Some of the stories sound like they came straight out of a Hollywood crime drama -- think "Goodfellas" or even "The French Connection." The bad guys are sophisticated (and some not-so-sophisticated) criminals targeting billions of dollars worth of goods to sell on the black market. The plots take place all over the world -- from bands of thieves in Latin America to pirates off the coast of Indonesia to sneaky crooks hiding out near truck stops, warehouses and ports throughout the United States.
Though portrayed in the movies as lovable rogues, for manufacturers trying to move their products throughout the supply chain, these wrongdoers are much more than a mere thorn in their sides -- in some cases, they pose a threat to a company's very existence. According to the Federal Bureau of Investigation, cargo theft costs the United States $15 billion to $30 billion annually. Worldwide, cargo theft accounts for approximately $50 billion in direct merchandise losses, reports FreightWatch Group Ltd., an international logistics security agency. And the problem isn't expected to lessen any as more high-value goods move through global supply chains.
"The further flung your operations are, the harder it is to cast a net and control them, and as you cross global borders, that becomes even more of an issue because you're dealing with different government regulations and different political backgrounds," says Theodore Stank, head of the University of Tennessee's Marketing and Logistics Department. Electronics, pharmaceuticals and other high-end goods are thieves' biggest targets. The most vulnerable regions are in areas such as Latin America and South Africa where the disparity between the poor and wealthy is the greatest, says Barry Conlon, president of FreightWatch.
Supply Chain Security's Added Benefit
One reason for this trend, says Conlon, is the increasing practice of manufacturers packing full truckloads of finished goods to be delivered just in time. The trailers stuffed with expensive merchandise often prove too tempting for crooks seeking a quick, high-reward heist.
In fact, domestically supply chain security has become such an issue that in 2006 Congress approved a provision to include cargo theft in the Patriot Act reauthorization. The amendment increases criminal penalties for cargo theft and led to the creation of a cargo theft database, adding to standards and measures already in place, including the Customs-Trade Partnership Against Terrorism (C-TPAT) and ISO/PAS 28001:2006.
But the government can only do so much to thwart crime.
Manufacturers are finding that they need to fight back with high-tech solutions and crime prevention programs of their own. They're also assessing their suppliers and customers to ensure that they're following certain security standards.
Manufacturers address their trading partners' security standards in different ways but with the same goal in mind. One chemicals manufacturer participating in a 2006 Manufacturing Institute supply chain security study said the company has developed a customer screening and qualification process for security-sensitive products. Another manufacturer participating in the study, "Innovators in Supply Chain Security: Better Security Drives Business Value," said its suppliers must adhere to freight security standards set by the Technology Asset Protection Association.
At computer giant IBM, the company's No. 1 priority when it comes to supply chain security is working with suppliers, says Theo Fletcher, vice president, import compliance and supply chain security. That's because the company today relies more than ever on its trading partners' security as IBM's supply chain has expanded globally.
"We're doing business in more places around the world than we ever have before, and we depend on a lot more partners, a lot more suppliers than we ever did in the past," Fletcher says. "So our priority is to make sure that we're working with all of those partners, whether they be the countries we do business with or the suppliers who we use to make sure that throughout our entire supply chain we are as secure as possible."
At the supplier level, Fletcher says the company makes sure its vendors understand IBM's security requirements and that they're adhering to those standards within their facilities and as the goods are being transported. IBM requires that suppliers have "access security" that identifies anyone entering the facility through the use of background checks and physical security devices. IBM also develops relationships with suppliers by choosing a select few, which the company uses extensively, that meet its security needs.
When agreements with trading partners aren't enough, manufacturers are turning toward technologies that James Bond probably would find useful. They include biometrics, radio-frequency identification (RFID), GPS tracking systems and electronic cargo seals. These devices provide manufacturers with the visibility they need to track and trace their products.
"If your products are labeled with something that can talk to you and say, 'Here I am,' then it's much easier to take control of it," Stank says.
IBM places electronic seals on containers that immediately send a signal when a package has been tampered with. Electronic seals are much more challenging to bypass than the old-fashioned mechanical seals, which could easily be cut, observes Adrian Gonzalez, director of the logistics executive council at ARC Advisory Group. The seals are usually enabled by an active RFID tag. "There's a whole movement toward developing a smart container that has different types of sensors embedded within the container," Gonzalez says.
These "smart containers" also include light sensors that detect light when a package has been opened and radiation sensors that monitor temperature and humidity, the latter being used more for quality assurance.
Purdue Pharma LP, makers of the powerful painkiller OxyContin, has adopted similar technology to protect its highly vulnerable assets. The company places RFID tags with time, date and location information on individual bottles of drugs combined with covert GPS devices to outsmart thieves, says Aaron Graham, Purdue Pharma's vice president and chief security officer.
"A lot of people will put GPS on the truck or tractor, but what happens is bad guys steal the truck, take the drugs off the truck, ditch the truck somewhere, and the cavalry comes hustling along the highway and recovers the truck -- it's empty because bad guys aren't stupid," says Graham, a former Drug Enforcement Agency agent.
Purdue Pharma affixes the GPS device, which Graham describes as being the size of a BlackBerry, inside the box where the product is stored on top of a pallet. With the combined RFID/GPS system, the company can track shipments around the world, including Latin America, where theft is a major concern.
The consequences of a security breach within the pharmaceutical industry are so great that Purdue Pharma has implemented technology within its own facilities. At the operations level, the company utilizes a biometrics system that ties plant workers' fingerprints to their identification cards, along with a closed-circuit surveillance system, to protect itself against internal theft.
Used selectively, technology can provide the visibility manufacturers need to protect their products, but it's not a panacea. "If you implement GPS throughout your entire supply chain, there are some areas of your supply chain that are low risk, and it doesn't make good business sense to put GPS there, whereas you may have other regions or other parts of your supply chain that are higher risk where GPS is definitely needed," says Scott Dedic, director of supply chain security, Sony Electronics Inc. "We have to take a look at a risk-based approach to making these decisions and then put the right solutions in place rather than taking a cookie-cutter approach."
Dedic, who serves as chairman of the International Cargo Security Council's executive committee, also points out that enforcing supply chain security has become more complex as supply chains have expanded. Globalization means more opportunities for manufacturers but, says Dedic, also exposes companies to countries that are new to supply chain security and don't understand how to properly apply it.
In addition, security personnel who previously focused on protecting cargo must now expand their expertise to encompass the entire supply chain from logistics and international processes to laws and standards, such as C-TPAT. "I envision at some point in time somebody will be offering supply chain security training," says Dedic. "But I think that's a while down the road because you still have to identify what the field is going to look like, and it's changing so rapidly because of issues like C-TPAT and ISO 28001 and a lot of external stakeholders and supply chain processes."