Since the 9/11 attacks, the Department of Homeland Security (DHS) has focused considerable effort and resources on identifying and combating security threats prior to reaching U.S. shores. The U.S. Customs and Border Protection (CBP) accomplishes this in three ways – screening cargo at its port of origin, screening people at their airport of departure, and biometrically screening people upon arrival in the U.S. These programs allow the United States to address potential threats at their source. These programs also save the U.S. government millions of dollars in inspectional costs as well as saving companies millions of dollars in costs associated with transportation, storage, and fines. Depending on the nature of the business, the entire security operation could be affected by these programs, and understanding how they work is the key to realizing some of the potential benefits inherent in them.

Cargo Screening

The Container Security Initiative (CSI) was established shortly after the September 11, 2001, attacks on the United States by the CBP’s predecessor. CSI is designed to allow U.S. officials to identify high-risk shipments prior to their departure from a foreign port of entry and partner with customs officials at those foreign ports to examine those shipments and pursue intelligence generated by such examinations. According to CBP, 86 percent of all containerized cargo headed to the U.S. is prescreened prior to arrival on U.S. shores. Currently, CSI officers are posted in over fifty-eight foreign ports and eventually will include Halifax, Canada; Buenos Aires, Argentina; Bremerhaven, Germany; Piraeus, Greece; Hong Kong, China; and Dubai, UAE.

There are various requirements and responsibilities established for countries that agree to participate in the CSI program. These requirements were recently converted into federal law via section 205 of the Security & Accountability for Every Port Act of 2006 (SAFE Port Act). Customs officials must be able to inspect cargo “originating, transiting, exiting, or being transshipped” through the country. Examination equipment such as X-ray machines and radiation detectors must be available for such inspections. The Customs organization in the host country must share shipping data and intelligence with CBP, establish programs to ensure integrity of its processes, and must also assess and address port security vulnerabilities. The relationships established between CSI staff and their host counterparts are vital to maintaining the security of both the host country and the United States.

In addition to the numerous security benefits conferred on the United States by such a program, host countries are presented with several advantages as part of their participation in the CSI program. The information and intelligence sharing advantages realized from the United States importing an astronomical volume of goods from around the world are one benefit. Furthermore, should there be a terrorist attack, CSI ports, by virtue of the port security assessments mandated for participation in the program, would continue moving shipments to the United States while a non-participating port likely would not. CSI examinations significantly decrease wait-time for freight upon arrival in the U.S. because it has already been reviewed by CBP officials. Section 205(j) of the SAFE Ports Act authorizes DHS to "treat cargo loaded in a foreign seaport designated under the Container Security Initiative as presenting a lesser risk.”

In a similar vein, CBP also established the Secure Freight Initiative (SFI).The initiative was established by section 231 of the SAFE Port Act of 2006. It is a joint initiative between DHS, the State Department, and the Department of Energy. Current SFI ports include Hong Kong,China; Southampton, United Kingdom; Busan, South Korea; Salalah, Oman;and Karachi, Pakistan.

SFI requires shippers to provide CBP with ten specific data elements relating to their shipments 24 hours in advance of the shipment being loaded for transport to the U.S. As with CSI, shipments bound for the U.S. will be scanned using nonintrusive and radiation-detecting equipment. The scanning requirements, in the case of SFI, are actually statutory in nature, as described in Section 231 of the SAFE Port Act of 2006. The radiation-detection equipment mentioned here is also part of the Megaports Initiative, run by the U.S. Department of Energy. Any problems or issues resulting from inspection with those devices will either be resolved locally by the host country through physical inspection or CBP will advise the shipper not to load the shipment.

Technology involved in the cargo scanning includes Radiation Portal Monitors, which measure the radiation emitted by a container against the natural background radiation. If the measurement suggests the presence of radioactive material, an alert is generated. If an alert is identified, a hand-held scanner called a Radiation Isotope Identification Device is used to try to identify the radioactive material. Large-scale X-ray or gamma ray scanning equipment is used to image whole containers at a time, decreasing the need for manual inspection of an entire container, which could take hours to offload and re-load. Advanced upgrades to these technologies are planned in the near future.

SFI is described by CBP officials not as a replacement for the Container Security Initiative, but an enhancement of it. SFI responsibilities are carried out by existing CSI teams. The focus of SFI, however, is the data transmission and timing. The 24-hour window mandated by SFI allows both the host country and CBP personnel more time to evaluate incoming shipping data and target potential threats, thus enabling those threats to be resolved at a distance rather than on U.S. shores. Consider the scenario of a dirty bomb detonated at a U.S. seaport. The ship doesn’t have to be tied to the dock – it doesn’t even have to be in the harbor. To detonate such a device at the entrance to a U.S. port would have a devastating effect on both the U.S. economy and a substantial portion of the U.S. population. These programs are designed to mitigate the likelihood of such a scenario.

The CSI and SFI programs impact private security professionals in a variety of ways. A security professional involved, for example, in port security operations will likely have to adjust operations based on situations initiated by the operations of the CSI or SFI programs. Containers denied boarding would need to be either stored or removed from the premises. Containers deemed a radiological risk could result in emergency plans being activated for the vessel, seaport, or surrounding areas. Information may need to be obtained, confirmed, verified, or reported by security personnel regarding shipments, the container holding the shipment, the vehicle that brought the container into the port, the individual operating the vehicle, the individual loading the shipment, or the vessel the shipment is being loaded onto.

The information sharing encouraged by these programs may require the security professional to form new relationships or reinvigorate old relationships with government officials involved in these programs. The value of these types of networking relationships cannot be understated: to effectively work with government officials in furthering the aims of these programs may lead to other opportunities for shared training, operations, even a position with the government. Illicit activity encountered in a CSI/SFI-denied shipment may attach criminal or civil liability in either the host country or the United States that a security professional may have to investigate or report on. Security staff, in addition, may be called up on to secure the container in question until it can be relocated, removed, or even seized by authorities.

 Passenger Screening

In addition to cargo-related programs, CBP also has programs in place to detect and deter travelers that might pose a risk. In February 2006 the Carrier Liaison Program (CLP) was established as a pilot program. The purpose of this program is to train the employees of international air carriers to recognize improper or fraudulent travel documents that passengers present prior to boarding the aircraft. By identifying and recognizing such passengers, the airline can deny boarding. This substantially reduces the workload on CBP officers having to deal with them upon arrival on U.S. soil. The program is simultaneously advantageous to air carriers because by not boarding a passenger that is likely to be denied entry to the U.S., the air carrier will not have to transport that same passenger back from the U.S. entry point that denies them. The program contributes to the overall security posture because those that seek to attack the United States incur considerable risk in attempting to enter the U.S. illegally. Given the millions of passengers that arrive at U.S. entry points on international flights, screening out the few that seek to enter the U.S. for nefarious purposes is imperative, and to do so prior to their arrival on U.S. soil is in everyone’s best interest.

To support the Carrier Liaison Program, CBP established three Regional Carrier Liaison Groups with specific areas of responsibility. Honolulu covers the Asian and Pacific Rim countries, Miami covers Latin America and the Caribbean, and New York covers Europe, Africa, and the Middle East. These regional groups serve as contact points intended to assist air carriers with questions regarding entry to the U.S. whether for documentary requirements or admissibility requirements. These groups are for advisory purposes only. The Carrier Liaison Program publishes a guide that is posted on the CBP's Web site, providing information about various document types and U.S. entry requirements for air, land, and sea modes of transportation.

Some security managers might ask what relevance this type of program would have vis-à-vis their operations. As air carriers deny boarding to individuals—particularly those with tickets for expensive, multi-segment trips—those individuals may not react well to the news that they cannot continue on their trip. Security personnel may be called upon to resolve the situation or remove the irate individual from the airport. As an airport security manager, this situation may impact staffing or training requirements in order to safely address denial-of-boarding situations. It may also influence the positioning of security staff to better prevent such incidents by their presence or respond quickly to airline ticket counters where these encounters are likely to happen.

As the Carrier Liaison Program exists to help air carriers in intercepting fraudulent documents as well as individuals potentially inadmissible to the United States, another program provides a similar function for representatives of foreign immigration authorities. The Immigration Advisory Program (IAP), like the Carrier Liaison Program, is advisory in nature. This program, previously called the Immigration Security Initiative and before that the Immigration Control Officers Program, was reinstituted as a pilot program in 2004. CBP personnel attached to this program are posted in foreign airports and work alongside their host-nation counterparts, assisting them with targeting and risk assessment and making recommendations to foreign officials regarding the admissibility of individuals or the authenticity of their travel documents. Currently, IAP personnel are stationed in Amsterdam, Warsaw, London, Frankfurt, and Tokyo. Other locations may be added.

This program is relevant to the security manager in the same way that the Carrier Liaison Program is relevant. Security staff working international airport terminals at these locations may encounter individuals that have been denied boarding for a flight to or through the United States. Operational or training requirements may have to be adjusted to address these denials – some of the locations where this program is operational accomodate millions of air travelers each year.

Upon arrival in the United States, international visitors and now legal permanent residents are biometrically screened. The operational name of this program is the U.S. Visitor and Immigrant Status Indicator Technology Program (US-VISIT). The precursor program that became US-VISIT first appeared in the Illegal Immigration Reform & Immigrant Responsibility Act of 1996. Section 110 of that Act required the U.S. Attorney General to devise and implement within 2 years an automated program to track the entry and departure of aliens to and from the United States, and permit the automatic identification of those who failed to depart the United States within the time allotted them by immigration inspectors. Section 110 was adjusted in 2000 by the Data Management Improvement Act. The adjustments included requiring that the entry/exit database be "of the Department of Justice or the Department of State", that it be accessible to both consular officials and ports of entry, and that it also include the immigrant or nonimmigrant visa classification of the alien in addition to arrival and departure data.

Further refinements to the program that would eventually come to be called US-VISIT occurred after the September 11, 2001, attacks. The PATRIOT Act enhanced the entry/exit program previously mandated by including biometric capability. The Enhanced Border Security & Visa Entry Reform Act reiterated the previously mandated requirements and clarified that the technologies used should “facilitate the lawful and efficient cross-border movement of commerce and persons without compromising the safety and security of the United States.”

The entry/exit system was finally codified in Section 7208 of the Intelligence Reform & Terrorism Prevention Act of 2004 as a program within DHS called US-VISIT. This act established other parts of the program, including requiring guidelines and auditing procedures for collecting, updating, and/or removing data entered into the US-VISIT systems. It expanded and refined the data intended for collection by the biometric entry/exit system, synchronizing it with immigration benefit processing, visa application processing, immigration court matters, and establishing a unique identity number linked to the biometric information obtained. It also included establishing training programs to ensure that data is collected expeditiously and appropriately at any juncture within the system, be it a port of entry, embassy or consulate, or Citizenship & Immigration Services office.

US-VISIT was deployed in January 2004 at 115 airports and 15 seaports, followed by 50 land-border ports by the end of the year. The remaining ports were added by the end of 2005. Individuals subject to enrollment in US-VISIT include all international visitors to the U.S. with the following exceptions: children under age 14;  adults over age 79; visitors with visa classifications A, G, or NATO; and anyone exempted by order of the secretaries of State and Homeland Security. Initially, US-VISIT enrollment consisted of scanning two fingerprints, but in November 2007 the first 10-fingerprint scanners were brought online. The change from two prints to ten allows comparison with the FBI, Defense Department, and other government databases of criminals and terrorist suspects. In addition, as of January 2009 legal permanent resident aliens (green card holders) were also required to be enrolled in US-VISIT. It should be noted that at this time US-VISIT only tracks entries. Departures are still corroborated by the recording of the departure portion of the I-94 form that visitors complete upon arrival at a U.S. Port of Entry.

Unlike the other programs mentioned in this article, US-VISIT has an indirect impact on the security practitioner. One advantage to the US-VISIT program for security managers, especially given the dramatic rise in companies hiring foreign workers for specialty occupations under such visa classifications as H1B, is the added vetting that US-VISIT automatically provides. By using biometrics at the Ports of Entry, individuals can be linked to derogatory information in other government databases via their fingerprints. Another advantage is that the use of fingerprints also protects against identity theft.

Biometric information is supplied at the time the visa is applied for at the U.S. embassy or consulate overseas. Screening biometrics at time of entry verifies that the person that appeared at the Embassy for their visa is the same person that has presented themselves for entry. If there are any admissibility issues that are uncovered by those biometric identifiers, the company will only lose the money for the visa petition rather than having to deal with an employee being refused admission to the U.S. on a subsequent entry or even being deported. Depending on the employee, that could cost a company a great deal more money in hiring a replacement and retraining costs.

The programs discussed here are but a sample of the Herculean efforts of DHS to keep America and her allies safe. By interdicting potential threats away from U.S. shores, sharing intelligence obtained from these programs helps other countries to deal with transnational criminal or terrorist activities which in turn better protects everyone. The impact of these programs on the security professional is not always clear, but in these efforts lie the answer to preventing the next catastrophe.

Brion P. Gilbride, MSI, CSSM, CPO, has been employed by the U.S. Department of Homeland Security since 2001. He holds a Master of Strategic Intelligence degree from American Public University & a Bachelor of Science degree in Criminal Justice from York College of Pennsylvania. He holds both the Certified in Security Supervision & Management (CSSM) and Certified Protection Officer (CPO) designations from the International Foundation for Protection Officers. He is the author of three chapters in Security Supervision and Management, 3rd Edition, as well as the author of “Trade Wins Gather Momentum”, which appeared in the December 2003 edition of Security Management.

Note: The author's views do not represent those of DHS or any other U.S. government entity.