Wholesale and Retail Trade

 

 

https://adminsm.asisonline.org/Pages/Safer-Shipping.aspxSafer ShippingGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652018-11-01T04:00:00ZMichael Edgerton, CPP<p>For almost two decades, maritime security has largely been framed by the implementation of the International Ship and Port Facility Security (ISPS) Code, which focuses on detecting and preventing security threats against ports and ships. But due to increasing concern for the safe and secure movement of cargo, as well as the maturity of the implementation of the ISPS Code over the last 14 years, maritime security has begun to focus on treating ports and ships as conduits within the supply chain—not just targets. </p><p>This shift from port and vessel security to broader cargo and supply chain security is driven by the evolution of both global trade and threats to the supply chain—issues that the ISPS Code does not adequately address. While the code has well-established security requirements for ports and ships, it views these assets as targets of nefarious activities—specifically terrorism—and not as broader conduits of illicit activity or movement of contraband or theft of cargo. </p><p>As global trade continues to increase at a rapid rate, there is more cargo in the system, as well as an increasing reliance on just-in-time delivery, which makes cargo and supply chain security more sensitive to disruption, with greater potential impacts. The movement of cargo is also increasingly dependent on electronic data streams, which increase the risks of converged cyber, physical, and operational security challenges. Maritime security is no longer just about protecting vessels and ports—it goes hand-in-hand with cargo and supply chain security. Updated codes, regulations, and best practices should reflect this evolution of the industry. This shift should emphasize a broader focus on maritime security as an integrated system of physical assets, cargo, and data that needs to be secure and resilient, rather than simply a collection of ports and ships that need to be protected.  </p><h4>​An Evolving Industry</h4><p>The amount of cargo shipped by ocean containers has multiplied almost 17 times over the last few decades, from 102 million tons in 1980 to 1.7 billion tons in 2016.</p><p>Trade expansion. Global trade continues to expand at an extremely rapid rate. The United Nations Conference on Trade and Development (UNCTAD), in its Review of Maritime Transport 2017, found that global maritime trade increased 2.6 percent between 2015 and 2016. Trade has nearly doubled since 2000, the UNCTAD review found, and will continue to increase at a rate of 3.2 percent per year through 2022. This expansion of trade will drive increased cargo throughput in ports around the world and result in greater potential disruption of the supply chain.  </p><p>With increasing trade comes the need for infrastructure growth, but the land constraints of existing ports within cities in some regions is fairly significant. An increase in the development of new ports in areas where land is more plentiful is taking place globally, as well as the expansion of existing ports through the creation of inland container yards that are not physically adjacent to the port. </p><p>These developments create both security opportunities and challenges. The construction of new ports provides the opportunity for physical, operational, and cybersecurity to be designed into new projects. Properly planned and executed, this approach can create security efficiencies that can contribute to the overall operations of a new port. For existing ports, the increase in moving cargo to off-port, inland storage areas complicates cargo and supply chain security within port regions by adding additional movements between facilities within a port network. This requires additional measures of tracking, information flow, and physical security that previously may not have been necessary. </p><p>System sensitivity. Just-in-time delivery of products continues to drive changes in shipping and supply chain management. Since its inception in the 1950s and 1960s Japanese auto industry, the concept of retaining minimal inventory by retailers or manufacturers has continued to mature and expand to many industries. The result is the reduction of large warehousing operations and an increase in smaller regional warehouses where small inventories are kept for short periods of time. The concept of just-in-time delivery relies on the continued functionality of its associated supply chain to ensure the delivery of goods and parts when necessary. A disruption of any part of the supply chain, whether due to physical risks or a lack of trust in the integrity of the supply chain, can have extremely disruptive effects on industries, markets, and economies.  </p><p>While estimates vary, a shutdown of ports on the West Coast of the United States could have a financial impact of anywhere from several hundred million dollars per day to one billion dollars. Further, shipping would be disrupted in other geographic locations because ships would be stuck at anchor off U.S. ports, and other ships would experience delayed departures from Asian and European ports until the dispute was resolved. A study performed by the Interindustry Forecasting at the University of Maryland (Inforum) in 2014 projected that the potential economic impact of a 10-day shutdown of U.S. West Coast ports would result in 169,000 disrupted jobs, a reduction in the gross domestic product of 0.12 percent, and a cost to the American economy of $2.1 billion per day. </p><p>Cybersecurity. The maritime industry is in the throes of adapting to the digital age, and for shipping and ports, cybersecurity has several distinct characteristics. Cybersecurity is important to the operating technologies within ports and shipping companies; it can have a direct effect on the ability of those elements of the industry to perform. This includes systems such as supervisory control and data acquisition (SCADA), industrial control systems (ICS), security scanning and access control systems, and ship navigational and propulsion systems. The compromising of these systems and data could be debilitating to the global supply chain.</p><p>The shipping industry is rich in data that could be valuable to criminals or terrorists, including personal and human resources data; financial data such as contracts, banking details, and money transfers; cargo data, including cargo contents, destinations, shipper and consignee information, and cargo seal numbers; and other logistics and business operations systems. In the infamous Port of Antwerp case, criminals accessed information systems in the port for two years beginning in 2011 and were able to use the information they obtained to target cargo for narcotics trafficking and facilitate cargo theft.  </p><p>In the port environment, security management is increasingly split between the port facility security officer (PFSO)—who is responsible for ISPS compliance and company security—and cybersecurity, which is often within the purview of the information technology manager. This management arrangement reflects corporate management structures that were common before the convergence of physical, cyber, and operational security. </p><p>As the lines between security disciplines increasingly blur, the need for a new management structure is evolving. This challenge is exacerbated by the skill sets traditionally required by each position. PFSOs are often former or retired law enforcement or military personnel who may not have deep knowledge in cyber or information security. Conversely, the information technology staff may not have expertise in broader physical security issues and investigative requirements.   </p><h4>​A Challenge of Governance</h4><p>There are many standards and codes that provide some governance to supply chain security programs, but none of them are mandatory, and there is no industry standard governing cybersecurity. The lack of a globally accepted and mandated standard that addresses present-day maritime security challenges poses a significant challenge to the likely shift towards cargo and supply chain security.</p><p>The ISPS Code—the current maritime industry security model—was introduced after the September 11, 2001, terror attacks and came into worldwide force in 2004. Because of the focus at the time on the protection of critical infrastructure, the code was designed to emphasize the prevention of attacks on ports and ships rather than the use of ports and ships as channels of illegal activity, contraband, or persons. While the code addresses access control and some cargo issues, the focus on cargo security is minimal.  </p><p>Additionally, the ISPS Code does not address cybersecurity in a meaningful way and has not been updated since its adoption in 2004. It was implemented before the rapid advancements in information technology, the Internet, and the shipping industry, and does not address those digital security issues that have arisen in recent years. While still relevant and effective in protecting ships and ports from attack, the code is not fully effective in addressing cargo security issues and merging cybersecurity challenges associated with the industry.</p><p>Other common supply chain security programs, codes, and standards include the World Customs Organization's SAFE Framework, the International Standards Organization's ISO 28000 series, and numerous national and regional programs such as the U.S. Customs Trade Partnership Against Terrorism (CTPAT) and the European Union's Authorized Economic Operator (AEO) program. These programs have common features, including a focus on the vetting and reliable behavior of participants. Unlike the ISPS code, which focuses on physical and operational issues, most supply chain security programs require a history of compliant behavior by participants before full acceptance into the programs. Further, participants must have well-established security policies in place, including processes to protect the integrity of data that is shared with governments.    </p><p>While the ISPS code is mandatory for ports and ships that trade internationally, supply chain programs are not mandatory and are incentivized by the promise of expedited entry into target markets and minimized inspections by participating customs agencies. In reality, the level of expedited access appears to vary with some programs being perceived as more beneficial to participants than others.  </p><p>Additionally, there is no global cybersecurity standard or requirement for ports or shipping. The International Maritime Organization (IMO) intends to require that cybersecurity be included as a component in the Safety Management System of ships starting in January 2021, but there is no similar effort for ports. Further, by including the cybersecurity requirements in the Safety Management System, the focus is likely to be on the potential risks for cyberattacks or compromise to vessel operating systems rather than the protection of sensitive data.  </p><p>Therefore, cybersecurity in ports remains largely ungoverned, except for the efforts of some national governments. For example, the U.S. Coast Guard is in the process of developing an approach that will involve including cybersecurity in the development and approval of facility security plans. These national-level efforts, however, do not equate to a globally accepted approach to maritime supply chain and cargo security.   </p><h4>​The Future of Maritime Security</h4><p>Considering the developments of increased trade, greater sensitivity to disruption, convergence of types of security, and a lack of global governance beyond the ISPS Code, there should be a shift in port and maritime security to a supply chain approach where ports and ships are conveyances and conduits. Security professionals and policymakers must focus on infrastructure, ships, and ports as facilitators, conduits, and conveyances of cargo, goods, and people. This requires a shift in thinking away from the current emphasis on ships and ports as potential targets of possible attack. </p><p>Information in the maritime industry is as important as the infrastructure. This includes the potential for cyberattacks and compromise that may target navigation systems, operating technology, or industrial control systems, but also the equally important potential compromise and manipulation of data to facilitate the trafficking of contraband, cargo theft, or financial crimes.</p><p>To address these converged risks in a comprehensive and industrywide manner, port cybersecurity standards or requirements should be developed and included in supply chain security standards that are globally accepted and enforced. These supply chain security requirements should be developed and promulgated by a respected, international organization with an official status as an intergovernmental organization—preferably within the UN system—and should be implemented along the same lines as the ISPS Code with the commitment of all signatory countries to enforce the new code. If the IMO is not the appropriate organization for port and supply chain security standards, then other potential candidates could include the World Trade Organization or World Customs Organization.  </p><p>Additionally, maritime industry port and vessel operators need to organize themselves to reflect the changing requirements of the digital age. The roles of the PFSO and the IT director need to be aligned in some form to ensure a unity of effort across all facets of security within the organization. Further, this effort must have high visibility in top management, and staffing and position descriptions will need to adjust to reflect the need to provide senior leadership expertise in cybersecurity and cargo security. </p><p>Global trade is dynamic and will only increase. More than 80 percent of cargo travels by sea, thereby inexorably linking supply chain and maritime security. And to protect the ever-evolving industry, individual organizations and international standards alike must adopt best practices that address such changes.  </p><p>​<em>Michael Edgerton, CPP, vice president of HudsonTrident, Inc., is a retired military officer with service in both the U.S. Navy and U.S. Coast Guard. He is a member of the ASIS international Global Terrorism, Political Instability, and International crime council and the author of the book, A Practitioner's Guide to Effective Maritime and Port Security.</em></p>

Wholesale and Retail Trade

 

 

https://adminsm.asisonline.org/Pages/Safer-Shipping.aspx2018-11-01T04:00:00ZSafer Shipping
https://adminsm.asisonline.org/Pages/Preventing-Port-Problems-.aspx2018-10-01T04:00:00ZPreventing Port Problems
https://adminsm.asisonline.org/Pages/Preventing-Port-Problems.aspx2018-10-01T04:00:00ZPreventing Port Problems
https://adminsm.asisonline.org/Pages/Striving-for-Higher-Standards.aspx2018-07-01T04:00:00ZStriving for Higher Standards
https://adminsm.asisonline.org/Pages/Raising-the-Bar-Food-Defense.aspx2018-06-01T04:00:00ZRaising the Bar: Food Defense
https://adminsm.asisonline.org/Pages/February-2018-Industry-News.aspx2018-02-01T05:00:00ZFebruary 2018 Industry News
https://adminsm.asisonline.org/Pages/Subway-Surveillance.aspx2017-11-01T04:00:00ZSubway Surveillance
https://adminsm.asisonline.org/Pages/The-Most-Resilient-Countries-in-the-World.aspx2017-05-11T04:00:00ZThe Most Resilient Countries in the World
https://adminsm.asisonline.org/Pages/Redefining-Loss.aspx2017-04-01T04:00:00ZRedefining Loss
https://adminsm.asisonline.org/Pages/Surveillance-and-Stereotypes.aspx2017-04-01T04:00:00ZSurveillance and Stereotypes
https://adminsm.asisonline.org/Pages/Crime-of-Opportunity.aspx2016-12-01T05:00:00ZCrime of Opportunity
https://adminsm.asisonline.org/Pages/Book-Review---Supply-Chain-Risk.aspx2016-10-01T04:00:00ZBook Review: Supply Chain Risk
https://adminsm.asisonline.org/Pages/Six-Food-Defense-Changes.aspx2016-06-01T04:00:00ZSix Food Defense Changes
https://adminsm.asisonline.org/Pages/Safety-at-Sea.aspx2015-07-20T04:00:00ZSafety at Sea
https://adminsm.asisonline.org/Pages/Surveillance-for-Security-and-Beyond.aspx2015-06-15T04:00:00ZSurveillance for Security and Beyond
https://adminsm.asisonline.org/Pages/Strategic-Shrink-Reduction.aspx2015-02-01T05:00:00ZStrategic Shrink Reduction
https://adminsm.asisonline.org/Pages/Chain-Reaction.aspx2015-01-01T05:00:00ZChain Reaction
https://adminsm.asisonline.org/Pages/Retail-Theft-Inc.aspx2014-10-01T04:00:00ZRetail Theft, Inc.
https://adminsm.asisonline.org/Pages/the-intelligence-triangle.aspx2014-09-01T04:00:00ZThe Intelligence Triangle
https://adminsm.asisonline.org/Pages/target-breach-offers-protection-lessons-0013247.aspx2014-04-01T04:00:00ZTarget Breach Offers Protection Lessons

 You May Also Like...

 

 

https://adminsm.asisonline.org/Pages/Strategic-Shrink-Reduction.aspxStrategic Shrink Reduction<p>​<span style="line-height:1.5em;">Security’s long battle against retail theft continues, and it is far from won, but some retailers are making gains. Loss prevention strategies are becoming increasingly more sophisticated, with some retailers leveraging cutting-edge technology, analytics, and an even more engaged workforce to fight thieves and stay one step ahead of always-evolving shoplifting methods.</span></p><p> Global shrink has declined by 4.8 percent in the last year, due in part to an increased focus on loss prevention measures, according to a recent study of retail theft across the world. The report, The Global Retail Theft Barometer 2013-2014, examined the cost of merchandise theft in the global retail industry in 24 countries spread throughout Asia, Europe, North America, and South America.</p><p>What’s driving the progress? One major factor is increased investment in loss prevention programs. The study found clear correlations between how much a country’s retail industry spent on loss prevention and the retail loss rate in that country. Countries with the best shrink reduction rates had spent the most on preventive countermeasures, while those with the highest losses spent the least on prevention.</p><p>This is a lesson that some retailers in the United States could benefit from, says Ernie Deyle, former vice president of loss prevention for CVS/Caremark who now leads the shrink reduction and margin recovery practice for SD Retail Consulting. Deyle says that when he does “triage” work in the field, some stores consider loss prevention an expense area, a place where they minimize spending in hopes of minimizing costs. So the idea that loss prevention is actually a competitive asset area is “usually overlooked,” often to the detriment of the store’s financial bottom line. “When you control loss, you improve your profit,” says Deyle, who helped conduct the study in conjunction with The Smart Cube, a research and analytics firm. </p><p>However, simply spending more money on prevention is not the sole answer to the problem, Deyle adds. The report found that the most effective loss prevention programs are multifaceted: they often combine the strategic use of technology and physical security measures with data analytics.</p><p>For example, a multifaceted program might employ electronic article surveillance (EAS). EAS devices have been shown to be among the most effective of retail security technologies, the report found. But relying on one tactic or device, even one as effective as EAS, is “like putting up a gate with no fence,” Deyle says. </p><p>Instead, multifaceted loss prevention programs may couple an EAS system with a merchandising plan that covers product placement strategies to avoid theft. The merchandising plan might use analytics on loss data to determine things like what shelves are most vulnerable to theft, which items are most likely to be stolen, and when peak theft occurs. Product placement strategies might include the best arrangements and facings for items to minimize theft, Deyle explains. For example, arranging products in a way that takes longer to lift them off the shelf can deter some shoplifters. “They want quick in, quick out, without being noticed,” Deyle says. </p><p>Moreover, loss prevention plans should be constantly evolving. Shoplifters who are foiled will change their practices accordingly, so retailers need to continually change their tactics as well. “It’s about being strategically positioned,” Deyle says. “You need to stay ahead of the curve.” </p><p>While the 4.8 percent global shrink decline is encouraging, retail shrink still costs an estimated $128 billion worldwide, evidence that theft is still a serious problem for the industry, according to the report. The loss is the equivalent of 1.29 percent of sales in each of the 24 countries examined in the study. The annual cost of shrink to households, as passed on from retailers, ranges from $74 to $541, depending on the country. </p><p>Roughly two-thirds of shrinkage worldwide (slightly more than 65 percent) is due to shoplifting, followed by employee theft. In most countries (16 of 24), shoplifting is the biggest cause of shrinkage, but this can vary. For example, in the United States, employee theft ranked first at 43 percent, with shoplifting next at 37 percent. In Norway, a low shrinkage country, administrative losses are the major source of shrinkage.</p><p>Comparatively, shrinkage rates across the 24 countries in the report range from 0.83 percent to 1.7 percent. Mexico recorded the highest rate—1.7 percent—followed by China with 1.53 percent. The lowest shrinkage rates were in Japan, Norway, the United Kingdom, and Turkey. </p><p>In the United States alone, retail theft costs $42 billion annually, equal to an average of $403 per household. Shoplifters and dishonest employees most commonly target products that are easy to conceal and then resell.  Some of the most frequently pilfered items include mobile phones, spirits, fashion accessories and jewelry, makeup products, and computer tablets.  </p><p>Almost all types of U.S. retail stores were hit by employee theft and shoplifting, but the most affected were U.S. discounters, with losses equaling 2.78 percent of sales; pharmacies/drugstores, 2.16 percent; and supermarkets/grocery retailers, 1.38 percent. These three types of stores witnessed the highest shrink rates because of the widespread prevalence of organized retail crime combined with relatively lower loss prevention spending, according to the report. </p><p>While retailers are making progress with sophisticated loss prevention programs, another recent report points the way toward an alternate means of reducing retail shrinkage—by improving the engagement level of the workforce. </p><p>This report, Making the Link: the Role of Employee Engagement in Controlling Retail Losses, surveyed more than 200,000 staff members in 1,570 stores under three European retail chains. Employee engagement was measured across 18 factors, such as “staff believe their ideas and suggestions are taken seriously” and “staff feel appreciated and valued.” Four indicators of retail loss were examined: shrinkage, waste, cash loss, and lost sales driven by out-of-stock merchandise. The report was conducted by ECR Europe’s Shrinkage and On-Shelf Availability Group, with support from the University of Leicester. </p><p>The study found that 15 of the 18 employee engagement factors influenced store loss. It also found that the stores that had the highest loss rate could significantly reduce that rate with a more engaged workforce. The report “graphically highlights the difference that engaged and valued staff can make to retail profitability—not just by providing excellent customer service, but also through a reduction in the many and varied losses retailers experience,” write the authors of the report. (For more on employee engagement best practices, see “The Disengagement Dilemma” on page 52).  </p><p>Like the previous report, Making the Link also found that managers played a pivotal role in keeping employees engaged. To heighten engagement levels and reduce loss, the authors recommended that managers provide more opportunities for staff development, keep staff informed about the organization, solicit staff ideas, and make sure that staff have satisfying, manageable roles. </p><p>“For all the advances in technology and analytics, the importance of employees must not be minimized,” the authors write. “Retailing is fundamentally about people—principally the customer but also the employees tasked to service their needs.”</p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465