Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
DOI 10.1007/s12198-009-0034-3
Received: 12 October 2009 / Accepted: 28 October 2009 / Published online: 27 November 2009
# Springer Science+Business Media, LLC 2009
Abstract Statistics show that large amounts of goods moved in distribution chains
incur the risk for being stolen, counterfeited or contaminated. At the same time terror
threats for smuggling weapons of mass destructions, or intentionally altering products,
are pushing governments to require higher security from logistics and transport
operators. As a consequence, supply chain managers have to face the difficult task of
choosing among extensive sets of security solutions to protect their distribution
networks. Many and conflicting analyses can be found in available scientific literature.
Therefore this paper provides with an overview of available security solutions so as a
framework to identify weak spots and related countermeasures in distribution chains.
Moreover recommendations for managers and future research are put forward. A
combination of methods is adopted: a literature search, a survey to collect security
solutions, structured interviews, and collection and classification of the findings.
Keywords Antagonistic threats . Supply chain security . Physical distribution
security . Security measures . Security certifications
Introduction
During the last years, antagonistic threats in supply chains, and more specifically in
their distribution operations and facilities, have become increasingly important.
Theft is a worrying phenomenon incubated in distribution chains and costing billions
L. Urciuoli (*)
Engineering Logistics, Department of Industrial Management and Logistics, Lund University,
Ole Rmers Vg 1, Box 118, 221 00 Lund, Sweden
e-mail: luca.urciuoli@tlog.lth.se
L. Urciuoli
(2007) shows that security gaps are identified at foreign ports, where supply chains
stakeholders lack knowledge of local culture, legislation, etc. (Figure 1).
Other factors may be responsible for the vulnerability of supply chains. These are
the lack of knowledge about security measures, lack of preparedness to this kind of
threats but also lack of incitement to secure transportation when making agreements
between consignors and consignees of supply chains (Workshop on Transportation
security 2007; Unisys 2007; Sheffi 2001).
The improvement of supply chain security cannot be certainly achieved by
interrupting the JIT and globalization trends, since these trends ensure the economic
growth of the global economy and therefore cannot be reverted. On the contrary,
supply chain facilities and operations can be secured by introducing new
technologies, routines or by complying with compulsory or voluntary security
certifications. However supply chain managers are experiencing the difficulty of
choosing among extensive sets of security measures. The reasons can be found in the
lack of proper knowledge of security so as in the difficulty experienced to classify
mitigation measures, asses their impact and compute business cases (Rice and Spayd
2005; Lee and Whang 2005; Workshop on Transportation security 2007; Unisys
2007; Sheffi 2001). Thus it becomes relevant to enhance the comprehension of
mitigation measures and obligatory requirements and show how these can be
implemented in supply chains.
Previous research puts also in evidence the importance of increasing supply chain
or distribution security either by introducing mitigation measures or joining security
certifications. However many and conflicting analyses and recommendations may be
found in the literature, in various articles, and handbooks for security. Unisys (2007)
highlights how the introduction of security measures can reduce security gaps among
foreign and inland operations (Figure 1). Sheffi (2001) identifies three areas where
security solutions should be implemented: supply chain management, public/private
cooperation and assets organization. Peck (2006) underlines the importance of risk
management to reduce security threats and extends the concept of supply chain risk
management from corporate security and business continuity to national security and
emergency planning. In addition the author points out the importance to reduce
congestion at US ports of entry and to invest in security technology in ports of exit
(Peck 2006). Other authors emphasize the importance for evaluating the costeffectiveness of mitigation measures. Lee and Whang (2005), in accordance to the
Total Quality Management (TQM) doctrine, show how the implementation of RFID
Figure 1 Current and future state of security in foreign and inland supply chains facilities (Unisys 2007)
L. Urciuoli
based technologies can speed up inspection operations and provide operators with
time and costs savings. Rice and Spayd (2005) show that investing in security can
also bring collateral benefits as trade facilitation, asset visibility and tracking,
faster standard development etc. Haughton (2007) demonstrates the economical and
competitive advantages for large and small shippers becoming FAST-approved (Free
And Secure Trade). The acquisition of the FAST status may provide shippers with
faster trans-border operations and consequently a substantial advantage on the export
market (Haughton 2007). None of the known literature presents a comprehensive
overview of security solutions, classify it and integrate it into a logistics based
framework.
This paper is part of the SecureFlow05 project, financed by the Swedish
governmental agency for Innovation Systems (VINNOVA) and provides readers
with a logistics oriented multi-layered approach to classify available security
solutions on the marketplace to combat antagonistic threats in distribution chains.
The main aim of this research is to determine how to narrow the knowledge gap
among managers and also how to make available to them the findings from the
literature in the field. Security problems often are multifaceted and dependent on the
specific context (geographical, cultural etc.) in which they take place. Therefore
managers need to have access to comprehensive lists of security solutions to be able
to choose the ones that better fit their logistics and security requirements. In addition
the logistics multi-layered framework developed in this investigation will support
them in the identification of weak spots and related countermeasures.
Methodology
To gain a clearer picture of security needs and knowledge of managers, several
methodological steps had to be accomplished. This process is shown in the diagram
flow in Figure 2. First of all a literature search was performed to gain a clearer
picture of the status of the research driven in security, including the analysis of
Figure 2 Outline of the
methodology
Literature Search
First Draft
Survey/Establishment of
Survey Group
management strategies, technical tools and certifications. After that, a first draft of
the survey was prepared and sent to a group of potential respondents. Due to the low
response rate the survey was made simpler and sent again. The collected results were
categorized and put into a layered framework.
Literature search A literature search was performed to gather previous research that
was performed in the security area. Main keywords used to search into scientific
journal databases were security technologies, security and logistics, security
technologies and distribution chains, supply chain management and security
technologies. The homepages of security solution providers were also a
fundamental source of information that was used to enrich the description of the
gathered solutions. In addition, the websites of the US and European Customs were
examined to find relevant information about security certification programmes.
First draft survey A draft of the survey, meant to collect security solutions, was
prepared and internally reviewed within the division of Engineering Logistics in
Lund, to get further comments and corrections from other expertise. The final first
draft, finished in August 2007, contained an introduction to the problem investigated
within the research and two sets of distinct tables: the first to gather information
about security systems and the second about security procedures. The table for the
collection of security systems was split into six columns. The first two columns
asked for open answers about the name of the known security system, hyperlinks to
existing providers on the marketplace and the components constituting the system.
The last four columns asked respectively for the part of the distribution chain
where the system was implementable, Type of Security Solution (Prevention,
Detection or Recovery), Type of Unit Load the Solution was applicable to and
Type of Resources the Solution was applicable to. This information had to be
gathered to get a deeper understanding about how security systems, procedures or
certifications work. The respondents had the possibility to check boxes under each
column to simplify the answering procedure or to propose eventually missing
alternatives. Similarly the table for the collection of security procedures was made of
five columns. The first two were open questions in which respondents could specify
the name of the procedure (possibly by mentioning the corresponding ISO code),
and the processes composing the procedure. The last three questions were instead
made up of checkboxes and asked for Type of Security Procedure (Prevention,
Detection or Recovery), Distribution Chains Actors involved and External
Actors involved. These were also fundamental to understand the main processes and
actors involved in the security procedure. At the end of the survey, the respondents
were given the possibility to make comments, specify their companys business area
and provide with their contact details.
Establishment of survey group A first survey group of about 30 persons, working
with security issues and belonging to different organizations, was contacted through
the industrial consortium set up for the SecureFlow05 project. Some of them were
interviewed by phone to get faster feedbacks and further contacts to be added to the
survey group. Other potential members were contacted through participation to ongoing workshops about security. To give the survey group an international character,
L. Urciuoli
&
&
&
&
&
Survey second draft The results of the first draft gave very low responses.
Contacting by phone some of the emailed contacts the motivations for not answering
were diverse. Some of them hadnt enough time; others experienced the survey as
too complicate because of its structure or the English language. Finally the most of
the contacted persons were worried about the confidentiality of the results collected
in the survey. Security is a sensible factor for industries that should not be disclosed
to external actors, since these could take advantage of the information to attack the
weak points of a target. In virtue of these comments the survey was modified. In
the introducing text it was underlined that respondents were 1) free to leave parts of
the survey unanswered and 2) invited to contact us in case of anonymity and secrecy
concerns. Finally the table of security systems was shrunken to include only the first
three columns. The new survey was sent back, to the managers who didnt reply to
the first draft, in December 2007. The deadline for replying was set on the 29th of
February 2008. A copy of the final draft of the survey is given in the Appendix at the
end of this report.
Interviews To increase the response rate of the survey some of the group members
were interviewed. The interview started with a summary of the background of the
research, its scope and an overview of the tables of the survey to be filled in. These
interviews had a well defined structure since they were performed by filling in the
tables prepared for the survey.
Findings review and classification At the end of this process a group of totally 76
managers working with security was gathered and emailed the survey to. To increase
the response rate, some of the surveys were filled in via telephone interviews. 16
members of the group replied the survey back (21%), 5 were interviewed (6%),
while 4 members explicitly declared that they couldnt join the investigation because
of lack of time or secrecy issues (5%). Finally, 42 managers never answered (55%)
and 9 (11%) surveys could not be delivered to the available email addresses. The
results collected were grouped into three areas: governmental initiatives, management strategies, operative routines and technical systems. A further classification of
the findings according to their capability for preventing, detecting and recovery from
antagonistic attacks was performed. Finally a logistics multi-layered approach was
developed to support managers in the identification of weak spots and related
countermeasures.
L. Urciuoli
chains. However more detailed information, presented in this paper, has been
gathered from material made available by the homepages of US and European
Customs. Several initiatives have been issued by governments around the world to
prevent catastrophic consequences on society.The first security enhancements were
implemented in the air sector a few months after the attacks in New York (US
Congress 2001). The Aviation and Transportation Security Act called for a
noticeable increment of inspections and 100% screening of cargo loaded on
passenger planes. Similar reforms have been adopted in Germany, UK and
Singapore. The sea sector followed the air sector when the International Ship and
Port facility Security code (ISPS) was widened to include a standard framework, for
the identification and assessment of vulnerabilities of sea transportation and port
facilities by means of risk analysis, was included in (Katarelos and Alexopoulos
2007; Bichou 2004). This framework came into force in 2004 and it explicitly
identifies the main responsibilities of governments, shipping companies, and port/
facilities to detect and prevent security threats. Risk analyses are the core instrument
adopted in the ISPS code to identify, assess main threats and determine minimum
security requirements (IMO 2004).
The Container Security Initiative (CSI) was introduced in US in January 2002 in
US. The CSI highlight the importance of developing domestic bilateral agreements
to permit the exchange of Customs officers in US. In addition it is fundamental to
allow benchmarking and improvement in inspection and clearance processes of
containerized cargo. To accomplish this task, the Customs and Boarders Protection
(CBP) has identified four main elements in the CSI programme (CBP 2006):
&
&
&
&
10
L. Urciuoli
Organization for Standardization (ISO). Examples are the ISPS standards to certify
ports (ISO/PAS 20858:2004), the security requirements to enhance supply chain
security (ISO/PAS 28000:2005), freight containers seals specifications (ISO/PAS
17712:2006), supply chain security best practices (ISO 28001:2006) so as e-seals
communication protocols, application requirements, environmental characteristics,
data protection and the physical layer to ensure free of defect functionality (ISO
18185:2006/2006) (ISO 2008).
Management strategies None of the managers that participated to this study
mentioned managerial strategies, which are instead collected exclusively from
existing literature. The focus of these measures is mainly on supply chain risk
management to mitigate disruptions consequences (Peck 2006; Tang 2006).
Asbjrnslett (2008) introduces the concepts supply chain robustness, or resilience,
that are equivalent to the ability of supply chains to resist to antagonistic attacks,
adapt to events and recover to stable conditions. Major disruptions in supply chains
have pushed the development of more efficient and resilient supply chain strategies.
Some authors recommend adopting managerial strategies to rethink supply chains by
reducing transport content, using transportation more efficiently and improving
sourcing strategy (Crone 2006; Simchi-Levi et al. 2002; Abbott et al. 2003). For
instance, after the production breakdown experienced few days after the terror
attacks in New York in 2001 and the consequent shut-down of the US Customs,
Ford Motor Company, decided to rethink its lean inventory IT system to build a
more resilient supply chain with more buffers and inventories (Lin et al. 2006).
Simchi-Levi et al. (2002) encourage companies to 1) re-think their supply chain
operations by applying hedging and flexible strategies, 2) perform what if analysis
and 3) improve collaboration and outsourcing. Lee and Whang (2005) state that
higher security can be achieved at lower costs according to the Total Quality
Management (TQM) doctrine. Sheffi (2001) put in evidence the importance of dualsourcing, dual-manufacturing and dual-inventory to reduce the risk of disruptions.
Likewise risk management, knowledge and process backup, decentralization of
operations and redundancy are also pointed out as fundamental practices. Sheffi
(2001) highlights the importance to improve public-private cooperation, assets
reorganization and calls for the introduction of a security manager that is familiar
with corporate environment issues so as with risk assessment techniques. Finally
Many authors express the confident hope that working to improve the vulnerability
of supply chains will undeniably strengthen logistics and transportation systems by
increasing overall efficiency. Rice and Spayd (2005) state that security regulations
must be designed in a way to improve security without affecting the costs and the
complexity of supply chains. Peleg-Gillai et al. (2006) affirm that better security
drives business value. Willys and Ortiz (2004) propose a framework to evaluate
security solutions and identify those that dont affect supply chains efficiency.
Prokop (2004) states that Customs have to enhance security without negatively
affect efficiency and national economy. Closs and McGarrell (2004) highlight the
importance of cooperation between private and public sectors to maximize both
security operations and supply chain efficiencies.
The collected management strategies have mostly a holistic character, involve
long-term operational planning and are meant to support recovery operations of all
11
the elements of supply chains after a disruption (see Table 2). Thus it is important to
specify that almost all of the measures collected are not intended to detect antagonist
attacks but are instead meant to prevent and recover shipments as well as to avoid or
mitigate the consequences of transport disruptions in supply chains. Finally top and
middle management is involved in the definition, development and implementation
of these measures.
Operative routines and technical systems Operative routines refer to all the
procedures put into operation to enhance the security against antagonistic threats.
Technical systems can automate operative and strategic measures by means of a
combination of hardware (i.e. sensors to capture data) and software (i.e. middleware
or Decision Support Systems). The most of the collected procedures have been
provided by the managers who responded to the survey. Examples of operative
routines include access control, personnel identification, employees background
screening, check up of security measures, cargo screening etc. (Table 3). Routines
have a tactical function, are easy to implement in short term periods and may require
reengineering of processes. When examining the table it is possible to see that few
procedures have a recovery function. Finally lower and middle management is
responsible for the definition and development of these routines, which have to be
practically applied by floor operators.
All the respondents were able to identify at least one operative routine and one
technical system. The most known routine was the screening of employees
background while the most known technical systems to increase security are track
and trace devices or RFID based solutions. Other technical systems were found in
available literature. According to Anderson (2007) and Badolato (2000), the
implementation of specific security routines as well as of technological systems,
properly integrated in supply chain and logistics management, is fundamental.
Badolato (2000) adds that collaboration among private industries and governments
has to be improved to develop effective reporting systems, increase punishments,
promote understanding of cargo theft, support cargo theft task forces, encourage law
enforcement expertise, and adopt effective cargo theft technology. Lin et al. (2006)
emphasize the importance to adopt new technologies in supply chains as biometrics
and surveillance systems. Finally Sheffi et al. (2003) propose technological solutions
for preventive and recovery operations to be implemented in three areas: physical
security, information security and freight security.
IT security systems are often recalled when speaking about enterprise security.
Among available solutions it is possible to distinguish technologies as Firewalls,
Secure Socket Layers (SSL), Application Authentication, Virtual Private Networks
(VPN) as well as systems for Access Control (or Identity Management or
Authentication) (Vacca 2007).
Technical systems meant to protect physical objects include vehicle or perimeter
alarms, vehicle immobilizers, locks or fuel cap locks. Track and Trace systems are
also well-known among practitioners. These are made up of a unit containing a GPS
and a modem to communicate the position of the transport conveyance to a remote
server (Flexview 2008; General Electric 2007a; INDAGON 2007; ZOCA 2008).
These systems can also be installed on trailers or containers if equipped with longlife batteries. Other security solutions to prevent tampering or intrusion in unit loads
12
L. Urciuoli
are locks, hard walls or reinforced curtains, devices for immobilization, tamper
evident seals etc. Locks and tamper evident seals are available as mechanical or
electrical systems. Examples of mechanical locks are padlocks, bolts, cable locks.
Examples of seals are cup seals and metal strap seals. The main difference between
locks and seals is that the former are mainly used to prevent and hinder tampering or
intrusion. Though, they can be indirectly used to detect such events. For instance if a
lock is broken it is evident that something has happened. Electronic seals (RFID tags)
are instead made up of a body that can be installed on multiple levels of physical
objects, thus from single items to pallets, containers, to transportation conveyances. To
collect the data stored on the tags, RFID readers have to be installed at specific
locations (usually the facilities of the distribution system). Often these solutions allow
nesting which gives the possibility to identify items in pallets, pallets in containers and
so forth. Further sensors as GPS, biometrics, satellite communication systems, IR
motion detection, and acoustics, temperature, weight, flow and shock vibration and
more, can be added. Sensor technology is finally coupled with diverse web-services
(often based on Service Oriented Architectures) as track and trace, time/geo-fencing,
alerts, event management and so on (Savi Technologies 2008; HI-G-Tek 2008;
General Electric 2007b). The main difference with mechanical solutions is the
automation of the inspection and reporting processes.
The above solutions are based on Short Range Networks (SRN) whose
functionalities depend on the external infrastructure. Thus tampering can only be
detected when inspecting or reading the tag. To enable real time functions it is
necessary to install a reader and a modem for air communication within the container
or the transport vehicle. GSM/GPRS modems, WIFI or Terrestrial Truncked Radio
(TETRA) networks can monitor inland movements and depend on the network
coverage. Satellite communication is necessary to monitor sea and air cargo
transportation. Some of the examined solutions (General Electric and Indagon)
have the capability to guarantee more robust and free of defect communications by
pre-scheduling airtime communication or exploiting communication via TETRA
networks (Savi Technologies 2008; Collins 2005; Flexview; General Electric 2007a;
INDAGON 2007).
Radio frequencies can also be used for tracing capabilities and recover stolen
objects. For instance a VHF sender could be hidden in the cargo, and remotely
activated only when the object has to be tracked (this can save the battery). The
object to be tracked can be the product itself, its package, a unit load or the transport
vehicle. Once the sender is activated, VHF receivers are used to trace the position of
the stolen object. To accomplish this, a first scanning is done with an airplane to find
out the approximate area in which the stolen object is being hidden. Afterwards
several cars equipped with VHF receivers drive through the area to determine the
exact position of the object. This operation is coordinated with local police forces
(GuardSystems AB 2008).
Other technical systems are available to protect distribution facilities. The most
known are Closed Circuit TeleVision (CCTV) systems (or similarly IP video
systems), perimeter alarms, physical barriers (fences, grinds, reinforced windows or
doors), lightning and High Value Storage Areas. The CCTV systems are camera
based systems to monitor specific areas, internal and external, of a building. These
can be used to prevent and detect an intrusion or suspicious activities. Monitors must
13
Layer 1. The first layer represents the decision makers in the supply chain that
have the responsibility to allocate resources, monitor system performance and
optimize costs and efficiency.
14
L. Urciuoli
Figure 4 The logistics multi-layered framework (adapted from Wandel et al. 1991)
&
&
&
&
&
All the collected security measures have been classified according to the layer that
is meant to be protected or operationally involved. In addition the security solutions
are classified according to their preventing, detecting and recovering function. In this
investigation the role of preventive measures is to be a step ahead of the antagonists,
scare them and to provide security analysts with key information to predict threats.
Detection measures register an attack taking place and send this information to
personnel in charge. Finally recovery measures are all solutions that support
managers in recovering from an attack and reduce its consequences (i.e. detect,
identify and capture the antagonists or the processes to recover stolen cargo or to set
up a new shipment etc.). This classification has been performed for all the three areas
for security improvement identified in this study and can be found in the tables
available at the end of this paper. In the tables, the columns Layer, Prevention,
Detection and Recovery indicate respectively which layers are involved and
15
Description
Aviation and
Transportation
Security Act
3, 5,
6
International Ship
It identifies and assesses main threats
and Port facility
and determine minimum security
Security Code (ISPS) requirements for shipping companies
and port facilities.
3, 4
Container Security
Initiative (CSI)
Customs-Trade
Partnership Against
Terrorism (C-TPAT)
1, 3,
4, 5,
6
Advance Manifest
Rule (AMR)
Authorized
Economic Operator
(AEO)
1, 2,
3, 4,
5, 6
16
L. Urciuoli
Description
Risk
Management
Cycle
Management
Training and
Education
1, 3,
4
1, 3
Flexible
Strategies
1, 3
1, 3,
4
Knowledge and
Processes Backup
Burden Shifting
Increased Safety
Stocks
Substitution
Operations
Decentralization
Increase
Collaboration
among
Enterprises
3, 4
Chief Security
Officer.
3, 4
well as local decision making at each of the facilities that compose the distribution
network including buyers and suppliers. Thus these cannot be directly exploited to
protect the physical objects in layers from 2 to 6 in Figure 4. The measures identified
in this area are mainly focused on preventive and recovery strategies. Thus the focus
17
Description
Restrict Access to
Facility
Awareness of
Vehicles Following
Drivers
3, 4
Be aware of possible vehicles
following the drivers (cargo theft
teams follow their target from the
facility where cargo is loaded and then
hijack the vehicle as soon as they get
the occasion).
False Alarm
Awareness
Protection of Goods
Information
Monitor Inventory
Levels
3, 4
Control carrier and driver identity at
facilities before loading/unloading
operations. Delivery documents,
sealing of vehicle (or removal) must be
inspected by personnel.
Check Delivery
Delays
Periodical Alarm
Check-Up
3, 4,
5, 6
Screening of
Personnels
Background
Security Education
and Training
18
L. Urciuoli
Table 3 (continued).
Operative Security
Routine
Description
3, 4,
6
Avoid Out-Of-Route
Journeys
Avoid Passengers
Pick up
Mechanical/
Electronic Seals
Implementation and
Inspection
Avoid Travelling
Through High-Risk
Areas
Avoid Parking in
High-Risk Areas
Cargo Screening
3, 4,
5, 6
Report Irregularities
3, 4
Employee
Termination
Procedure
Document Security
Process
3, 4
19
Description
Firewall
Secure Socket
Layer
Application
Authentication
Virtual Private
Network
Sound Barrier
Fences and
Barriers
CCTV
Perimeter
Alarm
Lightning
3
Lightning implies the ability to illuminate
areas around a potential target. A good
practice is to orient lights outward the fence
line to illuminate potentials intruders but also
to impede their view.
High Value
Storage Area
Vehicle
Immobilizer
Vehicle Lock
20
L. Urciuoli
Table 4 (continued).
Technical
Systems
Description
Track and
Trace on
Conveyance
Track and
Trace on
Container/
Trailer
Mechanical
Locks and
Seals
3, 5,
6
5, 6
VHF tracer
5, 6
supposed to steer the whole supply chain and its distribution network and
infrastructure, have mostly a preventive and recovery functionality. On the contrary
neither in the known literature nor in the replied surveys, security procedures to
restore supply chain operations to stable conditions have been encountered.
The technical systems collected can cover all the layers of Figure 4 and include
solutions from Decision Support Systems to improve decision making in Layer 1,
down to RFID tags that can be applied on products or materials in Layer 6. All the
solutions identified have a preventive function and almost all of them can detect
intrusion or tampering activities, while about half of the technical solutions offer
recovery capabilities.
The developed multi-layered framework can also be used to explain three
important concepts in security: hardness of the target, weak spots elimination and
real time monitoring. Managers have to put their efforts in making difficult for
antagonists to perpetrate an attack. A way to accomplish this is by aggregating
available security measures into hybrid systems. It is well know that combined
security solutions make it harder for antagonists to break into a target and are more
efficient in discouraging them from carrying out an attack. The elimination of weak
spots is also relevant since hardening the protection of only few facilities in the
distribution network will only transfer the problem to other nodes or links where it is
easier to perpetrate the attack. Likewise weak spots should not be left in any of the
layers identified in the framework in Figure 4. Installing an RFID based security
system on a container and its cargo will not hinder criminals to steal the whole
21
Discussion
This paper has the ambition to provide supply chain and security managers with a
comprehensive overview of security solutions including compulsory governmental
regulations, managerial strategies, operative routines and technical systems (Figure 5).
It also gives the possibility to managers to benchmark their security approaches
with those that have been collected in this research. In addition the developed multilayered approach enhances the comprehension and classification of the results
as well as it makes easier to identify weak spots in supply chains and related
countermeasures.
Examining the collected results it can be noticed that there are some fundamental
dissimilarities between the three areas for security improvement identified in the
third section of this paper. Governmental initiatives focus on trading, financial and
Customs related procedures. Management strategies have the focus on disruption
and recovery operations. Operative routines have only a preventive and detecting
functionality which highlights the lack of operative procedures to put into practice
management strategies. Technical systems offer a good balance of prevention,
detection and recovery devices.
The developed multi-layered framework brings to light the importance of
hardening a target, remove weak spots in supply chains by identifying proper
countermeasures and to enhance visibility by providing decision makers with real
time monitoring capabilities.
Figure 5 The three security measures areas applied to the multi-layered framework
22
L. Urciuoli
&
&
&
&
&
&
23
sion of security across the whole supply chain (including all the elements of the
distribution network and all the layers of the logistics multi-layered framework).
Finally future research should be carried out to confirm the hypothesis of this
knowledge gap and to argue on its possible reasons.
Acknowledgement I wish to thank the Swedish Governmental Agency for Innovation Systems
(VINNOVA) and the Next Generation Innovative Logistics (NGIL) centre for the economical support
given to this research. I am also grateful to the SecureFlow05 board and its consortium for all the
practical help they gave me as well as for the access to security and logistics professionals that agreed to
participate to my survey. I would also like to thank the reviewers of the IMRL 2008 conference for the
feedbacks and comments they gave on a preliminary draft of this paper. Finally I want to thank my
supervisors at the division of Engineering Logistics in Lund, Prof. Sten Wandel and Prof. Andreas
Norrman for their support and feedback.
Appendix 1
The recent events in Sweden as well as around Europe has raised the attention to
theft activities that are negatively burdening todays supply chains with unexpected
costs and delays. The European Parliament has reported stolen vehicles and goods
for a value of about 8,2 billions each year (according to calculation made on
statistics data collected by TAPA EMEA). By adopting the same calculation models,
Cargonet has estimated a yearly loss of goods transported in Sweden of about SEK
24 billions.
The present survey has been developed within the SecureFlow 05 project
which started in Sweden and is financed by VINNOVA with the main objective
to gather knowledge and solutions to secure the flows of goods while keeping a
high degree of efficiency. This means that the Swedish government feels the
necessity for joining and contributing to the securitys discussions initiated first
by the US and afterwards by Europe. The SecureFlow05 project is meant to 1)
awaken the consciousness of the security problem affecting the present supply
chains and build knowledge within the Swedish industrial sectors, research
institutes, and national agencies and 2) develop a link with the ongoing security
research programmes in Europe. In particular this survey aims at gathering
knowledge about the state of the art of technologies and procedures that today can
be used for improving theft security and efficiency in transport and logistics
operations. The next steps that will follow this survey will be to assess the impact
of these technologies by means of similar surveys that will be sent later in a
sequential order (evaluation sessions).
The present survey is structured in two distinct tables: the first to collect
information about security systems and the second about security procedures.
24
L. Urciuoli
Three examples have been included to facilitate the compilation of the form. The
columns of the matrix are divided as it follows:
Name of security system
Input here a) name, b) examples of providers of the system together with a short
description as well as links and references that could be used to deepen our
understanding of the solution.
Components of the technology
Include here the technical components that are part of the security system. Please
structure your response by using Component1:, Component2: and so on. See the
included examples for further details about how to compile this part of the survey.
Type of system
The security system can be classified as:
&
&
&
&
25
Type of procedure
The security procedure can be classified as:
&
&
&
&
TRANSPORT CARRIER: the transport operator in charge (rail, road, ocean and air).
LOGISTICS SERVICE PROVIDER: the actor coordinating the distributions
operations.
FACILITY OPERATOR: cross-docking terminals, intermodal terminals and
warehouses for temporary storage.
GOODS OWNER: the owner of the goods.
LOAD UNITS OWNER: the owner of the load units.
SUPPLIERS: The suppliers of components and products and their facilities
(production and distribution).
RECEIVER: the actor receiving the goods.
Please indicate your choice by putting a cross in the checkbox. If you think other
relevant actors are missing please add them to the table.
External actors involved
A security procedure can require the application of processes involving diverse
external actors. These are the following:
&
&
&
&
Please indicate your choice by putting a cross in the checkbox and possibly
specifying the name of the actor in the textbox. If you think that other actors are
missing in the table please add them.
Please fill in the survey and fell free to leave parts of it not answered. Your filled survey
is expected to be sent back to the e-mail below by the 15 Feb 2008. If you have any kind
of questions please dont hesitate to contact me or leave comments at the end of this
26
L. Urciuoli
document. Finally dont forget to write your contact details (at the end of this document)
and indicate 1) if you wish to receive a copy of the final results and 2) if you want to
participate the upcoming sessions to evaluate the security systems and procedures.
The results of this survey will be reported to members of the Swedish GVG
(Godsvrdsgrupp) group, in upcoming events organized by the SecureFlow05
project and finally in a scientific article. Please let me know if you have any
concerns about anonymity or secrecy of part of your answers.
Thank you for your collaboration!
Best Regards,
Luca Urciuoli
TABLE OF SECURITY SYSTEMS (REPLICATED 10 TIMES)
NAME AND
DESCRIPTION
(include provider
name)
Description of Components
Involved
External actors
are:
1. National
Customs
2. National
Police Forces
3. Others (pls.
specify)
27
References
Abbott G, Thomas R, Brandt L (2003) Commercium interrupts: supply chain responses to disaster,
acquisition policy. Fort McNair, Washington 20319-5062
Anderson B (2007) Securing the supply chainprevent cargo theft. Security 44(5):5658
Asbjrnslett BE (2008) Assessing the vulnerability of supply chains. In Supply chain risk. International
Series in Operation Research and Management Science. Springer US, vol. 124, pp. 1533
Badolato EV (2000) Smart moves against cargo theft. Secur Manage 44(7):110115
Bichou K (2004) The ISPS code and the cost of port compliance: an initial logisitcs and supply chain
framework for port security assessment and management. Marit Econ Logist 6(4):322348
CBP (2006) Container security initiative, 20062011 strategic plan. U.S. Customs and Border Protection.
Available from: http://www.cbp.gov, 1st August 2006
CBP (2008) C-TPAT: customs trade partnership against terrorism. http://www.cbp.gov/xp/cgov/trade/
cargo_security/ctpat/, 1st March 2008
Closs DJ, McGarrell EF (2004) Enhancing security throughout the supply chain. IBM Center for the
Business of Government, Special Report Series, April 2004
Coghlan A (2006) The medicines that could kill millions. New Scientist, Available from: http://www.newscientist.
com/channel/health/mg19125683.900-the-medicines-that-could-kill-millions.html, 1st August 2008
Collins J (2005) IBM, MAERSK developing cargo tracker. RFID Journal, Available from: http://www.
rfidjournal.com/article/view/1884/1/1, 1st September 2006
CP3 Group (2005) Benefits from implementation of the WCO framework of standards to secure and
facilitate global trade. http://www.cp3group.com/attachments/WCO_benefits.pdf, 1st April 2005
CP3 Group (2006) AEO guidelines. http://www.cp3group.com/attachments/AEO%20guidelines.pdf, 1st
February 2006
Crone M (2006) Are global supply chain too risky? A practitioners perspective. Supply Chain Manag Rev
10(4):2835
Cuneo EC (2003) Safe At Sea, private industries take the lead with technology to secure nations ports.
Information Week, 7th April 2003
Ekwall D, Lumsden K (2007) Differences in stakeholder opinion regarding antagonistic gateways within
the transport network. Nofoma Proceedings, Reykjavik, 2007
European Parliament (2004) Regulation (EC) No 725/2004 of the European Parliament and of the council of
31 March 2004, On enhancing ship and port facility security. Official Journal of the European Union.
Available from: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2004:129:0006:0091:EN:
PDF. Accessed 29 April 2004
European Parliament (2005) Directive 2005/65/EC of the European Parliament and of the Council of 26
October 2005, On enhancing port security. Official Journal of the European Union. Available from:
http://eur-lex.europa.eu/LexUriServ/site/en/oj/2005/l_310/l_31020051125en00280039.pdf. Accessed
25 November 2005
European Parliament (2007a) Organised theft of commercial vehicles and their loads in the European UnionRep.
No. 610. Directorate General for Internal Policies of the Union, Brussels: ACEA. Accessed 1st June 2007
European Parliament (2007b) Securityprotection of persons, of assets and the facilities. http://ec.europa.
eu/dgs/energy_transport/security/intermodal/. Accessed 22 August 2007
Flexview (2008) Positioning and security. http://www.flexview.com. Accessed 23rd January 2008
General Electric (2007a) Veriwise asset intelligence asset tracking. http://www.trailer-services.com/
veriwise/. Accessed 5th November 2007
General Electric (2007b) Commerce guard: protecting and tracking global trade. http://www.geindustrial.
com/ge-interlogix/docs/commerceguard_overview.pdf. Accessed 5th November 2007
GuardSystems AB (2008) Trackguard. http://www.guardsystems.com/category.php?categoryID=585.
Accessed 1st June 2008
Haughton MA (2007) Examining the business case for shipper participation in Canada-USA trade security
programmes. International Journal of Logistics Research and Applications 10(4):315331
HI-G-Tek (2008) Highly intelligent RFID solutions. http://www.higtek.com/. Accessed 1st September 2006
IMO (2004) Guidance relating to the implementation of SOLAS Chapter XI-2 and the ISPS Code. http://
www.imo.org/includes/blastDataOnly.asp/data_id%3D9381/1111.pdf. Accessed 7th June 2004
INDAGON (2007) Products and services overview. http://www.indagon.com/en/products.php. Accessed
1st October 2007
28
L. Urciuoli
INFERNO (2008) Inferno security barriers. http://www.inferno.se. Accessed 1st March 2008
ISO (2008) International organization for standardization (ISO)international standards for business.
Governments and Society. Available from: http://www.iso.org/iso/home.htm. Accessed 15th April 2008
Katarelos ED, Alexopoulos AB (2007) The masters role in relation to the safety of the port, particularly
under the concept of the ISM and the ISPS codes. International Symposium on Maritime Safety,
Security and Environmental Protection, Athens (Greece), 20th September 2007
Khemani K (2007) Bringing rigor to risk management. Supply Chain Manag Rev 11(2):67
Lee HL, Whang S (2005) Higher supply chain security with lower cost: lessons from total quality
management. Int J Prod Econ 96(3):289300
Liard M (2007) Cargo container security trackingRFID, cellular and satellite communications for supply
chain management and national security. White Paper, ABI Research
Lin C-H, Liou D-Y, Wu K-W (2006) Opportunities and challenges created by terrorism. Technol Forecast
Soc Change 74(2):148164
Mottley R (2002) Terminal troublescontainer terminal operators worry about cost and extent of security
procedures. American Shipper
Peck H (2006) Reconciling supply chain vulnerability, risk and supply chain management. International
Journal of Logistics Research and Applications 9(10):127142
Peleg-Gillai B, Bhat G, Sept L (2006) Innovators in supply chain security - better security drives business
value. Stanford University - The Manufacturing Institute. The Manufacturing Innovation Series
Prokop D (2004) Smart and safe boarders: The logistics of inbound cargo security. International Journal of
Logistics Management 15(2):6576
Rice JB, Spayd PW (2005) Investing in supply chain security: collateral benefits. Special Report Series,
IBM Center for Business of Government, May 2005
Rodwell S, Van Eeckhout P, Reid A, Walendowski J (2007) Study: effects of counterfeiting on EU SMEs and a
review of various public and private IPR enforcement initiatives and resources. http://ec.europa.eu/enterprise/
enterprise_policy/industry/doc/Counterfeiting_Main%20Report_Final.pdf. Accessed 31st August 2007
SAVI Technologies (2008) RFID visibility for supply chain networks. http://www.savi.com. Accessed 1st
October 2006
Schilk G, Blumel E, Recagno V, Boev W (2007) Ship, port and supply chain security concepts
interlinking maritime with hinterland transport chains. International Symposium on Maritime Safety,
Security and Environmental Protection. Athens (Greece), 20th September 2007
Sheffi Y (2001) Supply chain management under the threat of international terrorism. Int J Logist Manag
12(2):111
Sheffi Y, Rice JB Jr, Fleck JM, Caniato F (2003) Supply chain response to global terrorism: a situation
scan. EurOMA-POMS Conference, Como (Italy), 17th June 2003
Simchi-Levi D, Sider L, Watson M (2002) Strategies for uncertain times. Supply Chain Management
Review, January 2002
Tang CS (2006) Robust strategies for mitigating supply chain disruptions. International Journal of
Logistics Research and Applications 9(1):3345
Unisys (2007) White papersecure commerce roadmap. http://www.securityunleashed.com/pdf/Secure%
20Commerce%20RoadMap_.pdf. Accessed January 2007
US Congress (2001) The aviation and transportation security act, P.L. 107-71. http://www.tsa.gov/assets/
pdf/Aviation_and_Transportation_Security_Act_ATSA_Public_Law_107_1771.pdf. Accessed 19th
November 2001
Vacca JR (2007) Practical Internet security. Springer US, ISBN 978-0-387-40553-9
Van Oosterhout MPA, Veenstra AW, Meijer MAG, Popal N, Van den Berg J (2007) Visibility platforms.
International Symposium on Maritime Safety, Security and Environmental Protection, Athens
(Greece), 20th September 2007
Wandel S, Ruijgrok C, Nemoto T (1991) Relationships among shifts in logistics, transport, traffic and
informatics - driving forces, barriers, external effects and policy options. In Storhagen NG & Huge M
(eds). Logistiska framsteg, Studentlitteratur
Willys HH, Ortiz DS (2004) Evaluating the security of the global containerized supply chain. RAND
Corporation, Santa Monica
Workshop on Transportation Security (2007) Jnkping (Sweden), Seminarium organized by the Swedish
Law Enforcement Agency, 21 Nov 2007
ZOCA (2008) Taking container security to the next level. http://www.zoca.nl. Accessed 1st October 2006
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.