Supply Chain Security: Is Your Company Complacent or Engaged?

Imminent terrorist attacks or no, your competitive advantage demands that you secure your company's supply chain

At the National Industrial Transportation League's spring conference in March 2004, Admiral James Loy, deputy secretary of the Department of Homeland Security (DHS), admitted DHS's biggest fear is that citizens have become complacent because no major terrorist attack has taken place on U.S. territory since September 11, 2001.

A sense of normalcy and "business as usual" has descended upon America, despite the fact that it's impossible to read a magazine or newspaper or attend an industry conference without hearing about supply chain security and government initiatives to keep our borders safe. There's been much discussion but less action taken by citizens and companies to guard against terrorist threats. Because we're assaulted with so much information on this topic on a daily basis, perhaps it has become easy to ignore the perils since they seem nebulous and remote. But we do so at our own risk.

It comes as no surprise that conventional wisdom assumes another major terrorist act will occur in America at some point in the not-too-distant future. Terrorists are patient and single-minded in purpose, and many suspect that they have already infiltrated legitimate but unsuspecting businesses as a means by which they will orchestrate their missions. National security expert Stephen Flynn drives home this point in his new book, America the Vulnerable: How Our Government is Failing to Protect Us From Terror, that not enough has been done by government and the private sector to prevent or mitigate such a disaster. Air Force General Ed Eberhart, commander of the North American Aerospace Defense Command and U.S. Northern Command, recently said, "I believe that it is just a matter of time until the terrorists try to use a seaborne attack, a maritime attack against us. The nation hasn't done enough work to prepare for a maritime threat compared to what's been accomplished in aviation."

So the question is, what has your company done to get ready for the eventuality of the next terrorist strike? Are you complacent, or are you engaged? How will you defend your brand equity? How will you keep your company's international supply chain functioning and service your customers when ports and airports are closed? How will you contribute to a national solution?

The Price of Inaction

Certainly, many companies have taken a proactive approach to securing their supply chains. It's not just the big ones, though they have more resources to throw at the challenge and, perhaps, greater brand risk. Some small companies can also be cited as models to benchmark.

The Bureau of Customs and Border Protection (CBP) announced this year that Customs-Trade Partnership against Terrorism (C-TPAT) applications for membership now exceed 8,319, of which 4,493 have been certified (approved for membership) with 816 validations initiated and 425 validations completed. CBP claims that nearly all the major U.S. importers are members, accounting for over 50 percent of the cargo imported into the United States. That's good news, and these companies should be admired and rewarded for their diligence. The "green lane" should become a reality.

But what about the other 500,000 or so importers that CBP says engage in international commerce? How many will choose to become C-TPAT members or unofficially take measures to secure their supply chains? How many will sit back and just pray that the terrorist problem will disappear? How many believe the government's security legislation and initiatives are merely impediments to conducting business? How many believe their companies are immune from disruption? No wonder Flynn and other experts are so worried — this is a thorny problem.

Into which category does your company fall? If your company is actively doing what it can to improve supply chain security then you need read no further. But if you're one of the 500,000 "Complacent Shippers," please read on and ponder the questions posed and the recommendations offered.

Have you developed a corporate plan, or are you focusing on making money for your company now, and figure you'll deal with the fallout when disaster strikes? How will you compete with those proactive companies that already have well-defined strategies and contingency plans in place? How are you coping with such mandatory regulations introduced to the trade in the past two years as the Advanced Manifest requirement, origin no-load notices, increased document and cargo examinations, and Vehicle and Cargo Inspection Systems (VACIS) inspections?

Don't fool yourself into thinking that importing will get easier in the future. The federal government is raising the bar on a daily basis. Soon to come are such things as port user fees to pay for increased port security, fees assessed by ocean carriers to subsidize the International Ship and Port Facility Security (ISPS) Code, and the CBP Smart Container initiative that will mandate high-security container seals on all import containers. Currently, in excess of 50 transportation security related bills are pending in Congress. Legislation is like a steamroller.

Members of Congress and various agencies, including DHS and CBP, feel it is their personal mission to make America safer; the citizenry expects it. There are still many in Congress that do not understand the complexities of international trade, calling for physical inspection of 100 percent of inbound containers or limiting the time uncleared containers can be stored at ocean carrier terminals to seven calendar days before being removed to a General Order warehouse. Are you sitting on the sidelines watching legislation and regulations being enacted that will affect your business, believing you can do nothing to influence them?

Efficient supply chains are all about velocity and cost savings. Supply chain security is expensive for citizens, companies and America. But another September 11 will exact a far greater toll. If a weapon of mass destruction were to be smuggled into one of your containers, Complacent Shipper, your sales would be devastated and your brand equity forever tarnished, if not destroyed, particularly if you had done little to secure your supply chain like the government has been asking the past three years.

Most companies want to be good corporate citizens and have the best intentions about securing their supply chains. However, the difference between engaged and complacent companies is commitment. Proactive companies have made supply chain security a corporate priority, figuring out how to implement government guidelines in accordance with their business models. Less motivated companies allow a laundry list of corporate initiatives to take precedence, or say it's too difficult or expensive to revise internal processes and harden physical security, keeping their fingers crossed that nothing bad will happen. Other firms choose to focus their entire efforts on earning money today.

What America needs now is for all importers to change their attitudes and become more engaged in strengthening the country's borders. Complacent Shipper, your business may not have been adversely affected so far, but you can bet it will be if you're not as prepared as your competition. It's not too late to make security a strategic initiative within your company. So prepare according to your means and resources.

Should another terrorist attack occur in the near future, what you do in the next few months to get organized and develop a game plan might be far more important than the activities in which you're engaged today in terms of building shareholder value, brand equity and competitive position.

Remember that it took five painful months for port operations to resume normalcy after the 10-day International Longshore and Warehouse Union lockout in the fall of 2002. The national economy suffered substantially as a result. If the next terrorist attack involves an ocean container at a U.S. port, expect that the federal government will likely shut down all ports as one of its first response actions, and one can only hypothesize as to how long ports might remain closed. It is, however, certain that as the days pass, the resulting transportation gridlock and economic damage will exponentially escalate. Can your company survive in the face of such a scenario? Isn't your brand worth defending?

What's a Complacent Shipper To Do?

The answers aren't revolutionary or the recommendations difficult to apply. Figure out what's appropriate for your size and type company. You can't be too busy to start making supply chain security improvements today.

Consider the 10 critical steps listed below. Implementing them will move you across the line to becoming an engaged importer, one that has expended the energy, time and funds to: 1) make sure good legislation is passed; 2) provide input on new security fees to ensure they're appropriate for the programs for which they are collected; 3) develop viable contingency plans that can be deployed post another attack; and 4) do your part to protect your employees, your community and your nation.

Ten Key Actions for Securing Your Company's Supply Chain

1. Make a convincing case to your C-level executive team — Help them understand their role and obligation to improve your company's supply chain security and the need to dedicate capital and resources to achieving this goal. Gain their commitment to start today and set things in motion.

2. Establish a cross-functional security team — This team should be comprised of all levels and appropriate departments, have authority to oversee your company's activities to improve supply chain security, and meet regularly to evaluate evolving security risks. Some larger companies have hired a security manager to direct their security response programs.

3. Develop a corporate security plan — Consider all facets of your company and develop strategies and a game plan appropriate for the size and location of your organization and complexity of your supply chain. Evaluate the merits of sourcing items in multiple countries to mitigate risk, particularly if some of the origins are high-risk. Set high expectations for your factories and logistics service providers about maintaining adequate procedural and physical security while your cargo is in their possession. Improve the level of physical and procedural security at your offices, manufacturing facilities and distribution centers.

4. Become a C-TPAT member — Perform a supply chain security risk assessment and complete the application on your own or with professional assistance. Identify areas of vulnerability throughout your supply chain, starting at your factories, and take measures to reduce those areas of exposure.

5. Establish a contingency plan — Develop and implement a set of strategies to keep your business operating at the highest possible level in the event of another terrorist attack.

6. Establish security performance metrics — These metrics should cover critical activities in your business. Actively measure the performance of your company, factories and logistics service providers against the standards you've set.

7. Diversify port and airport usage — Implement a U.S. gateway diversification plan to mitigate the risk of importing cargo through a limited number of ports and airports in the event of an attack on America.

8. Increase your knowledge — Read industry publications and attend conferences so you'll keep up-to-date on new legislation that could affect your business. Learn about the best practices that other companies have put into place.

9. Make your voice heard — Contact federal legislators and officials. Explain the importance of drafting legislation that helps decrease risk without impeding international commerce and your business, in particular. Vigorously lobby for sound rather than "sound-bite" legislation instead of complaining after regulations take effect and put burdens on your business.

10. Become involved — Join a trade organization such as the National Industrial Transportation League, Waterfront Coalition, Retail Industry Leaders Association, American Association of Exporters and Importers, or other trade associations that have made security a key item on their agendas.

Your hands are not tied; you can take action. It's a matter of choice, so choose wisely. Become engaged for all of us.

About the Author: Starboard Alliance Company LLC, a supply and demand chain consulting firm owned by Monica Isbell, has performed security risk assessments and facilitated the C-TPAT application process for numerous importers and logistics service providers. Isbell can be reached at [email protected].