The Department of Homeland Security, in its wisdom, has decided that smart containers are smart only if their doors are smart — it will be able to detect the opening of the doors. Industry has decided that radio frequency identification is the preferred technology to detect and transmit the door breach. Unfortunately, DHS and the major industry players do not understand the irony and risk posed by both DHS container security criteria and industry’s dedication to RFID applications in creating smart containers. Although this danger could not have been their intent, they have, nonetheless, created the formula for and means of detonating explosive devices in our ports.
Here’s what is known and can be demonstrated factually.
Fact No. 1: In the latest Request for Information, an information-gathering and planning vehicle used by DHS in support of Customs and Border Protection, Johns Hopkins University’s Applied Physics Laboratory (under contract with DHS) sent a letter dated Nov. 8 to potential vendors. The letter stated in part, “The purpose of this request is to gather information to identify and evaluate available state-of-the-art container and trailer tracking devices suitable for in-bond shipments.” That statement, alone, poses two serious questions. What does DHS believe is “state-of-the-art,” and why has it taken this long after 9/11 for DHS to realize CBP had little or no knowledge of or control over containers coming into the United States and moving throughout the U.S. under bond.
The level of “state-of-the-art” for DHS is the following:
a.The container and trailer security device must be able to electronically detect closing and opening of either door of the container/trailer. Monitoring the door status must be continuous from time of arming to disarming by authorized personnel.
Fact No. 2: In April 2005 a North Carolina firm demonstrated to national and foreign attendees, including the news media and the Defense Department, the capacity and ability to breach a container, and insert contents into the container without ever opening the doors. Additionally, that same firm through the cooperation of EADS in Bremen, Germany, repeated successfully on multiple occasions that same demonstration.
Fact No. 3: Under a contract from the U.S. Energy Department, that same North Carolina firm in 2004 demonstrated in Laredo, Texas, the nation’s largest southern border port-of-entry, the capacity and ability to insert clandestinely RFID antennas not detectable from outside the container which would trigger an electronic signal within a locked container when energized by an RFID transceiver located outside the container.
Fact No. 4: In June 2004 the Federal Communications Commission issued a final rule authorizing the use of 433 MHz for commercial shipping containers. Since each nation or region approves and utilizes different frequencies and communication protocols, frequency identification is easily obtained through published government documents. Even wattage is specified. In the United States, 433 MHz used in commercial shipping containers must use less than 100 milliwatts, necessitating the need for cutting in an antenna into the container (Fact No. 3). Although the frequency is low enough to penetrate the steel of the container, its limited wattage requires the use of an antenna.
Fact No. 5: The large-firm entrants into the smart containermarket have been identified as IBM-Maersk, GE-NYK, Siemens- GE, Motorola and SAVI. It has been reported that each is dedicated to and has developed smart container devices employing RFID technology. This technology will require the use of an RFID transceiver at certain foreign and U.S. ports. In U.S. ports these transceivers will interrogate inbound containers equipped with their devices by using 433 MHz, the only U.S.-approved frequency for the commercial shipping container market (Fact No. 4). Because they are published, the identification of U.S.- approved frequencies like 433 MHz used in the commercial shipping containers is available to any terrorist.
Fact No. 6: The combination of these factors provides the model and means of detonating explosive devices surreptitiously placed into locked RFID-equipped containers which when interrogated, transmit a “breach” or “non-breach” signal at destination in a U.S. seaport or in the case of motor carriage, at land port-of-entry.
Assume a container departs a foreign factory en route to a foreign port for sea carriage to the United States. En route the container is breached without opening the doors (Fact No. 2) and shielded nuclear waste along with an explosive device are placed into the container. An RFID antenna is cut into the wall of the container by a terrorist unseen from the outside, a 15-minute process (Fact No. 3). The container continues its journey into the foreign seaport for lading into a U.S.-bound vessel. The dirty bomb device can then be automatically armed by the interrogation signal of an RFID transceiver placed at the foreign port. The transceiver signal rides on an RFID frequency approved by the government of the foreign nation from which the container will be carried to the United States (Fact No. 4). However, given the additional differences of communication protocols among different regions of the world, it would even be simpler to insert an explosive device already armed. Even simpler would be to breach the container, place the explosive device and install a door switch to detonate the bomb when the doors are opened.
The container is subsequently loaded into the vessel which sails to the United States. Upon its discharge from the vessel, the locked container is interrogated in the U.S. seaport, responds with “safe condition” and then explodes. It explodes because the bomb was set to detonate upon receiving the mandated 433 MHz signal from the RFID transceiver, properly approved, installed, and used by those companies depending on RFID for container security.
This scenario can happen because we let it. DHS policies specifically are responsible for this scenario. Additionally, ’industries’ concern over costs, the degree of influence by industry lobbyists, and the lack of congressional oversight of a department with questionable experience and knowledge in container security all seem to share the blame.
What can we learn? First, door-only security is not only inadequate, but also dangerous. It represents a lack of either knowledge or sophistication, or both. It may even represent the acquiescence of DHS to industry lobbyists representing companies who have committed, perhaps foolishly, many dollars to RFID door-only applications. We must switch to end-to-end security applications that help monitor the security of the container at stuffing, which detect breaches through any part of the container and transmit the breach notification via satellite in real time, not delayed RFID time. Second, RFID for many other reasons should not be the preferred technology for global container security. Third, we must realize that essential characteristics of radio signals can serve as the very means of detonating explosives placed in the container. Finally, the current leadership and the quality of decision making of DHS personnel assigned to container security suggest a need for serious review and re-evaluation.
Authored by James Giermanski, Director for the Center for Global Commerce, Belmont Abbey College. Originally published in the American Shipper March 2006 issue.