supply chain breaches.
Hence, firmsmight seek to reduce the number
of partners, perhaps increasing in-house han
dling of supply chain activities (DOT 2002).
However, supply chain robustness might be
enhanced by diversifying across partners and
using a number of smaller partners, each of
whom is entrusted with a portion of the firm's
supply needs. Whether the firmdecides in favor
of fewer or a greater number of partners would
depend on its estimate of the reduced likelihood
of supply disruptions. Firms will need towork
with their partners to develop standard pro
cesses tomanage and control their global sup
ply chain security, and develop rules, delineate
responsibilities and accountability, and ensure
compliance. This will be particularly intricate
at the beginning of such collaborations, and
when negotiating arrangements with small and
medium-sized
manufacturers, brokers, and
scattered
around the world (Lu and
shippers
Dinwoodie 2002). Firms will have to assume
a leadership role in developing procedures and
helping their (smaller) supply chain partners
learn and adopt such practices. Dobie (2005)
suggests a similar partnership approach from
themotor carrier side, advising thatmotor car
riers should not just react to shipper concerns,
but instead, proactively decide which shippers
theywould choose towork with. That is, firms
would select "core shippers," based on the
carriers' competencies, resources, and strategic
objectives.
Harnessing Technology
Certain technology areas such as container
security, the use of RFID tags, and container
screening have become more established, with
coalescing standards and multiple vendors, and
a history of user experiences. Firms can draw
on this history to assess competing technolo
gies and make decisions about deployment. In
other areas, technology solutions may be in an
emergent phase, performance will improve and
uniform standards are likely to emerge, and
preserving technological flexibility will allow
firms to take advantage of emerging develop
ments and implement desirable technology up
grades. Firms can participate as lead users to
help influence technology direction and im
provement, functionality, and standards. Since
information gathering and sharing is a central
48
TRANSPORTATION
part of security measures, inter-operability is

critical, and industrybodies such as EPCglobal
have been setting and improving standards (for
RFID and electronic product tags). The firm's
role is to ensure that standards are commer
cially viable, and that these technologies work
well with complementary resources such as
software and other installed hardware. Tech
nology-based solutions are not the only way
to enhance security, nor are they fool-proof,
and they should be complemented with overall
supply chain redesign and with collaboration
across the supply chain and with industry,gov
ernments, and multilateral organizations.
Supply Chain Metrics and Models

Metrics are necessary to evaluate perform
ance and tomonitor supply-chain-wide vulner
abilities. Good measurements can answer ques
tions such as, Has security improved? Has

supply chain performance improved? How are
supply chain partners qualified and deemed
trustworthy?Have supply chain partners im
proved their security practices? How have spe
cific technological solutions enhanced secu
such as supply
rity? Performance measures
chain time reduction, inventory reduction, and

fill rates in manufacturing can be comple
mented by system effectiveness tests such as
on-time delivery to customers, and resistance
and resilience to simulated break-in attempts.
Supply chain partners can be monitored with
measures such as supply chain security audits
and responses to audit results, supplemented
certification of supply chain
with C-TPAT
can supplement such metrics
Firms
partners.
with formalmodels, which relate outcome vari
ables such as customer satisfaction, cycle time,
and supply chain total cost with decision vari
ables such as distance, number of partners,
extent of outsourcing, use of specific technolo
gies such as RFID, and whether partners have
met certification requirements such as C-TPAT
can also help
and CSI membership. Models
assess whether redesigned, more robust supply
chains have enhanced security.
Cost-benefit Analysis
There are obvious and immediately incurred
costs of enhancing security protection, follow
ing from supply chains' redesign to reduce their
JOURNAL
Fall
security vulnerability. There may also be sig

nificant long-term benefit from avoiding sup
ply chain disruption, as well as tangible busi
ness benefit from improved supply chain
performance. Sodhi (2003) recommends that
firms continually assess the short-term costs
and the long-term benefits of enhancing secu
ritywithin the global supply chain. The diffi
culty lies in estimating these long-term bene
fits, under alternative designs, and using them
to justify incurring of short-term costs. In
thinking about supply chain redesign, the firm
might have to estimate the additional costs due
to time delays caused by security issues and
risk management
(where some supply chain
choices may have greater risk associated with
them) and balance them against the lower prod
uct cost of geographically distant suppliers
(Hathcote and Nam 1999; Cho and Kang 2001;
Fawcett 1993). The firm can demonstrate the
value of increased robustness and resilience of
its supply chain with such analysis. Firms will
also need to develop sound estimates of the
sources of risk in their current supply chain, the
likelihood of such risk events, and the possible
impact of such risk events on the firm and its
customers. Such information can help the firm
choose between alternate supply chain rede
signs. Cost-benefit analysis also affects regula
tory passage, and the firm, on its own or
through industryconsortia, can use cost-benefit
analysis results to guide the imposition of new
safety regulations, fending off burdensome reg
ulations thatmight add to the cost of global
supply without commensurately enhancing se
curity and lowering risk.
Internal Readiness,
Security Awareness,
and Organization
Structure for Security
If security concerns are to take on strategic
importance, security should occupy a central
position in the supply chain organization. How
ever, the organization should conduct inte
grated security
planning, not simply develop
'
over
and
'toss
thewall'' for implementa
plans
tion by other (distant) units. Training can help
create widespread
security awareness within
the organization, a necessary first step in creat
ing a culture of safety across the supply chain
and across the rest of the organization. Firms
will need to do scenario planning and develop
multiple scenarios and emergency prepared
ness plans to handle security breakdowns and
2006
manage the consequences of a security inci

dent. Supply chain security could be entrusted
to a high-level executive, perhaps appointing
a chief security officer,who can develop neces
sary linkages to key personnel inmarketing,
alliance management, information technology,
and manufacturing. At the same time, given
the numerous decision points within the supply
chain, some level of decentralization will be
necessary, with appropriate training for thedis
persed decision-making personnel. Firms and
their supply chain specialists will need to col
laborate with foreign personnel at overseas
ports and along the supply chain. Hence, firms
will need supply chain specialists who can
work effectively in overseas locations and with
foreign partners, are trained to evaluate security
weaknesses, and can audit and improve secu
rityprocedures and security profiles. Firms will
have to develop strategies for training and de
veloping such staff,giving them short-termand
long-term assignments, developing their lan
guage and cultural skills, and strengthening
theirability towork with the private sector and
with government bureaucracies.
The drive to enhance security can be seen
as analogous to earlier efforts to disseminate
TQM practices across the corporation, and
firms can stress similar levels of organization
wide learning and commitment to security en
hancement. For example, applying the TQM
philosophy thatprevention is always preferred,
security should be designed into the supply
chain, rather than being introduced subsequent
to disruptions caused by security lacunae.
A corollary effort to engage partners in a
similar fashion would help strengthen security
standards across the entire supply chain, and
such an initiativewould be reinforced by creat
ing liaison positions charged specifically with
security responsibilities. Itwould be beneficial
to have all supply chain partners appoint repre
sentatives to a permanent working group that
could focus on security issues.
Security, Society, and Corporate Social
Responsibility
While security compliance is a business ne
cessity, it is also socially responsible behavior.
A corporation with a global supply chain bene
fits from a more secure global logistics and
transportation network. Clearly, actual terrorist
attacks launched throughports and via contain

ers will immediately cause interruptions in the
supply chain, lower economic activity drasti
cally, and halt and possibly reverse the growing
international trade and investment links of the
world economy. This cannot be in thebest inter
est of any corporation involved in international
business, and hence it is in the self-interest of
the firm to cooperate in security initiatives.Dis
ruptions can be felt at many levels, and hence
the firm should work with representatives from
the local, regional, and national economies, and
with multilateral organizations. Other relevant
parties would include first responders such the
local ambulance, police, and firefighterunits,
and legislators who have the power to circum
scribe or support company actions. The firm
would seek tomitigate the effects of security
disruptions on thewider community, not just on
itsown operations. Such effectsmight extend to
concerns over environmental damage and im
pact on local health and safetyof employees and
of community residents.
In summary, security in the supply chain is
not a cost of doing business but an essential
element of supply chain efficiency and effec
tiveness. Supply chain security is a strategic
necessity and firms should approach it accord
ingly, giving it as much weight as financial
or market strategy. Firms can redesign supply
chains tomake themmore robust and capable
of withstanding disruption. Given the geo
graphical dispersion of the supply chain, firms
must cooperate with supply chain partners to
ensure that similar security standards are in
force across the entire supply chain. Overall
supply chain robustness can be complemented
with security-specific measures. New technol
ogies can provide some help in enhancing secu
rity,but need tobe combined with collaborative
effortswith industryand government, to deter
mine and share roles and responsibilities. Fi
nally, while securitymeasures can raise short
term costs, well designed robust supply chains
can yield long-term benefits of enhanced secu
rity and improved overall supply chain per
formance, leading to greater customer satis
faction.
References
A T Kearney, "Smart Boxes,"
2005.
Chicago,
'
'The impact of port and trade security
Banomyong, R.,
initiatives on maritime
supply-chain
management,"
50
Maritime
Policy
pp. 3-13.
& Management,
TRANSPORTATION
Jan.-Mar.
32(1),
2005,
Bhatnagar, R. and S. Viswanathan,

"Re-engineering
global supply chains," International Journal of Physical
and Logistics, 30(1), 2000 pp. 13-34.
Distribution
CBP
2005.
http://www.customs.gov/xp/cgov/import/
commercial_enforcement/ctpat/criteria_importers/
ctpat_importer_criteria.xml.
Cho, J. and J.Kang, "Benefits
Chopra, Sunil
to Avoid
Risk
and challenges of global

retail firms,"
apparel
of US
perceptions
sourcing
International Marketing
Review,
and Manmohan
18(5), 2001,pp.542-561.
S. Sodhi, "Managing
Sloan
Breakdown,"
Supply-Chain
Review, Fall 2004, pp. 53-61.
Management
"Editorial:
Mark,
David,
High-tech
tracking tools
secure incoming cargo," Electronic
Feb.
17,
Design,
2005.
of Defense, Final Regulatory Flexibility
Radio
of Passive
Frequency
Identification
2005. Undersecretary
of Defense
for
Aug.
Department
Analysis
(RFID).
Acquisition
Technology & Logistics.
A
"The
Core
Dobie,
Kathryn,
Shipper Concept:
Proactive
for Motor
Carriers,"
Strategy
Freight
Journal, Spring 2005, pp. 37-53.
Transportation
DOT. Volpe National Transportation
Systems Center,
Intermodal Cargo Transportation:

Industry Best Security
Practices.
June 2002.
Cambridge MA,
The Economist,
"When Trade and security clash,"
April 4, 2002.
for Speed,"
R. G., "A Need
Journal of
Aug. 4-10, 2003.
R. G., "Creating
the Smart Container,"
Edmonson,
Journal of Commerce, Dec.
13, 2004.
containers' electronic sensor
Eisenberg, Anne, "Cargo
"
New York Times, Jan. 20, 2005.
says 'do not disturb,'
Edmonson,
Commerce,
Elkins, Debra, Robert W. Handfield, Jenifer Blackhurst,

and Christopher W. Craighead, "18 Ways toGuard against
Jan./
Review,
Disruption,"
Supply Chain Management
Feb. 2005, pp. 46-53.
Fawcett, S. E., "Conversion
system cost characteristics
in global manufacturing
the maquiladora
example,"
International Journal of Production Research, 31(3) 1993,
pp. 647-664.
of
Flynn, Stephen E., "Port Security Is Still a House
Cards,"
Far
Eastern
Economic
Review,
January/
February 2006.
and
and Heejoon
"Borders
Fratianni, M.
Kang,
International Terrorism," Working Paper, Kelley School
of Business,
Indiana University, May 2004.
GAO,
of Key Customs
Security: Expansion
to Critical
Greater Attention
Require
"Container
Programs Will
Success
Factors,"
General Accounting
DC:
Washington,
July 2003.
Security. Summary Of Challenges
GAO-03-770,
Office,
"Homeland
GAO,
For
In Targeting Oceangoing
Faced
Cargo Containers
DC: General
04-557T, Washington,
Inspection," GAO
Accounting Office, March 31 2004.
"Defense
GCN,
taps Alien
Government
Computer News,
for RFID
May
technology,"
12, 2005.
http://
www.gcn.com/online/voll_nol/35785-l.html.
Jim Weinberg,
and Don
Gerencser, Mark,
"Port Security War Games:
Implications
Chain,"
2002, Booz Allen Hamilton.
forU.S.
Vincent,
Supply
JOURNAL
Hathcote,
Fall
I. Nam,
J. and
of sourcing
"Advantages
S Korea
and Mexico,"
1999, pp.
13(2), Summer
apparel from China, Taiwan,

International Trade Journal,
157-185.
Hendricks,
Kevin
B.
and Vinod
R.
Singhal,
"An
Empirical Analysis of the Effect of Supply Chain
on Long-Run
Stock Price Performance
and
Disruptions
and Operations
Equity Risk of the Firm," Production
14(1), Spring 2005, pp. 35-52.
Management,
Hendricks,
"Association
B.
Kevin
between
and
Vinod
Supply
Chain
R.
Singhal,
Glitches
and
Performance,"
Science,
51(5),
Management
Operating
May 2005, pp. 695-711.
Juels, Ari, "Attack on a Cryptographic RFID Device,"
RFID Journal, Feb. 28, 2005.
Trades
Koch,
Christopher,
speech at the Maritime
Department,
22, 2005.
AFL-CIO
2005
Convention,
Chicago,
July
Kleindorfer, Paul R. and Germaine H. Saad,'

'Managing
in Supply Chains,"
Risks
Production
and
14(1), Spring 2005, pp. 53-68.
Operations Management,
Lee, Hau L. and S. Whang,
"Higher
supply chain
Disruption
from total quality

security with lower cost: Lessons
International
Journal
management,"
of Production
Vol. 96, 2005, pp. 289-300.
Economics,
Lu, Y. and J. Dinwoodie,
"Comparative
Perspectives
of IFF Services inChina," Transportation Journal, Winter
pp. 17-27.
"An Evaluation
of Logistics Services'
Lu, Chin-Shan,
of International Distribution
in
Centers
Requirements
2002,
Journal, Fall 2004, pp. 53-66.

Transportation
Business Technology,
Manufacturing
"Tag
switching
and counterfeiting are security issues particular to RFID,"
Feb. 2006. http://www.mbtmag.com/current_issues/2006/
Taiwan,"
feb/integlnfra2. asp
but Dollar Foolish Charles,
Massey,
"Penny Wise
The Facts Behind Sensors-in-the-Box,"
paper presented
at the Maritime
Port and Cargo Security Summit, Jan.
26, 2005.
turns to high
John, "DHS
and Space Electronics,
McHale,
tech to control
borders," Military
22-26.
Mitroff, Ian I. and Murat C. Alpaslan,

Business Review, April
Harvard
Evil,"
115.
July 2005, pp.

for
"Preparing
2003, pp. 109
Molar, Allen E., "Container

Pays,"
Security: Who
Journal of Commerce, Nov.
1, 2004, p. 60.
Monczka,
R., R. Trent, and R. Handfield, Purchasing
and Supply Chain Management,

3rd edition, 2005,
Cincinnati, OH.: Southwestern/Thomson
Learning.
National
Defense
"The Virtual Border:
University,
Reducing
The Risk Of Sea-borne
Washington,
Neal, G.
DC, August 2002.

and H. Kunreuther,
security," Journal
2005, pp. 201-217.
O'Hanlon,
Homeland,"
Institution.
of Conflict
Michael,
2002,
Container
"IDS
models
Resolution,
"Protecting
Washington,
Terrorism,"
of airline
49(2),
the
DC:
April
American
Brookings
a
Rice, James B. Jr. and Frederico Caniato, "Building
Secure and Resilient
Supply Network,"
Supply Chain
Management
Review,
Sept./Oct.
2003, pp. 22-30.
2006
Rosendorff, B. Peter and Todd Sandler, "The Political

Journal
of Transnational
Terrorism,"
of
Economy
ConflictResolution,49(2), April 2005, pp. 171-182.
'On the dark side of strategic

Rosetti, C. and C. Y. Choi,'
from the aerospace
industry,"
outsourcing: experiences
Executive,
19(1), 2005, pp.
Academy
of Management
45-60.
'Five tenets of
Russell, Dawn M. and John P. Saldanha,'
Security-Aware Logistics and Supply Chain Operations,"
Transportation Journal, Summer 2003, pp. 44-54.
and
"Strategic
Sarathy, Ravi and Chris J. Robertson,
in Managing
Ethical Considerations
Digital
Privacy,"
Journal of Business Ethics, 46(2), Aug. 2003, pp. 111-126.

under the
Sheffi, Yossi,
"Supply Chain Management
The International
Threat of International Terrorism,"
Journal of Logistics Management,
12(2), 2001, pp. 1-11.
Sheffi, Yossi and James B. Rice Jr., "A Supply Chain

Sloan Management
View
of the Resilient Enterprise,"
to do Strategic Supply Chain
S., "How
Sodhi, M.
Sloan Management
Review, Fall 2003, pp.
Planning,"
69-75.
Tang, Christopher S., "Robust strategies formitigating
International
Journal
of
supply chain disruptions,"
and Applications,
9(1), March 2006,
Logistics: Research
pp. 33^5.
51
for container
Tirschwell,
Peter, "An
opportunity
Journal of Commerce, Feb. 7, 2005a.
and container security,"
Tirschwell,
Peter, "Nukes
Journal of Commerce, March 28, 2005b.
Tirschwell,
Peter, "Should
security start inside the
seals,"
box?,"
Journal
Trent, Robert
of Commerce, Aug. 8, 2005c.

J. and Robert M. Monczka,
"Pursuing
global
through
advantage
integrated
Review, May 2002,
sourcing," Academy ofManagement
16(2), pp. 66-80.
Trent, Robert J. and Robert M. Monczka,
"Achieving
in Global
Excellence
Sloan Management
Sourcing,"
competitive

Review ofMaritime
UNCTAD,
York and Geneva,
2003.
Transport,
2003, New
Wall Street Journal, "Sensors on Containers may offer

safer shipping," March
31, 2005a.
Wall Street Journal,'
'Keeping Cargo safe from terror,"
July 29, 2005b.
Weis,
Frequency
computer
and Privacy
Stephen A., "Security
masters
Identification Devices,"
in Radio
thesis
in
and
science, Dept. of Electrical Engineering
Computer Science, MIT, May 2003.
of
Zsidisin,
A.,
George
"Managerial
Perceptions
Supply Risk,'' The Journal of Supply Chain Management,
Winter
2003, pp.
14-25.

Security in SCM

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Security in SCM

Загружено:

Авторское право:

Доступные форматы

Penn State University Press

Security and the Global Supply Chain

is a central fact of the global

Sarathy is professor of strategy and international

is interrupted along with world trade, reducing

would have to develop close partnerships with

related or otherwise, could occur at any

ties level, at information flow or trans

responsibility. Guarding against disrup

supply chains become

and Supply Chain

Freight (physical flow of goods)

Greater complexityas supply chain is integratedacross globally

Sources of Risk. Terrorism and security

Supply chain characteristics can themselves

SECURITY AND GLOBAL SUPPLY CHAIN 31

as to quantity, quality, and timely arrival; traf

of out-of-control procedures, and then aims

Of course, containers are only one part of the

Figure 1 summarizes these various points

that is, employees at themanufacturer,

The wide range of vulnerability across the

SECURITY AND GLOBAL SUPPLY CHAIN

Figure 1. Points ofVulnerabilityin theSupplyChain

Supply chain providers

Transportation carriers: containerships, air, rail, trucks as well as barges

Ports, airports,rail-yards,and ports

entities. In other areas, such as establishing

over hiring, access, and processes such as re

Captive and outsourced factories

Stuffing the container

Supply chain providers and

Governmental & Private

Trusted partners; audit securitymeasures; employee

Supply Chain Stages

CSI: Container Security Initiative, collaboration

IMO: ISPS Code; secure facilities and access.

Customs Trade Partnership Against

European Union: AEO, Authorized Economic

their customers, need to insist on and motivate

ous cargo such as nuclear materials and chemi

SECURITY AND GLOBAL SUPPLY CHAIN 35

to determine individuals' antecedents. How

is breached, the data stored on such tags can

Government and Multilateral

theAutomated Target System (ATS) soft

for improvement, and typically follow up

and Port Facility Security Code (ISPS) as of

SECURITY AND GLOBAL SUPPLY CHAIN 37

Pfizerhas used RFID to fightcounterfeiting

of drugs such as Viagra, while San Francisco

(Weis 2003; Juels2005).

The U.S. Army has been a major proponent

Reusable active tags cost more than passive

RFID usage and efficiency is affected by a

their performance dimensions, as not all users

RFID tagfraud. The expanding use of RFID

cast to the reader. Longer lock codes and en

SECURITY AND GLOBAL SUPPLY CHAIN 39

satisfaction from receiving accurate shipment

emerging products for container security.

Screening and Inspection

to drive containers through the scanner, raising