J Transp Secur (2010) 3:128

DOI 10.1007/s12198-009-0034-3

Supply chain securitymitigation measures

and a logistics multi-layered framework
Luca Urciuoli

Received: 12 October 2009 / Accepted: 28 October 2009 / Published online: 27 November 2009
# Springer Science+Business Media, LLC 2009

Abstract Statistics show that large amounts of goods moved in distribution chains
incur the risk for being stolen, counterfeited or contaminated. At the same time terror
threats for smuggling weapons of mass destructions, or intentionally altering products,
are pushing governments to require higher security from logistics and transport
operators. As a consequence, supply chain managers have to face the difficult task of
choosing among extensive sets of security solutions to protect their distribution
networks. Many and conflicting analyses can be found in available scientific literature.
Therefore this paper provides with an overview of available security solutions so as a
framework to identify weak spots and related countermeasures in distribution chains.
Moreover recommendations for managers and future research are put forward. A
combination of methods is adopted: a literature search, a survey to collect security
solutions, structured interviews, and collection and classification of the findings.
Keywords Antagonistic threats . Supply chain security . Physical distribution
security . Security measures . Security certifications

Introduction
During the last years, antagonistic threats in supply chains, and more specifically in
their distribution operations and facilities, have become increasingly important.
Theft is a worrying phenomenon incubated in distribution chains and costing billions
L. Urciuoli (*)
Engineering Logistics, Department of Industrial Management and Logistics, Lund University,
Ole Rmers Vg 1, Box 118, 221 00 Lund, Sweden
e-mail: luca.urciuoli@tlog.lth.se

L. Urciuoli

of Euros every year to involved stakeholders (Anderson 2007; Badolato 2000;

European Parliament 2007a). Counterfeiting is another major concern for industries
because of the related loss in brand image. According to a recent investigation
published by the Organization of Economic Cooperation and Development (OECD),
in 2007 counterfeited and pirated items amount to $176 billion. Among targeted
products, pharmaceutical, especially life-savings, are primarily worrying governments because of their potential threat against public health and safety (Rodwell et
al. 2007). Coghlan (2006) states that fake medicinal distributed in developing
countries are killing hundred thousands of persons every year. These figures are
believed to be highly imprecise since, for obvious reasons, goods owners are afraid
to inform the public about the proportion of fake products that customers may
purchase at retail shops. In addition, the statistics from the OECD and the European
Parliament (Rodwell et al. 2007; European Parliament 2007a) show only the amount
of fake products that has been detected by authorities. The real magnitude of the
phenomenon is still unknown and is hard to determine since counterfeited products
are becoming harder and harder to distinguish from genuine ones (Ekwall and
Lumsden 2007).
Terror threats (i.e. nuclear weapons smuggling, counterfeiting or contamination of
products) are instead pushing governments to increase inspections at country
boarders and claiming higher restrictive regulations (i.e. the Customs Trade
Partnership against Terrorism, the Authorized Economic Operators, etc.) from
transport and logistics service providers (CBP 2006, 2008; European Parliament
2004, 2005, 2007b). These events testify an increased vulnerability in distribution
chains.
The consequences of theft or terror attacks on distribution chains can be
unexpectedly huge. Usually the invoice value of the lost goods or the damage in
health and infrastructure in case of a terror attack are only the top of the iceberg of
the costs borne by industries and societies. There are further hidden costs that
shouldnt be underestimated. For instance the loss of goods in distribution chains can
lead to disruptions and a consequent direct loss for private industries owning the
cargo or taking care of the transportation of goods (Anderson 2007; Badolato 2000;
Abbott et al. 2003).Terror related risks in distribution chains can cause the fatality of
human beings and damage to infrastructure and its economical functions. In
addition, Mottley (2002) states that the possible economic impact of a terrorist attack
performed with weapons of mass destruction could not only cause losses for the
community in form of human lives, damage of infrastructure, and fear, but also loss
of economic growth and business confidence. Even the protection measures issued
by governments, in form of inspections and scanning of containers at country
boarders, are resulting into additional costs in form of delivery uncertainty (Lee and
Whang 2005; Sheffi 2001).
According to some authors the increased awareness towards security so as the
increased vulnerability of supply chains is an indirect consequence of the
globalization and Just In Time (JIT) management principles that inevitably
determine the higher exposure of supply chains to antagonistic threats (Khemani
2007; Crone 2006; Unisys 2007). Crone (2006) compares todays globalization
strategies to the classic story of the Trojan War where the Trojans failed to see the
risks of what appeared to be a benefit. Likewise a white paper published by Unisys

Supply chain security

(2007) shows that security gaps are identified at foreign ports, where supply chains
stakeholders lack knowledge of local culture, legislation, etc. (Figure 1).
Other factors may be responsible for the vulnerability of supply chains. These are
the lack of knowledge about security measures, lack of preparedness to this kind of
threats but also lack of incitement to secure transportation when making agreements
between consignors and consignees of supply chains (Workshop on Transportation
security 2007; Unisys 2007; Sheffi 2001).
The improvement of supply chain security cannot be certainly achieved by
interrupting the JIT and globalization trends, since these trends ensure the economic
growth of the global economy and therefore cannot be reverted. On the contrary,
supply chain facilities and operations can be secured by introducing new
technologies, routines or by complying with compulsory or voluntary security
certifications. However supply chain managers are experiencing the difficulty of
choosing among extensive sets of security measures. The reasons can be found in the
lack of proper knowledge of security so as in the difficulty experienced to classify
mitigation measures, asses their impact and compute business cases (Rice and Spayd
2005; Lee and Whang 2005; Workshop on Transportation security 2007; Unisys
2007; Sheffi 2001). Thus it becomes relevant to enhance the comprehension of
mitigation measures and obligatory requirements and show how these can be
implemented in supply chains.
Previous research puts also in evidence the importance of increasing supply chain
or distribution security either by introducing mitigation measures or joining security
certifications. However many and conflicting analyses and recommendations may be
found in the literature, in various articles, and handbooks for security. Unisys (2007)
highlights how the introduction of security measures can reduce security gaps among
foreign and inland operations (Figure 1). Sheffi (2001) identifies three areas where
security solutions should be implemented: supply chain management, public/private
cooperation and assets organization. Peck (2006) underlines the importance of risk
management to reduce security threats and extends the concept of supply chain risk
management from corporate security and business continuity to national security and
emergency planning. In addition the author points out the importance to reduce
congestion at US ports of entry and to invest in security technology in ports of exit
(Peck 2006). Other authors emphasize the importance for evaluating the costeffectiveness of mitigation measures. Lee and Whang (2005), in accordance to the
Total Quality Management (TQM) doctrine, show how the implementation of RFID

Figure 1 Current and future state of security in foreign and inland supply chains facilities (Unisys 2007)

L. Urciuoli

based technologies can speed up inspection operations and provide operators with
time and costs savings. Rice and Spayd (2005) show that investing in security can
also bring collateral benefits as trade facilitation, asset visibility and tracking,
faster standard development etc. Haughton (2007) demonstrates the economical and
competitive advantages for large and small shippers becoming FAST-approved (Free
And Secure Trade). The acquisition of the FAST status may provide shippers with
faster trans-border operations and consequently a substantial advantage on the export
market (Haughton 2007). None of the known literature presents a comprehensive
overview of security solutions, classify it and integrate it into a logistics based
framework.
This paper is part of the SecureFlow05 project, financed by the Swedish
governmental agency for Innovation Systems (VINNOVA) and provides readers
with a logistics oriented multi-layered approach to classify available security
solutions on the marketplace to combat antagonistic threats in distribution chains.
The main aim of this research is to determine how to narrow the knowledge gap
among managers and also how to make available to them the findings from the
literature in the field. Security problems often are multifaceted and dependent on the
specific context (geographical, cultural etc.) in which they take place. Therefore
managers need to have access to comprehensive lists of security solutions to be able
to choose the ones that better fit their logistics and security requirements. In addition
the logistics multi-layered framework developed in this investigation will support
them in the identification of weak spots and related countermeasures.

Methodology
To gain a clearer picture of security needs and knowledge of managers, several
methodological steps had to be accomplished. This process is shown in the diagram
flow in Figure 2. First of all a literature search was performed to gain a clearer
picture of the status of the research driven in security, including the analysis of
Figure 2 Outline of the
methodology

Literature Search

First Draft
Survey/Establishment of
Survey Group

Second Draft Survey

Findings Review and

Classification

Supply chain security

management strategies, technical tools and certifications. After that, a first draft of
the survey was prepared and sent to a group of potential respondents. Due to the low
response rate the survey was made simpler and sent again. The collected results were
categorized and put into a layered framework.
Literature search A literature search was performed to gather previous research that
was performed in the security area. Main keywords used to search into scientific
journal databases were security technologies, security and logistics, security
technologies and distribution chains, supply chain management and security
technologies. The homepages of security solution providers were also a
fundamental source of information that was used to enrich the description of the
gathered solutions. In addition, the websites of the US and European Customs were
examined to find relevant information about security certification programmes.
First draft survey A draft of the survey, meant to collect security solutions, was
prepared and internally reviewed within the division of Engineering Logistics in
Lund, to get further comments and corrections from other expertise. The final first
draft, finished in August 2007, contained an introduction to the problem investigated
within the research and two sets of distinct tables: the first to gather information
about security systems and the second about security procedures. The table for the
collection of security systems was split into six columns. The first two columns
asked for open answers about the name of the known security system, hyperlinks to
existing providers on the marketplace and the components constituting the system.
The last four columns asked respectively for the part of the distribution chain
where the system was implementable, Type of Security Solution (Prevention,
Detection or Recovery), Type of Unit Load the Solution was applicable to and
Type of Resources the Solution was applicable to. This information had to be
gathered to get a deeper understanding about how security systems, procedures or
certifications work. The respondents had the possibility to check boxes under each
column to simplify the answering procedure or to propose eventually missing
alternatives. Similarly the table for the collection of security procedures was made of
five columns. The first two were open questions in which respondents could specify
the name of the procedure (possibly by mentioning the corresponding ISO code),
and the processes composing the procedure. The last three questions were instead
made up of checkboxes and asked for Type of Security Procedure (Prevention,
Detection or Recovery), Distribution Chains Actors involved and External
Actors involved. These were also fundamental to understand the main processes and
actors involved in the security procedure. At the end of the survey, the respondents
were given the possibility to make comments, specify their companys business area
and provide with their contact details.
Establishment of survey group A first survey group of about 30 persons, working
with security issues and belonging to different organizations, was contacted through
the industrial consortium set up for the SecureFlow05 project. Some of them were
interviewed by phone to get faster feedbacks and further contacts to be added to the
survey group. Other potential members were contacted through participation to ongoing workshops about security. To give the survey group an international character,

L. Urciuoli

other security managers were contacted through security forums, organizations

homepages (especially technology providers), conferences and certification programmes (TAPA EMEA) in Europe. This resulted into a group of 76 persons to
whom the first draft of the survey was sent by email in September 2007. The
deadline for the answers was set on the 10th of November 2007. The surveyed
population was made up of the following main groups:
&

&
&
&

&

&

Transportation companies. This group comprises companies operating as

logistics service providers, transport carriers (including all transport modes: air,
sea, rail and road), road/rail intermodal facility operators and road carriers
specialized in secure transportation. The group was made up of a total of 24
contacts belonging to 15 different companies.
Sea/Air Facility operators. The group includes actors owning facility dealing
with sea and air operations (ports and airports). The group was made up of 9
security managers belonging to 4 different companies.
Goods Owners. This group included respondents from industries working
within food, electronics and pharmaceuticals sectors. 10 managers belonging to 6
different companies were in the group.
Diverse Security Organizations. Diverse organizations working with security
included police forces, customs, the Swedish Theft Prevention Association
(SSF), larmtjnst AB (company collaborating with insurance companies), the
Swedish Rescue Services Agency, SP technical Research Institute of Sweden and
the Swedish Cost Guard and the Swedish Association of Road Haulage
Companies. The group was made up of 18 persons working with security issues
in 12 different organizations.
Technology Providers. This group included technology providers working in
different sectors as automotive, RFID, suppliers of security systems and
telematics companies working with security. 9 managers for a total of 7
companies belong to this group.
Academics. This group was made up of 6 representatives from three universities
and one research institute.

Survey second draft The results of the first draft gave very low responses.
Contacting by phone some of the emailed contacts the motivations for not answering
were diverse. Some of them hadnt enough time; others experienced the survey as
too complicate because of its structure or the English language. Finally the most of
the contacted persons were worried about the confidentiality of the results collected
in the survey. Security is a sensible factor for industries that should not be disclosed
to external actors, since these could take advantage of the information to attack the
weak points of a target. In virtue of these comments the survey was modified. In
the introducing text it was underlined that respondents were 1) free to leave parts of
the survey unanswered and 2) invited to contact us in case of anonymity and secrecy
concerns. Finally the table of security systems was shrunken to include only the first
three columns. The new survey was sent back, to the managers who didnt reply to
the first draft, in December 2007. The deadline for replying was set on the 29th of
February 2008. A copy of the final draft of the survey is given in the Appendix at the
end of this report.

Supply chain security

Interviews To increase the response rate of the survey some of the group members
were interviewed. The interview started with a summary of the background of the
research, its scope and an overview of the tables of the survey to be filled in. These
interviews had a well defined structure since they were performed by filling in the
tables prepared for the survey.
Findings review and classification At the end of this process a group of totally 76
managers working with security was gathered and emailed the survey to. To increase
the response rate, some of the surveys were filled in via telephone interviews. 16
members of the group replied the survey back (21%), 5 were interviewed (6%),
while 4 members explicitly declared that they couldnt join the investigation because
of lack of time or secrecy issues (5%). Finally, 42 managers never answered (55%)
and 9 (11%) surveys could not be delivered to the available email addresses. The
results collected were grouped into three areas: governmental initiatives, management strategies, operative routines and technical systems. A further classification of
the findings according to their capability for preventing, detecting and recovery from
antagonistic attacks was performed. Finally a logistics multi-layered approach was
developed to support managers in the identification of weak spots and related
countermeasures.

Analysis and classification

The analysis of the findings collected from the literature review and the survey
revealed three major areas that may improve supply chain security. These are
Governmental Initiatives, Management Strategies and Operative Routines and
Technical Systems (Figure 3).
Governmental initiatives Only 19% of the respondents showed knowledge of the
on-going governmental initiatives that is going to improve the security of supply
Figure 3 The three areas for
supply chain security
improvement

L. Urciuoli

chains. However more detailed information, presented in this paper, has been
gathered from material made available by the homepages of US and European
Customs. Several initiatives have been issued by governments around the world to
prevent catastrophic consequences on society.The first security enhancements were
implemented in the air sector a few months after the attacks in New York (US
Congress 2001). The Aviation and Transportation Security Act called for a
noticeable increment of inspections and 100% screening of cargo loaded on
passenger planes. Similar reforms have been adopted in Germany, UK and
Singapore. The sea sector followed the air sector when the International Ship and
Port facility Security code (ISPS) was widened to include a standard framework, for
the identification and assessment of vulnerabilities of sea transportation and port
facilities by means of risk analysis, was included in (Katarelos and Alexopoulos
2007; Bichou 2004). This framework came into force in 2004 and it explicitly
identifies the main responsibilities of governments, shipping companies, and port/
facilities to detect and prevent security threats. Risk analyses are the core instrument
adopted in the ISPS code to identify, assess main threats and determine minimum
security requirements (IMO 2004).
The Container Security Initiative (CSI) was introduced in US in January 2002 in
US. The CSI highlight the importance of developing domestic bilateral agreements
to permit the exchange of Customs officers in US. In addition it is fundamental to
allow benchmarking and improvement in inspection and clearance processes of
containerized cargo. To accomplish this task, the Customs and Boarders Protection
(CBP) has identified four main elements in the CSI programme (CBP 2006):
&
&
&
&

Take advantage of advanced information and strategic intelligence to identify

high risks containers.
Screen and inspections of containers has to be performed as early in the supply
chain as possible.
Technological tools as X-ray and Gamma ray machines and radiation detectors
are fundamental for screening operations of high risk containers.
Intelligent and secure containers are recommended to support CBP officers in the
identification of tampered containers.

According to Customs officers, the development of a robust network will smooth

the progress of continuous flow of trade as well as prompt resume of trade through
CSI ports in case a terrorist event should occur. Since capacity constraints dont
permit inspections of every container shipped to US, the Customs and Boarders
Protection (CBP) takes advantage of advanced information and strategic intelligence
to identify high risks containers and screen them by means of technological tools as
X-ray or Gamma ray machines and radiation detectors. Different ports around the
world are joining the initiative, including the European Union (CBP 2006).
Collection of advanced information becomes a relevant operation to decide a
container inspection is to be performed. To support such decisions, the CustomsTrade Partnership against Terrorism (C-TPAT) was issued by the US government in
April 2002, to gather representatives from the US Customs Boarder Protection
(CBP) and the private sector and develop a list of minimum security requirements
for shippers and carriers. The ultimate goal of these guidelines is the identification of
less risky cargo (Cuneo 2003). A Supply Chain Security Specialists team (SCSS) is

Supply chain security

in charge to accomplish this task and determine companies security profiles

according to such factors as security related anomalies, shipping geographic regions,
other risk related information, or import volumes. The stakeholders involved and
recommended to follow the minimum security requirements, are: Marine Port
Authority and Terminal Operators, long haul carriers, customs brokers, air carriers,
rail carriers, foreign manufacturers, highway carriers, importers and sea carriers
(CBP 2008).
Another important issue is the communication of information about the cargo to
be shipped to US. To define this requirement, the Advance Manifest Rule (AMR)
initiative is in force from February 2003. The AMR initiative oblige shippers to
submit to US Customs detailed cargo information 24 h prior loading containers on
ships (Van Oosterhout et al. 2007). When the containers are delivered information is
checked by customs officers, and consequently anomalies may be detected (CBP
2008). The same information can even be used by the CBP to designate if the cargo
can be loaded on a vessel or to make decisions about inspections (Automated
Targeting System). This is important in order to reduce the number of containers to
be scanned (CBP 2008).
To allow the dissemination and harmonization of standard procedures, the World
Customs Organization (WCO) has developed the SAFE framework of security
standards. Within this framework, the European security concept, the Authorized
Economic Operator (AEO), has been developed. The final objective of the standard
framework is to facilitate global trade (CP3 Group 2006). The scope of the AEO
initiative is to detect high-risk cargo as early as possible in supply chains and in a
resource-efficient way (CP3 Group 2005). To gain certification, firms have to
comply with a set of criteria: Customs compliance history, adoption of appropriate
system for documenting commercial reports, financial solvency, information
exchange, security of conveyance, cargo and personnel as well as monitoring and
follow up of guidelines consistency and integrity of security systems. In this way,
each European Customs is stimulated to establish a partnership with the private
sectors and grade their security degree. The AEO initiative is believed to bring a
win-win situation to both companies and customs. Companies complying with the
certification will benefit expedited clearance procedures at inspection sites while the
Customs will improve their resource utilization and operational efficiency (CP3
Group 2006).
None of these programmes focus on the protection of rail and road transport
operations, including their assets and facilities. Thus the European Parliament in
2006 issued a proposal for Regulation of the European Parliament and of the
Council on enhancing supply chain security (79/2006). The proposal calls for
improved risk assessment and cost benefits analysis as well as comprehensive
harmonization of security measures by means of equal judgment of all transportation
modes in an integrated way (Schilk et al. 2007; European Parliament 2007). This is
necessary not only from a security perspective but also for modal competition issues.
Those transportation modes, as sea and air, that have already introduced security
measures are bearing costly investments that have to be internalized in higher
transportation rates.
The application and harmonization of security systems through assets of
distribution chains should follow the guidelines proposed by the International

10

L. Urciuoli

Organization for Standardization (ISO). Examples are the ISPS standards to certify
ports (ISO/PAS 20858:2004), the security requirements to enhance supply chain
security (ISO/PAS 28000:2005), freight containers seals specifications (ISO/PAS
17712:2006), supply chain security best practices (ISO 28001:2006) so as e-seals
communication protocols, application requirements, environmental characteristics,
data protection and the physical layer to ensure free of defect functionality (ISO
18185:2006/2006) (ISO 2008).
Management strategies None of the managers that participated to this study
mentioned managerial strategies, which are instead collected exclusively from
existing literature. The focus of these measures is mainly on supply chain risk
management to mitigate disruptions consequences (Peck 2006; Tang 2006).
Asbjrnslett (2008) introduces the concepts supply chain robustness, or resilience,
that are equivalent to the ability of supply chains to resist to antagonistic attacks,
adapt to events and recover to stable conditions. Major disruptions in supply chains
have pushed the development of more efficient and resilient supply chain strategies.
Some authors recommend adopting managerial strategies to rethink supply chains by
reducing transport content, using transportation more efficiently and improving
sourcing strategy (Crone 2006; Simchi-Levi et al. 2002; Abbott et al. 2003). For
instance, after the production breakdown experienced few days after the terror
attacks in New York in 2001 and the consequent shut-down of the US Customs,
Ford Motor Company, decided to rethink its lean inventory IT system to build a
more resilient supply chain with more buffers and inventories (Lin et al. 2006).
Simchi-Levi et al. (2002) encourage companies to 1) re-think their supply chain
operations by applying hedging and flexible strategies, 2) perform what if analysis
and 3) improve collaboration and outsourcing. Lee and Whang (2005) state that
higher security can be achieved at lower costs according to the Total Quality
Management (TQM) doctrine. Sheffi (2001) put in evidence the importance of dualsourcing, dual-manufacturing and dual-inventory to reduce the risk of disruptions.
Likewise risk management, knowledge and process backup, decentralization of
operations and redundancy are also pointed out as fundamental practices. Sheffi
(2001) highlights the importance to improve public-private cooperation, assets
reorganization and calls for the introduction of a security manager that is familiar
with corporate environment issues so as with risk assessment techniques. Finally
Many authors express the confident hope that working to improve the vulnerability
of supply chains will undeniably strengthen logistics and transportation systems by
increasing overall efficiency. Rice and Spayd (2005) state that security regulations
must be designed in a way to improve security without affecting the costs and the
complexity of supply chains. Peleg-Gillai et al. (2006) affirm that better security
drives business value. Willys and Ortiz (2004) propose a framework to evaluate
security solutions and identify those that dont affect supply chains efficiency.
Prokop (2004) states that Customs have to enhance security without negatively
affect efficiency and national economy. Closs and McGarrell (2004) highlight the
importance of cooperation between private and public sectors to maximize both
security operations and supply chain efficiencies.
The collected management strategies have mostly a holistic character, involve
long-term operational planning and are meant to support recovery operations of all

Supply chain security

11

the elements of supply chains after a disruption (see Table 2). Thus it is important to
specify that almost all of the measures collected are not intended to detect antagonist
attacks but are instead meant to prevent and recover shipments as well as to avoid or
mitigate the consequences of transport disruptions in supply chains. Finally top and
middle management is involved in the definition, development and implementation
of these measures.
Operative routines and technical systems Operative routines refer to all the
procedures put into operation to enhance the security against antagonistic threats.
Technical systems can automate operative and strategic measures by means of a
combination of hardware (i.e. sensors to capture data) and software (i.e. middleware
or Decision Support Systems). The most of the collected procedures have been
provided by the managers who responded to the survey. Examples of operative
routines include access control, personnel identification, employees background
screening, check up of security measures, cargo screening etc. (Table 3). Routines
have a tactical function, are easy to implement in short term periods and may require
reengineering of processes. When examining the table it is possible to see that few
procedures have a recovery function. Finally lower and middle management is
responsible for the definition and development of these routines, which have to be
practically applied by floor operators.
All the respondents were able to identify at least one operative routine and one
technical system. The most known routine was the screening of employees
background while the most known technical systems to increase security are track
and trace devices or RFID based solutions. Other technical systems were found in
available literature. According to Anderson (2007) and Badolato (2000), the
implementation of specific security routines as well as of technological systems,
properly integrated in supply chain and logistics management, is fundamental.
Badolato (2000) adds that collaboration among private industries and governments
has to be improved to develop effective reporting systems, increase punishments,
promote understanding of cargo theft, support cargo theft task forces, encourage law
enforcement expertise, and adopt effective cargo theft technology. Lin et al. (2006)
emphasize the importance to adopt new technologies in supply chains as biometrics
and surveillance systems. Finally Sheffi et al. (2003) propose technological solutions
for preventive and recovery operations to be implemented in three areas: physical
security, information security and freight security.
IT security systems are often recalled when speaking about enterprise security.
Among available solutions it is possible to distinguish technologies as Firewalls,
Secure Socket Layers (SSL), Application Authentication, Virtual Private Networks
(VPN) as well as systems for Access Control (or Identity Management or
Authentication) (Vacca 2007).
Technical systems meant to protect physical objects include vehicle or perimeter
alarms, vehicle immobilizers, locks or fuel cap locks. Track and Trace systems are
also well-known among practitioners. These are made up of a unit containing a GPS
and a modem to communicate the position of the transport conveyance to a remote
server (Flexview 2008; General Electric 2007a; INDAGON 2007; ZOCA 2008).
These systems can also be installed on trailers or containers if equipped with longlife batteries. Other security solutions to prevent tampering or intrusion in unit loads

12

L. Urciuoli

are locks, hard walls or reinforced curtains, devices for immobilization, tamper
evident seals etc. Locks and tamper evident seals are available as mechanical or
electrical systems. Examples of mechanical locks are padlocks, bolts, cable locks.
Examples of seals are cup seals and metal strap seals. The main difference between
locks and seals is that the former are mainly used to prevent and hinder tampering or
intrusion. Though, they can be indirectly used to detect such events. For instance if a
lock is broken it is evident that something has happened. Electronic seals (RFID tags)
are instead made up of a body that can be installed on multiple levels of physical
objects, thus from single items to pallets, containers, to transportation conveyances. To
collect the data stored on the tags, RFID readers have to be installed at specific
locations (usually the facilities of the distribution system). Often these solutions allow
nesting which gives the possibility to identify items in pallets, pallets in containers and
so forth. Further sensors as GPS, biometrics, satellite communication systems, IR
motion detection, and acoustics, temperature, weight, flow and shock vibration and
more, can be added. Sensor technology is finally coupled with diverse web-services
(often based on Service Oriented Architectures) as track and trace, time/geo-fencing,
alerts, event management and so on (Savi Technologies 2008; HI-G-Tek 2008;
General Electric 2007b). The main difference with mechanical solutions is the
automation of the inspection and reporting processes.
The above solutions are based on Short Range Networks (SRN) whose
functionalities depend on the external infrastructure. Thus tampering can only be
detected when inspecting or reading the tag. To enable real time functions it is
necessary to install a reader and a modem for air communication within the container
or the transport vehicle. GSM/GPRS modems, WIFI or Terrestrial Truncked Radio
(TETRA) networks can monitor inland movements and depend on the network
coverage. Satellite communication is necessary to monitor sea and air cargo
transportation. Some of the examined solutions (General Electric and Indagon)
have the capability to guarantee more robust and free of defect communications by
pre-scheduling airtime communication or exploiting communication via TETRA
networks (Savi Technologies 2008; Collins 2005; Flexview; General Electric 2007a;
INDAGON 2007).
Radio frequencies can also be used for tracing capabilities and recover stolen
objects. For instance a VHF sender could be hidden in the cargo, and remotely
activated only when the object has to be tracked (this can save the battery). The
object to be tracked can be the product itself, its package, a unit load or the transport
vehicle. Once the sender is activated, VHF receivers are used to trace the position of
the stolen object. To accomplish this, a first scanning is done with an airplane to find
out the approximate area in which the stolen object is being hidden. Afterwards
several cars equipped with VHF receivers drive through the area to determine the
exact position of the object. This operation is coordinated with local police forces
(GuardSystems AB 2008).
Other technical systems are available to protect distribution facilities. The most
known are Closed Circuit TeleVision (CCTV) systems (or similarly IP video
systems), perimeter alarms, physical barriers (fences, grinds, reinforced windows or
doors), lightning and High Value Storage Areas. The CCTV systems are camera
based systems to monitor specific areas, internal and external, of a building. These
can be used to prevent and detect an intrusion or suspicious activities. Monitors must

Supply chain security

13

be controlled by personnel continuously otherwise motion detection algorithms can

be used to support and automate monitoring procedures. Perimeter alarms can detect
intrusions inside the external or internal perimeter of a facility. Lightning, which
implies the ability to illuminate areas around a potential target, has also a preventive
and detecting purpose. High value storage areas are vaults installed inside a facility
to store in transit high value goods. Finally, personnel accessing the facilities and the
High Value Storage Areas must be identified by specific access control equipment.
Sound barrier devices can be used to protect trailers, containers and facilities. This
is usually made up of an alarm siren often built into an aluminum box to protect it
from external tampering. This solution has the necessity of a battery and therefore
has a limited life-length. The produced sound forces people to leave the protected
area. Intruders who dont leave immediately complain vertigo, nausea and pain in
the chest. According to present research the sound produced by the siren cannot
damage human hearing (INFERNO 2008).
Finally, yard tracking based on wireless technologies are today used for
identifying containers or cargo in facilities or in their external yards. Wherenet in
collaboration with Navis, PACECO and Hi-Tech has developed a solution for yard
management and monitoring of containers. WLAN communication or GPS is
adopted to compute the position of handling machines that can read the RFID tag on
a container and transmit its information to a central server. This information is stored
with the position of the object into the yard (Liard 2007). This system has both
preventive and detecting capabilities.

Logistics multi-layered framework

To enhance the ability to make effective use of the information collected, it was
necessary to represent a generic logistics system by means of a multi-layered structure.
In this way it is possible to conceptually explain in which part of logistics systems the
collected security measures are meant to be implemented. In addition this structure
allows to quickly identifying weak spots in supply chains and related countermeasures.
To accomplish this, the supply chain is assumed to be composed of layers, just in
the same fashion as it is done by Wandel et al. (1991) to represent transportation
systems. Wandel et al. (1991) identify five fundamental sub-systems or layers whose
internal dynamics and reciprocal interactions can reliably represent a transportation
system. The five layers are: the material flow, the transportation flow, the
transportation infrastructure, the information flow and the IT infrastructure. As
shown in Figure 4, in this investigation the material flow layer is split into two
further layers: the unit loads/packages layer and the commodity/material/product/
item flow layer. The transportation infrastructure is layer 3 and the information flow
and IT infrastructure layers are compressed into layer 2. Finally a new layer
representing the decision makers in a supply chain is added (Layer 1). Thus the
developed logistics multi layered framework is composed by 6 layers:
&

Layer 1. The first layer represents the decision makers in the supply chain that
have the responsibility to allocate resources, monitor system performance and
optimize costs and efficiency.

14

L. Urciuoli

Figure 4 The logistics multi-layered framework (adapted from Wandel et al. 1991)

&
&

&
&
&

Layer 2. This layer concerns the information flows to be transmitted through or

stored at every elements of supply chains. These flows can contain information
about the cargo as well as about the consignor, consignee etc.
Layer 3. Layer 3 comprises the infrastructure of distribution chains where the
goods travel through including consignors and consignees facilities, intermodal
terminals, warehouses, Customs, and other terminals and elements of the
transport infrastructure (i.e. vehicles depots, parking areas, right of way etc.).
Layer 4. Layer 4 is exclusively dedicated to the transport conveyance adopted
during the transportation process. In this analysis four transportation modes are
considered: road, rail, air and sea.
Layer 5. Layer 5 includes the unit loads or packages used for transportation or
storing purposes at the distribution terminals.
Layer 6. Layer 6 represents the product itself or the material that is being moved
in the distribution chain.

All the collected security measures have been classified according to the layer that
is meant to be protected or operationally involved. In addition the security solutions
are classified according to their preventing, detecting and recovering function. In this
investigation the role of preventive measures is to be a step ahead of the antagonists,
scare them and to provide security analysts with key information to predict threats.
Detection measures register an attack taking place and send this information to
personnel in charge. Finally recovery measures are all solutions that support
managers in recovering from an attack and reduce its consequences (i.e. detect,
identify and capture the antagonists or the processes to recover stolen cargo or to set
up a new shipment etc.). This classification has been performed for all the three areas
for security improvement identified in this study and can be found in the tables
available at the end of this paper. In the tables, the columns Layer, Prevention,
Detection and Recovery indicate respectively which layers are involved and

Supply chain security

15

whether the security measure has a preventing, detecting or recovering function

(Tables 1, 2, 3 and 4).
According to the analysis performed in this study, it appears that the
governmental initiatives can be definitely linked to Layer 1, Layer 2, and Layer 3,
but only partly to layers 4, 5 and 6 of the framework in Figure 4. These initiatives
strive to increase cooperation, communication as well as contractual agreements
among supply chain partners based on security requirements (Layer 1). Available
certifications state that IT security systems must be in place and used by shippers
that want to export to US and avoid time delays due to Customs inspections (Layer
2). Likewise Customs around the world are requested to increase their security
awareness and monitor the observance of the issued regulations (Layer 3). On the
other hand, some regulations appear to vaguely explain to stakeholders how physical
protection of containers or shipped cargo can be improved (layers 4, 5 and 6). For
instance in the AEO and C-TPAT programmes it is mentioned that shippers have to
put in place security measures to ensure the integrity of the cargo. However means
and guidelines, about how to practically do that, are not given to operators. Finally it
can be stated that governmental initiatives are mostly oriented to prevent terror
attack or detect smuggling and tampering of containers. Recovery issues are
mentioned but these concern only Customs plans and recovery measures in case of
a disaster or terror attack. Thus these differ from the recovery definition adopted in
this investigation.
The supply chain management strategies are mostly addressed to the decision
making layer of the framework in Figure 4. These strategies can influence global as
Table 1 Governmental initiatives, Layer (1,2,3,4,5,6), Y = Yes, N = No.
Governmental
Initiatives

Description

Layer Prevention Detection Recovery

Aviation and
Transportation
Security Act

Increment of inspections and 100%

cargo screening.

3, 5,
6

International Ship
It identifies and assesses main threats
and Port facility
and determine minimum security
Security Code (ISPS) requirements for shipping companies
and port facilities.

3, 4

Container Security
Initiative (CSI)

It allows benchmarking and

improvement of inspections and
clearance processes of containerized
cargo.

Customs-Trade
Partnership Against
Terrorism (C-TPAT)

Guidelines with minimum security

requirements to identify less or high
risky cargo.

1, 3,
4, 5,
6

Advance Manifest
Rule (AMR)

Submission of cargo information to US 1, 2,

Customs 24 hours prior loading
3
containers on ships.

Authorized
Economic Operator
(AEO)

European initiative corresponding to

the American C-TPAT to determine
minimum security requirements and
detect less or high risky cargo.

1, 2,
3, 4,
5, 6

16

L. Urciuoli

Table 2 Management Strategy, Layer (1,2,3,4,5,6), Y = Yes, N = No.

Management
Strategy

Description

Risk
Management
Cycle

Introduction in supply chain, logistics and 1, 3,

transportation of risk management activities 4
taking into account antagonistic threats.

Management
Training and
Education

Train and educate personnel to handle

security issues.

1, 3,
4

Hedge Strategies Strategies aiming at balancing profits and

losses in a supply chain.

1, 3

Flexible
Strategies

1, 3

1, 3,
4

Implement TQM Perform TQM cycle, define, measure,

1, 3,
Doctrine
analyze, improve and control. According to 4
the principle that higher quality can be
obtained at lower cost.

Knowledge and
Processes Backup

Stored data as well as main processes must 2, 3,

be backed up.
4

Burden Shifting

Shift burdening and complex operations to 3, 4

the back end of the supply chain.

Increased Safety
Stocks

Increase safety stock levels to better handle 3

delivery uncertainties caused by transport
delays.

Substitution

Be prepared to substitute the components of 3

a product even if those have lower quality
and higher costs.

Operations
Decentralization

It has to be possible to take the lead of

2, 3,
operations in other nodes of a supply chain. 4

Increase
Collaboration
among
Enterprises

Better collaboration can help preventing

and recovering bad events.

3, 4

Increase External Initiation of collaboration programmes and 3, 4

Collaboration
activities with external parties (i.e. police
forces)

Chief Security
Officer.

Increase redundancy in supply chain and

reduce impact of disruptions (e.g. dual
inventory or dual manufactory).

Risk Sharing and Collaboration and outsourcing by

Contracts
introducing risk sharing and contracts
among supply chain partners

Introduce in enterprises a chief security

officer. This should be a business person
that is familiar with the corporate
environment and with RM techniques.

Layer Prevention Detection Recovery

3, 4

well as local decision making at each of the facilities that compose the distribution
network including buyers and suppliers. Thus these cannot be directly exploited to
protect the physical objects in layers from 2 to 6 in Figure 4. The measures identified
in this area are mainly focused on preventive and recovery strategies. Thus the focus

Supply chain security

17

Table 3 Operative Security Routines, Layer (1,2,3,4,5,6), Y = Yes, N = No.

Operative Security
Routine

Description

Layer Prevention Detection Recovery

Control and Identify

Parked Vehicles

Control and Identify suspect Parked

Vehicles outside facility gates or
entrance.

Control and Identify

Unknown
Individuals.

Control and identify individuals taking 3

notes or using cameras (both inside
and outside the facility).

Restrict Access to
Facility

Restrict access to facility only to

authorized personnel. Unauthorized
personnel (inside or outside the
facility) must be identified and
possibly stopped and inspected.

Awareness of
Vehicles Following
Drivers

3, 4
Be aware of possible vehicles
following the drivers (cargo theft
teams follow their target from the
facility where cargo is loaded and then
hijack the vehicle as soon as they get
the occasion).

False Alarm
Awareness

Be prepared to false alarm. False alarm 3, 4

can be the signal that somebody is
testing security system/ response times

Protection of Goods
Information

Protect the information about goods to 3, 4,

be transported to 1) increase security 5, 6
of transport documents as bill of
ladings in carrier facilities, 2) avoid
explicit marking of packages or
trailers. Putting the name of the goods
owner on a trailer can be an occasion
to promote the company but even an
opportunity for thieves to get
knowledge about the value of the
cargo).

Monitor Inventory
Levels

Unexpected changes of the products

levels can be the signal of theft
activities.

Carrier and Driver

control

3, 4
Control carrier and driver identity at
facilities before loading/unloading
operations. Delivery documents,
sealing of vehicle (or removal) must be
inspected by personnel.

Check Delivery
Delays

Be suspicious of delayed shipments or 3, 4

out of route journeys.

Periodical Alarm
Check-Up

Control and Inspect the functionality

of the installed alarm systems

3, 4,
5, 6

Personnel for Security Manned security monitoring post

Monitoring
24x7x365

Screening of
Personnels
Background

Personnels background has to be

screened to find out the employee
criminal history

Security Education
and Training

Education helps involving employees

into security and can support the

18

L. Urciuoli

Table 3 (continued).
Operative Security
Routine

Description

Layer Prevention Detection Recovery

identification of security breaches,

suspicious activities or insiders
Security Guards

Hire external security for monitoring

and surveillance services

Keep Trucks Locked

Trucks have to be kept locked.

3, 4,
6

Avoid Out-Of-Route
Journeys

Drivers have to follow the assigned

route and not deviate from it.

Avoid Passengers
Pick up

Dont pick-up unauthorized passengers 4

on board.

Mechanical/
Electronic Seals
Implementation and
Inspection

Personnel working in the distribution 3, 4,

chain must be instructed my means of 6
appropriate documentation about how
to identify tampering

Avoid Travelling
Through High-Risk
Areas

To decrease risks for an attack it is

fundamental to avoid areas where
criminals usually attack cargo.

Avoid Parking in
High-Risk Areas

To park in high risk areas is even more 3, 4

dangerous than only travelling through
them.

Avoid Stops En Route By scheduling drivers in a smart way it 3, 4

is possible to reduce the time the truck
is stopped. This is the most critical
period when the truck is vulnerable to
criminals.

Cargo Screening

Screen Cargo and Match with

documentation.

3, 4,
5, 6

Report Irregularities

Such irregularities in the cargo as

overages, shortages or damages must
be reported immediately by the
personnel in charge

3, 4

Employee
Termination
Procedure

Specific procedure when employments 3

are terminated: return IDs, access
cards, keys etc.

Document Security
Process

Documentation has to be available to

keep track of security processes

3, 4

is on the establishment of long-term strategic procedures to prepare and improve

response time and effectiveness of management teams in case something happen.
Only one of the identified strategies has detecting capabilities: train and educate
personnel to handle security issues.
The collected operative routines are mainly meant to be implemented in layers 3
to 6. Contrarily to the management strategies these measures have functions for
prevention and detection of antagonistic attacks. Only in few cases operative
routines have recovery functions (screening of personnel background). This is an
unexpected result since the above mentioned management strategies, that are

Supply chain security

19

Table 4 Technical Systems, Layer (1,2,3,4,5,6), Y = Yes, N = No.

Technical
Systems

Description

Layer Prevention Detection Recovery

Access Control Access to a network is controlled by an

access control or identity management
security system

Firewall

A barrier to filter all the incoming and

outgoing information from and to the
internet.

Secure Socket
Layer

Data encryption to cipher all information

transmitted and data integrity to ensure that
the sources sending the data are trusted

Application
Authentication

Code signing or digital signatures to verity

the authenticity of an application (i.e. an
Internet address.

Virtual Private
Network

Channels inside the Internet to connect

remote sites or users together and in which
the data transmitted is encrypted and
accessed only by authorized parts.

Sound Barrier

An alarm siren often built into an aluminum 3

box to protect it from external tampering.

Fences and
Barriers

Physical obstacles to discourage theft in

entering a specific area in which potential
targets are located.

Access Control Access Control systems are used to monitor 3

Systems
entry and exit activities at facilities and avoid
the intrusion of unauthorized individuals in a
specific area; they have a preventive function
and are based on such technologies as
biometrics, barcodes, magnetic stripes, smart
cards etc.

CCTV

Camera based systems that allow monitoring 3

of specific areas, internal and external, of a
building

Perimeter
Alarm

Perimeter alarms can detect intrusions inside 3

the external or internal perimeter of a facility.
Known detection devices for perimeter alarm
are based on microwaves (Doppler Effect),
photoelectric devices, electric fields and
infrared.

Lightning

3
Lightning implies the ability to illuminate
areas around a potential target. A good
practice is to orient lights outward the fence
line to illuminate potentials intruders but also
to impede their view.

High Value
Storage Area

High value storage areas are vaults installed 3

inside a facility to store in transit high value
goods. Access is restricted only to a limited
number of employees.

Vehicle
Immobilizer

Telematics system that enable the remote

immobilization of road conveyances.

Vehicle Lock

Locks to obstacle the intrusion into transport 4

conveyances.

20

L. Urciuoli

Table 4 (continued).
Technical
Systems

Description

Layer Prevention Detection Recovery

Fuel Cap Lock

Locks to protect vehicle fuel from theft.

Track and
Trace on
Conveyance

Telematics systems to enable monitoring

capabilities of conveyances.

Track and
Trace on
Container/
Trailer

Telematics systems to enable monitoring

capabilities of containers/Trailers.

Mechanical
Locks and
Seals

Devices to harden a container or to detect

tampering and intrusion.

Electronic Seals Electronic devices to detect tampering and

Systems (SRN) intrusion of containers or cargo theft based
on Short Range Networks.

3, 5,
6

Electronic Seals Electronic devices to detect tampering and

Systems (LRN) intrusion of containers or cargo theft based
on Long Range Networks.

5, 6

VHF tracer

5, 6

System based on radio frequency to locate

and recover a stolen object.

supposed to steer the whole supply chain and its distribution network and
infrastructure, have mostly a preventive and recovery functionality. On the contrary
neither in the known literature nor in the replied surveys, security procedures to
restore supply chain operations to stable conditions have been encountered.
The technical systems collected can cover all the layers of Figure 4 and include
solutions from Decision Support Systems to improve decision making in Layer 1,
down to RFID tags that can be applied on products or materials in Layer 6. All the
solutions identified have a preventive function and almost all of them can detect
intrusion or tampering activities, while about half of the technical solutions offer
recovery capabilities.
The developed multi-layered framework can also be used to explain three
important concepts in security: hardness of the target, weak spots elimination and
real time monitoring. Managers have to put their efforts in making difficult for
antagonists to perpetrate an attack. A way to accomplish this is by aggregating
available security measures into hybrid systems. It is well know that combined
security solutions make it harder for antagonists to break into a target and are more
efficient in discouraging them from carrying out an attack. The elimination of weak
spots is also relevant since hardening the protection of only few facilities in the
distribution network will only transfer the problem to other nodes or links where it is
easier to perpetrate the attack. Likewise weak spots should not be left in any of the
layers identified in the framework in Figure 4. Installing an RFID based security
system on a container and its cargo will not hinder criminals to steal the whole

Supply chain security

21

conveyance. Likewise if supply chain information is not properly protected, it could

be stolen and exploited by criminals to facilitate their tasks. Finally decision makers
have to be provided with real time monitoring capabilities to reduce response time
and restore operations to stable conditions.

Discussion
This paper has the ambition to provide supply chain and security managers with a
comprehensive overview of security solutions including compulsory governmental
regulations, managerial strategies, operative routines and technical systems (Figure 5).
It also gives the possibility to managers to benchmark their security approaches
with those that have been collected in this research. In addition the developed multilayered approach enhances the comprehension and classification of the results
as well as it makes easier to identify weak spots in supply chains and related
countermeasures.
Examining the collected results it can be noticed that there are some fundamental
dissimilarities between the three areas for security improvement identified in the
third section of this paper. Governmental initiatives focus on trading, financial and
Customs related procedures. Management strategies have the focus on disruption
and recovery operations. Operative routines have only a preventive and detecting
functionality which highlights the lack of operative procedures to put into practice
management strategies. Technical systems offer a good balance of prevention,
detection and recovery devices.
The developed multi-layered framework brings to light the importance of
hardening a target, remove weak spots in supply chains by identifying proper
countermeasures and to enhance visibility by providing decision makers with real
time monitoring capabilities.

Figure 5 The three security measures areas applied to the multi-layered framework

22

L. Urciuoli

The analysis of the findings of this investigation allows putting forward

recommendations for managers and future research. These are the following:
&

&

&
&
&

&

&

Comply with compulsory regulations. Managers are recommended to follow

up and understand the upcoming compulsory regulations being issued by
governments around the world. Compliance to these will ensure free-flow at
Customs and will reduce uncertainty delays. Future research should be driven to
identify security measures to be applied on physical objects of supply chains as
well as to increase security of road and rail operations.
Exploit the Logistics multi-layered framework. The logistics multi-layered
framework developed in this paper may be exploited by managers to enhance
the understanding of how to protect distribution chains, what elements
(horizontal protection), what layers (vertical protection) and consequently
identify weak points and select proper countermeasures (the tables at the end
of this paper offer an overview of layers and capability of each security
measure).
Increase the hardness of supply chains. To accomplish this it is possible to
take advantage of hybrid security systems.
Exploit real time monitoring capabilities. If a security solution is not equipped
with real-time event alerts then decision makers will not be able to detect and
respond in proper time.
Identify and Promote security measures that can also increase efficiency. To
ensure the cost-effectiveness of the security solutions to be introduced, it is
important to identify and promote the measures that can also increase the
efficiency of supply chains. Future research should be oriented to demonstrate
this concept. In addition investment models should be developed to show the
business case of security measures.
Integrate security and supply chain management. As a direct consequence of
what is stated above, it becomes fundamental to train and educate professional
figures that are able to integrate and harmonize security solutions into supply
chains without affecting efficiency. This integration must be followed by the
education of logistics and supply chain managers within the security area
including risk management and assessment of antagonistic threats (or vice versa).
Education should comprise the entire risk management cycle from the
identification and assessment of risks, their mitigation actions followed by
costs-effectiveness analyses, and the implementation and follow up of security
operations
Ensure the comprehension of security across the whole supply chain. The
results collected with the survey revealed more than a simple collection of
security solutions. They disclose how main stakeholders involved in the security
discussion are working with security as well as a fundamental knowledge gap
among them. Goods owners and logistics service providers (LSP) show strong
familiarity of security requirements and security certifications (i.e. C-TPAT, AEO
etc.). On the contrary, the interviewed railway carriers have merely knowledge of
security routines. Similarly, road transport carriers have very scarce knowledge
of security measures and only few of them are actively working with customized
security services. Thus it is recommended that managers ensure the comprehen-

Supply chain security

23

sion of security across the whole supply chain (including all the elements of the
distribution network and all the layers of the logistics multi-layered framework).
Finally future research should be carried out to confirm the hypothesis of this
knowledge gap and to argue on its possible reasons.
Acknowledgement I wish to thank the Swedish Governmental Agency for Innovation Systems
(VINNOVA) and the Next Generation Innovative Logistics (NGIL) centre for the economical support
given to this research. I am also grateful to the SecureFlow05 board and its consortium for all the
practical help they gave me as well as for the access to security and logistics professionals that agreed to
participate to my survey. I would also like to thank the reviewers of the IMRL 2008 conference for the
feedbacks and comments they gave on a preliminary draft of this paper. Finally I want to thank my
supervisors at the division of Engineering Logistics in Lund, Prof. Sten Wandel and Prof. Andreas
Norrman for their support and feedback.

Appendix 1
The recent events in Sweden as well as around Europe has raised the attention to
theft activities that are negatively burdening todays supply chains with unexpected
costs and delays. The European Parliament has reported stolen vehicles and goods
for a value of about 8,2 billions each year (according to calculation made on
statistics data collected by TAPA EMEA). By adopting the same calculation models,
Cargonet has estimated a yearly loss of goods transported in Sweden of about SEK
24 billions.
The present survey has been developed within the SecureFlow 05 project
which started in Sweden and is financed by VINNOVA with the main objective
to gather knowledge and solutions to secure the flows of goods while keeping a
high degree of efficiency. This means that the Swedish government feels the
necessity for joining and contributing to the securitys discussions initiated first
by the US and afterwards by Europe. The SecureFlow05 project is meant to 1)
awaken the consciousness of the security problem affecting the present supply
chains and build knowledge within the Swedish industrial sectors, research
institutes, and national agencies and 2) develop a link with the ongoing security
research programmes in Europe. In particular this survey aims at gathering
knowledge about the state of the art of technologies and procedures that today can
be used for improving theft security and efficiency in transport and logistics
operations. The next steps that will follow this survey will be to assess the impact
of these technologies by means of similar surveys that will be sent later in a
sequential order (evaluation sessions).
The present survey is structured in two distinct tables: the first to collect
information about security systems and the second about security procedures.

Matrix for security systems

Each row of the matrix corresponds to a system. Respondents are requested to fill
every row for each solution they 1) have used and/or 2) have knowledge about.

24

L. Urciuoli

Three examples have been included to facilitate the compilation of the form. The
columns of the matrix are divided as it follows:
Name of security system
Input here a) name, b) examples of providers of the system together with a short
description as well as links and references that could be used to deepen our
understanding of the solution.
Components of the technology
Include here the technical components that are part of the security system. Please
structure your response by using Component1:, Component2: and so on. See the
included examples for further details about how to compile this part of the survey.
Type of system
The security system can be classified as:
&
&
&
&

PREVENTIVE if it can act as a deterrent mean to scare thieves and other

malicious actors or make it difficult for.
It is DETECTIVE if it can detect what is happening at a specific time.
Finally it is RECOVERY if it can be use for recovery and resiliency management.
OTHER: add here another possible classification of the security system.
Please indicate your choice by putting a cross in the checkbox.

Matrix for security procedures

Each row of the matrix corresponds to a security procedure. Respondents are
requested to fill every row for each procedure they 1) have experience with and/or 2)
have knowledge about. The columns of the matrix are divided as it follows:
Name of security procedure
Input here the name of the procedure together with a short description as well as
links and references that could be used to deepen our understanding of the security
procedure.
Processes involved
Include here the processes to be performed to ensure the optimal implementation of
the security procedure. Please structure your response by using Process1:,
Process2: and so on to specify the temporal sequence of processes to be
performed to apply the procedure. See the included example for further details about
how to compile this part of the survey.

Supply chain security

25

Type of procedure
The security procedure can be classified as:
&
&
&
&

PREVENTIVE if it can act as a deterrent mean to scare thieves and other

malicious actors.
It is DETECTIVE if it can detect what is happening at a specific time.
Finally it is RECOVERY if it can be use for recovery and resiliency management.
OTHER: add here another possible classification for the procedure
Please indicate your choice by putting a cross in the checkbox.

Supply chains actors involved

A security procedure can require the application of processes involving different
actors of the supply chain. These are the following:
&
&
&
&
&
&
&

TRANSPORT CARRIER: the transport operator in charge (rail, road, ocean and air).
LOGISTICS SERVICE PROVIDER: the actor coordinating the distributions
operations.
FACILITY OPERATOR: cross-docking terminals, intermodal terminals and
warehouses for temporary storage.
GOODS OWNER: the owner of the goods.
LOAD UNITS OWNER: the owner of the load units.
SUPPLIERS: The suppliers of components and products and their facilities
(production and distribution).
RECEIVER: the actor receiving the goods.

Please indicate your choice by putting a cross in the checkbox. If you think other
relevant actors are missing please add them to the table.
External actors involved
A security procedure can require the application of processes involving diverse
external actors. These are the following:
&
&
&
&

NATIONAL CUSTOMS: the national customs

NATIONAL POLICE FORCE: the national police forces.
NATIONAL ORGANIZATIONS: national organizations that could be involved in
the security procedures. Please specify which in the proper textbox.
INTERNATIONAL ORGANIZATIONS: such organizations as IMO, WCO, CSI,
AEO, C-TPAT and so on. Please specify which in the proper textbox.

Please indicate your choice by putting a cross in the checkbox and possibly
specifying the name of the actor in the textbox. If you think that other actors are
missing in the table please add them.
Please fill in the survey and fell free to leave parts of it not answered. Your filled survey
is expected to be sent back to the e-mail below by the 15 Feb 2008. If you have any kind
of questions please dont hesitate to contact me or leave comments at the end of this

26

L. Urciuoli

document. Finally dont forget to write your contact details (at the end of this document)
and indicate 1) if you wish to receive a copy of the final results and 2) if you want to
participate the upcoming sessions to evaluate the security systems and procedures.
The results of this survey will be reported to members of the Swedish GVG
(Godsvrdsgrupp) group, in upcoming events organized by the SecureFlow05
project and finally in a scientific article. Please let me know if you have any
concerns about anonymity or secrecy of part of your answers.
Thank you for your collaboration!
Best Regards,
Luca Urciuoli
TABLE OF SECURITY SYSTEMS (REPLICATED 10 TIMES)
NAME AND
DESCRIPTION
(include provider
name)

Description of Components

Prevention/ Detection / Recovery

TABLE OF SECURITY PROCEDURE (REPLICATED 10 TIMES)

Main
Prevention/ Involved actors of supply
Name of
Processes: Detection/ chain are:
Security
1. Transport Carrier
Recovery
Procedure:
2. Logistics Service Providers
3. Facility Operators
4. Goods Owner
5 Load Unit Owner
6. Suppliers
7. Receivers.
8. Others (pls. specify)

Involved
External actors
are:
1. National
Customs
2. National
Police Forces
3. Others (pls.
specify)

Supply chain security

27

References
Abbott G, Thomas R, Brandt L (2003) Commercium interrupts: supply chain responses to disaster,
acquisition policy. Fort McNair, Washington 20319-5062
Anderson B (2007) Securing the supply chainprevent cargo theft. Security 44(5):5658
Asbjrnslett BE (2008) Assessing the vulnerability of supply chains. In Supply chain risk. International
Series in Operation Research and Management Science. Springer US, vol. 124, pp. 1533
Badolato EV (2000) Smart moves against cargo theft. Secur Manage 44(7):110115
Bichou K (2004) The ISPS code and the cost of port compliance: an initial logisitcs and supply chain
framework for port security assessment and management. Marit Econ Logist 6(4):322348
CBP (2006) Container security initiative, 20062011 strategic plan. U.S. Customs and Border Protection.
Available from: http://www.cbp.gov, 1st August 2006
CBP (2008) C-TPAT: customs trade partnership against terrorism. http://www.cbp.gov/xp/cgov/trade/
cargo_security/ctpat/, 1st March 2008
Closs DJ, McGarrell EF (2004) Enhancing security throughout the supply chain. IBM Center for the
Business of Government, Special Report Series, April 2004
Coghlan A (2006) The medicines that could kill millions. New Scientist, Available from: http://www.newscientist.
com/channel/health/mg19125683.900-the-medicines-that-could-kill-millions.html, 1st August 2008
Collins J (2005) IBM, MAERSK developing cargo tracker. RFID Journal, Available from: http://www.
rfidjournal.com/article/view/1884/1/1, 1st September 2006
CP3 Group (2005) Benefits from implementation of the WCO framework of standards to secure and
facilitate global trade. http://www.cp3group.com/attachments/WCO_benefits.pdf, 1st April 2005
CP3 Group (2006) AEO guidelines. http://www.cp3group.com/attachments/AEO%20guidelines.pdf, 1st
February 2006
Crone M (2006) Are global supply chain too risky? A practitioners perspective. Supply Chain Manag Rev
10(4):2835
Cuneo EC (2003) Safe At Sea, private industries take the lead with technology to secure nations ports.
Information Week, 7th April 2003
Ekwall D, Lumsden K (2007) Differences in stakeholder opinion regarding antagonistic gateways within
the transport network. Nofoma Proceedings, Reykjavik, 2007
European Parliament (2004) Regulation (EC) No 725/2004 of the European Parliament and of the council of
31 March 2004, On enhancing ship and port facility security. Official Journal of the European Union.
Available from: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2004:129:0006:0091:EN:
PDF. Accessed 29 April 2004
European Parliament (2005) Directive 2005/65/EC of the European Parliament and of the Council of 26
October 2005, On enhancing port security. Official Journal of the European Union. Available from:
http://eur-lex.europa.eu/LexUriServ/site/en/oj/2005/l_310/l_31020051125en00280039.pdf. Accessed
25 November 2005
European Parliament (2007a) Organised theft of commercial vehicles and their loads in the European UnionRep.
No. 610. Directorate General for Internal Policies of the Union, Brussels: ACEA. Accessed 1st June 2007
European Parliament (2007b) Securityprotection of persons, of assets and the facilities. http://ec.europa.
eu/dgs/energy_transport/security/intermodal/. Accessed 22 August 2007
Flexview (2008) Positioning and security. http://www.flexview.com. Accessed 23rd January 2008
General Electric (2007a) Veriwise asset intelligence asset tracking. http://www.trailer-services.com/
veriwise/. Accessed 5th November 2007
General Electric (2007b) Commerce guard: protecting and tracking global trade. http://www.geindustrial.
com/ge-interlogix/docs/commerceguard_overview.pdf. Accessed 5th November 2007
GuardSystems AB (2008) Trackguard. http://www.guardsystems.com/category.php?categoryID=585.
Accessed 1st June 2008
Haughton MA (2007) Examining the business case for shipper participation in Canada-USA trade security
programmes. International Journal of Logistics Research and Applications 10(4):315331
HI-G-Tek (2008) Highly intelligent RFID solutions. http://www.higtek.com/. Accessed 1st September 2006
IMO (2004) Guidance relating to the implementation of SOLAS Chapter XI-2 and the ISPS Code. http://
www.imo.org/includes/blastDataOnly.asp/data_id%3D9381/1111.pdf. Accessed 7th June 2004
INDAGON (2007) Products and services overview. http://www.indagon.com/en/products.php. Accessed
1st October 2007

28

L. Urciuoli

INFERNO (2008) Inferno security barriers. http://www.inferno.se. Accessed 1st March 2008
ISO (2008) International organization for standardization (ISO)international standards for business.
Governments and Society. Available from: http://www.iso.org/iso/home.htm. Accessed 15th April 2008
Katarelos ED, Alexopoulos AB (2007) The masters role in relation to the safety of the port, particularly
under the concept of the ISM and the ISPS codes. International Symposium on Maritime Safety,
Security and Environmental Protection, Athens (Greece), 20th September 2007
Khemani K (2007) Bringing rigor to risk management. Supply Chain Manag Rev 11(2):67
Lee HL, Whang S (2005) Higher supply chain security with lower cost: lessons from total quality
management. Int J Prod Econ 96(3):289300
Liard M (2007) Cargo container security trackingRFID, cellular and satellite communications for supply
chain management and national security. White Paper, ABI Research
Lin C-H, Liou D-Y, Wu K-W (2006) Opportunities and challenges created by terrorism. Technol Forecast
Soc Change 74(2):148164
Mottley R (2002) Terminal troublescontainer terminal operators worry about cost and extent of security
procedures. American Shipper
Peck H (2006) Reconciling supply chain vulnerability, risk and supply chain management. International
Journal of Logistics Research and Applications 9(10):127142
Peleg-Gillai B, Bhat G, Sept L (2006) Innovators in supply chain security - better security drives business
value. Stanford University - The Manufacturing Institute. The Manufacturing Innovation Series
Prokop D (2004) Smart and safe boarders: The logistics of inbound cargo security. International Journal of
Logistics Management 15(2):6576
Rice JB, Spayd PW (2005) Investing in supply chain security: collateral benefits. Special Report Series,
IBM Center for Business of Government, May 2005
Rodwell S, Van Eeckhout P, Reid A, Walendowski J (2007) Study: effects of counterfeiting on EU SMEs and a
review of various public and private IPR enforcement initiatives and resources. http://ec.europa.eu/enterprise/
enterprise_policy/industry/doc/Counterfeiting_Main%20Report_Final.pdf. Accessed 31st August 2007
SAVI Technologies (2008) RFID visibility for supply chain networks. http://www.savi.com. Accessed 1st
October 2006
Schilk G, Blumel E, Recagno V, Boev W (2007) Ship, port and supply chain security concepts
interlinking maritime with hinterland transport chains. International Symposium on Maritime Safety,
Security and Environmental Protection. Athens (Greece), 20th September 2007
Sheffi Y (2001) Supply chain management under the threat of international terrorism. Int J Logist Manag
12(2):111
Sheffi Y, Rice JB Jr, Fleck JM, Caniato F (2003) Supply chain response to global terrorism: a situation
scan. EurOMA-POMS Conference, Como (Italy), 17th June 2003
Simchi-Levi D, Sider L, Watson M (2002) Strategies for uncertain times. Supply Chain Management
Review, January 2002
Tang CS (2006) Robust strategies for mitigating supply chain disruptions. International Journal of
Logistics Research and Applications 9(1):3345
Unisys (2007) White papersecure commerce roadmap. http://www.securityunleashed.com/pdf/Secure%
20Commerce%20RoadMap_.pdf. Accessed January 2007
US Congress (2001) The aviation and transportation security act, P.L. 107-71. http://www.tsa.gov/assets/
pdf/Aviation_and_Transportation_Security_Act_ATSA_Public_Law_107_1771.pdf. Accessed 19th
November 2001
Vacca JR (2007) Practical Internet security. Springer US, ISBN 978-0-387-40553-9
Van Oosterhout MPA, Veenstra AW, Meijer MAG, Popal N, Van den Berg J (2007) Visibility platforms.
International Symposium on Maritime Safety, Security and Environmental Protection, Athens
(Greece), 20th September 2007
Wandel S, Ruijgrok C, Nemoto T (1991) Relationships among shifts in logistics, transport, traffic and
informatics - driving forces, barriers, external effects and policy options. In Storhagen NG & Huge M
(eds). Logistiska framsteg, Studentlitteratur
Willys HH, Ortiz DS (2004) Evaluating the security of the global containerized supply chain. RAND
Corporation, Santa Monica
Workshop on Transportation Security (2007) Jnkping (Sweden), Seminarium organized by the Swedish
Law Enforcement Agency, 21 Nov 2007
ZOCA (2008) Taking container security to the next level. http://www.zoca.nl. Accessed 1st October 2006

Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.