Global Movement Management: Strengthening Commerce ... · PDF fileGlobal Movement Management: Strengthening Commerce, Security ... Global Movement Management: Strengthening commerce,
Post on 15-Mar-2018
223 Views
Preview:
Transcript
Global Movement Management:Strengthening Commerce, Security and Resiliency in Today’s Networked World
IBM Global Business Services
W. Scott Gould, Daniel B. Prieto, and Jonah J. Czerwinski
IBM Global Business ServicesPage �
Table of Contents
Acknowledgments 5
Foreword 7
ExecutiveSummary 9
I. TheUniqueCharacterofRiskinthe21stCentury 19
II. IntelligentImmunity:ANewApproachtoAddressGlobalRisk 27
III. ApplyingaGlobalMovementManagementFramework 31
IV. StrategicHumanCapital:BaselineforSuccess 43
V. TechnologytoEnableInformationSharing 55
VI. Governance:ACoordinatedApproach 75
VII. MovingForward 93
AbouttheAuthors 97
AcronymsandGlossaryofKeyTerms 100
AppendixA.GlobalMovementManagementAnalysisoftheMaritimeCargoSector 105
AppendixB.AdditionalDetailonMaritimeSecurityPrograms 113
AppendixC.DirectandIndirectBenefitsofSecurityInvestments 115
To request additional copies of this paper, please visit: ibm.com/gbs/government
IBM Global Business ServicesPage �
AcknowledgmentsTheauthorswouldliketothanktheircolleaguesatIBMforcontributingvaluableinsightsandprovidingsupportduringtheprocessofwritingthispaper,especiallyDavidAmoriell,DavidAbel,JulieAnderson,MilindaBalthrop,BryanBarton,JoniBettge,RobertBiciocchi,CourtneyBromley,LiaP.Davis,LeighCoen,IgorFrolow,ThomasGlenn,ArnoldGreenland,JoiGrieg,AlanHeath,PaulHempstead,ChristerJohnson,JeffJonas,ShannonKarl,DavidLipstein,JimLoving,RobertLuby,DavidMcQueeney,HarrietPearson,MarkPurcell,VicRomita,RichardRybacki,LaurieSkantze,LeanneVieraandMichaelWilson.Inaddition,ChristianBeckner’scontributionsinthepreliminarystagesofdevelopingthispaper,andastheco-authorofthefirstGlobalMovementManagementpaper,werecriticaltothisproject.
Severaloutsideexpertscollaboratedwiththeauthorsindevelopingthecoreideasinthispaper.TheyincludeScottBorgerson,StephenE.Flynn,WilliamK.Hagan,AdmiralJamesHull,RobKnake,JohnScottandJohnRaidt.TheauthorsarealsogratefulfortheexcellentresearchsupportprovidedbyStevenBogdenandMeghannKing.AdministrativesupportfromCharlynIsaacandThealishaMusealsowasindispensable.Oureditor,KarenPorterfield,providedthehighestlevelofdedicationtothiswork,andwearethankfulforherprofessionalcommitment.TheauthorsalsoacknowledgethenumerouscontributionsfromcolleaguesinthefederalgovernmentattheDepartmentofHomelandSecurity,DepartmentofState,DepartmentofDefense,andmembersofCongressandtheirstaffwithwhomtheauthorsmet.Consultationswiththeseindividualshelpedtoinformthispaper’spresentationofrisk,existingpublicsectoreffortsandthecriticalchallengesfacedbythenation’shomelandsecurityleadershipanditsmanydedicatedpractitioners.
IBM Global Business ServicesPage �
Global Movement Management: Strengthening commerce, security and resiliency in today’s networked world
ForewordIBMintroduceditsGlobalMovementManagementstrategyin2005initspaper,“GlobalMovementManagement:SecuringtheGlobalEconomy.”Thatpaperassertedthat,despitethedauntingcomplexityofthemyriadglobalmovementsystems,virtuallyallaremorealikethandifferent.Webelievethatpolicymakers,businessleadersandsecurityprofessionalsshouldfocusonthesesimilaritiesasthekeytodevelopingsoundstrategiesforimprovingtheperformance,securityandresilienceofglobalmovementsystemswhilealsoseekingtopreservecoresocietalvalues.
Reactionstothecentralideasproposedinthatfirstpaperwereoverwhelminglypositive.Manyofthestakeholdersweengaged–homelandsecurity,militaryandintelligenceofficialsintheUnitedStates;customs,portsandborderorganizationsaroundtheworld;Congressionalmembersandstaff;think-tankexperts;andmembersofthebusinesscommunity–acknowledgedthevalidityofthecentralideas,especiallytheneedforacommonvisionandframework.Manycalledforadditionaldepthanddetailastheydelvedintotheirspecificareasofinterest.IBMitselfrealizedadeepconnectionbetweenrisksintheglobalmovementsystemandIBM’sownabilitytodeliverproductsandservicesaroundtheworldasagloballyintegratedfirm.
Themoreweunderstoodthecommonneedsofallstakeholdersintheglobalmovementsystem,themorewecametounderstandthatthereisanurgentneedforvirtuallyallcompaniesandgovernmentstomaintainthehealthandwelfareofglobalmovementsystemsandstrengthenthemwhereverpossible.Furthermore,thereisenormouspotentialtocreatenewmarketsforproductsandservicesthatstrengthentheglobalmovementsystem.Finally,astrategicapproachtoglobalmovementsystemscanhelpstrengthenpublicpolicy,promotegreatercooperationbetweenstakeholdersandguideinvestmentdecisions.
IBM Global Business ServicesPage �
Inresponsetostakeholderrequestsformoreanalysisonthesubject,wedevelopedthispaper,“GlobalMovementManagement:Strengtheningcommerce,securityandresiliencyintoday’snetworkedworld.”Thispaperbuildsonthepreviouspaperinfourways:
We analyze risk in the 21st century using a new approach for managing the
unique risks facing the global community today.
We provide an updated and more comprehensive analytical framework for
analyzing strengths, weaknesses, opportunities and threats in specific individual
movement systems.
We provide examples of how to apply the revised and extended Global Movement
Management analytical framework to help guide policymakers, business leaders
and the public concerned with strengthening global movement systems.
We present a strategy and specific recommendations to build what we call
“intelligent immunity” into global movement systems through employing
strategic human capital, technology and governance.
Mostimportantly,thispaperpresentsastrategicvisiontoguidetheeffortsofavastnetworkofstakeholders,avisionthatislargelyabsentfromtoday’sefforts.Itisacalltoactionforindividuals,companiesandgovernmentstoworktogethertohelpmaketheglobaleconomymoresecureandresilientwhileimprovingcommerceandprotectingprivacy.Thispaperalsoprovidesthemeansforcorporationstodrivegreaterharmonizationintheglobalmovementsystem,resultinginlowertotalcostsandhigheroverallperformance.Finally,itprovidesgovernmentandotherregulatoryorganizationswithameanstoimprovesecurityandresiliencewithoutharmingcommercialinterests.
Thereisnodoubtthatachievingthesegoalsisachallengewithprofoundeconomic,human,technologicalandgovernmentalimplications.Weinviteourreaderstoengageinthisefforttostrengthencommerce,securityandresiliencyintoday’snetworkedworld.
•
•
•
•
IBM Global Business ServicesPage �
Executive summaryThehealthandwell-beingofmodernsocietydependonhighlyintegrated,complexeconomicsystemsthatservetomovepeople,cargo,conveyances,moneyandinformationaroundtheworldeveryday.Thesesystemsinclude,forexample,immigration,aviationandtransitsystemsforthemovementofpeople;maritime,truckingandaircargoforthemovementofgoods;pipelinesandelectricgridstotransportfuelsandenergy;andtheInternetandothercommunicationsnetworkstomoveinformationandtoenablefinancialflows.Collectively,thesesystemscompriseacirculatorysystemfortheglobaleconomy:whatwerefertointhispaperasthe“globalmovementsystem.”
Globalmovementsystemsembodyauniqueintersectionofpublicandprivateinterests.Theyarelargelyownedbytheprivatesector,andusersaremostlycompaniesandthegeneralpublic.Atthesametime,thefunctioning,availability,securityandstabilityofthesesystemsareessentialeconomic“publicgoods,”1
inwhichgovernmentshavesignificanteconomic,nationalsecurityandpublicwelfareinterests.Societyexpectsglobalmovementsystemstobelikewater,electricityandotherutilities:Peoplesimplyexpectthemtoworkandtobeavailableondemand.Whentheyfail,consequencesarerapid,widespreadandsignificant.
Twenty-fourhoursaday,sevendaysaweek,theglobalmovementsystemshuttlesgoodsandservices,capitalandlabor,andbitsandbytesaroundtheglobetoprovidethesubstanceofdailylife:jobs,wages,food,electricity,education,newsandinformation,andleisureandentertainment.Asaresult,nationsandeconomiesarebecomingincreasinglyintegratedandinterdependent.TheUnitedStatesreliesontherestoftheworldtosupplytwo-thirdsofitsoilandtofinance44percentofitspublicdebt.2Chinareliesonexportsfor36percentofitsgrossdomesticproduct(GDP).3TheprimaryengineofIndia’srecenteconomicgrowthhasbeeninformationtechnologyoutsourcing,eventhoughitaccountsforonly5percentofIndia’sGDP.Tourismaccountsforalmost20percentofGDP4inmanyLatinAmericancountries.5Emergingmarkets’shareofglobalexportsdoubledfrom20percentin1970to43percenttodayandemergingmarketshold70percentofforeignexchangereserves.6AfricahasrecentlyemergedasamajorpetroleumexporterandisdevelopingstrategiceconomicrelationshipswithChinaandIndia,providingcommoditiesfortheirrapidindustrialization.
IBM Global Business ServicesPage 10
Global movement systems as exploitation targetsAtthesametime,however,thesamesystemscanthreatensocietiesandeconomiesiftheyareexploitedbymaliciousactorstoinflictharmorifnaturallyoccurringdisruptionsaremanagedpoorly.Thetightintegrationofglobalsystemsmeansthatdisruptionsthatmayseemsmallorlocalizedatfirstcanrapidlymagnify,spilloverintoothersystemsandcauseseriousharmthatisdifficulttoenvisionorpredict.
Thesechallengesarethenaturalresultofthenetworkednatureandsheercomplexityoftoday’smodernglobaleconomy.Theeffectsarewelldescribedbychaostheory,whichassertsthatevenrelativelysimplesystemsthatobeyknownrulesandbehaviorscandisplayunpredictableoutcomesdependingontheslightestvariationsinthenatureofaneventordisruption.Asindividualmovementsystemsbecomeincreasinglynetworked,interconnectedandinterdependent,smalldisruptionsandeventscancreateanevenhigherlevelofunpredictably.7Makingmattersworse,thetransmissionofdisruptionsaroundtheworldisoccurringataneverfasterpace.8
Countriestodayarenotaloneinfacingandinfluencingthechallengesandopportunitiesofcomplexinternetworkedglobalsystems.Fifty-oneofthetop100globaleconomiesarecompanies,300multinationalcorporationsaccountfor25percentoftotalglobalassets,andmorethan40percentoftotalworldtradeoccurswithincorporations.9
Individualshavealsogainednewprominenceonthegloballandscape.Asaresultofglobalizationandtechnology,individualactorscanintentionallycausedisruptionsandinflictdamageonamassivescalethatwaspreviouslythesoledomainofnation-states.TheSeptember11,2001terroristattacksundertakenonU.S.soilby19individualsatacostofapproximatelyUS$500,000causedanestimatedUS$80billionindamages.10TheattacksshutdowntheentireU.S.aviationsystem.Cascadingeffectsrippledaroundtheworld,affectingmanycountriesandindustries.11AsthenU.S.SecretaryofDefenseDonaldRumsfeldlamented,“Thecost-benefitratioisagainstus!Ourcostisbillionsagainsttheterrorists’costofmillions.”12
IBM Global Business ServicesPage 11
The9/11hijackersexploitedU.S.immigrationsystems,benefitedfrompoorinformationsharingwithintheU.S.governmentandusedourownairplanesasweaponsagainstourcentersoffinanceandgovernment.The9/11terroristattacksdrewtheworld’sattentiontothefollowing:
The efficiency, security and resilience of the global movement system are
integrally linked in today’s highly networked and interconnected global economy.
The drive to improve efficiency has made global movement systems more
vulnerable.
Much of the physical infrastructure in global movement systems is in poor
condition due to age, everyday wear and tear, deferred maintenance and
underinvestment in new capital projects.
The9/11attacksheightenedawarenessofthefactthatwhileglobalmovementsystemsarethelifebloodoftheglobaleconomy,theyalsopresentimportantvulernabilitiesandserveasapotentialpathwayforpathogensanddisruptions.
Security improvements and performance can work togetherBecausegreaterefficiencycanmakeglobalsystemsmorevulnerableandbrittle,manyobserversassumethattheconverseistrue:thatinvestmentsingreatersecurityandresilienceinevitablymustcomeattheexpenseofbusinessperformance.However,thisneednotbethecase.Thispaperexplainsthatimprovementsinsecurityandresiliencecanhelpimproveoveralleconomicperformance.Securityandcommercearenotinopposition.
Economicperformance,securityandresiliencearemutuallyreinforcinggoalsandcanbeachievedintandem.Inaddition,thispapersuggeststhatinanetworkedeconomy,businessleadersmustexpandtheframeoftheirinvestmentdecisionstogivegreaterweighttoconsiderationsbeyondtheirshort-termbottomlinesandbeyondthefourwallsoftheirorganizations.Companyexecutivesneedtogivegreaterconsiderationtotheirrolesinsupportingpublicgoodslikeresilience,stabilityandthebenefitsthatcomewitheconomicinterdependence.Thesameistrueforpublicsectorpolicymakers,whonowmustconsiderabroaderrangeofcommercialfactorsinrecognitionoftheprivatesector’sownershipofandinfluenceoverglobalmovementinfrastructure.Inshort,wemustlearntorealignourthinkingtoaddressthenetworkednatureoftheglobaleconomy.
•
•
•
IBM Global Business ServicesPage 1�
Thispaper,therefore,offersanewanalysisofthechallengesfacingcountries,corporationsandindividualsintoday’shighlyinterconnectedworld.Italsoproposesacomprehensiveframeworktoimprovetheperformance,securityandresilienceofglobalmovementsystems.
Key ideas Thekeyideaspresentedinthispaperfocuson21stcenturyrisk,intelligentimmunity,theGlobalMovementManagementanalyticalframework,strategichumancapital,leveraginguniquedataassetsandskillsthroughtechnology,andaddressingacriticalgovernancegap.Thesetopicsaresummarizedbelow.
21st century risk–Riskinthe21stcenturyisuniquebecause,forthefirsttime,individualactorsorindividualeventsposeviablestrategicthreatstointernationalsystems.Threatsareasymmetric.Smallgroupsofmaliciousactorscancreateglobalharmmanyordersofmagnitudegreaterthantheircostofoperations.Seeminglysmalllocaldisruptionscanpotentiallycascadeandbemagnifiedthroughtightlyinterconnectedsystemstocreatefar-reachingandmoreextensivedamagethanoftencanbepredicted.Andthistrendisforecasttocontinue.
Intelligent immunity –Wedevelopedanewapproachtoguidetheformationofpolicies,plansandimplementationeffortstoaddressterrorismandotherthreatstoglobaleconomicsystems.Wecallthisapproach“intelligentimmunity.”Thisapproachisdesignedtoaddresstheeconomicandsecurityrisksinglobalmovementsystems.Itseekstomakecriticaleconomicsystemsmoreresistanttodisruptionbyimprovingtheiroverallhealth.Commerce,securityandresilienceconstitutetheessentialelementsofahealthysystem.Achievingthisrequiresanintegratedandevolvingmixofpreemptive,preventive,preparatoryandresponsivemeasuresthatleveragehumancapital,technologyandgovernanceinnewways.
Theintelligentimmunityapproachfocusesnotonlyonmakingsystemsmoresecureagainstintentionalthreatsliketerrorism,butalsoonmakingthemmoreresilientinthefaceofvirtuallyallmannerofdisruptionsaswellasseekingtoimprovetheiroverallperformance.Intelligentimmunitysetsthestageforaholisticapproachtoimprovetheoverallhealthandwell-beingofglobalmovementsystemswhileavoidingactionsthatimpedecommerceandimpairdailyfunctioning.
IBM Global Business ServicesPage 1�
Global Movement Management framework–Aconsistentanalyticalframeworkisvaluabletobetterunderstandandassessthecomplicatedsystemsandsubsystemsthatcomprisetheglobalmovementsystem.Theanalyticalframeworkthroughwhichwecanunderstandhowtoachieveintelligentimmunityidentifiesfivekeyflows–people,goods,conveyances,moneyandinformation–asthelifebloodoftheglobaleconomy.
WebroadenanddeepenouroriginalGlobalMovementManagementframeworktoincludeboththephysicalandlogicalaspectsofeachflow.Weprovidearobustframeworkforanalyzingthecomplexglobalmovementsystemsthatmaketheseflowspossible,includingtheglobalaviationsystem,maritimecargoshipping,immigrationsystemsandtheInternet.Thesimpleyetpowerfulfoundationoftheframeworkisthateventhemostcomplexglobalsystemscanbereducedtotheircomponents,andthesystemsaremorealikethantheyaredissimilar.Focusingonsimilaritiescanprovidethemeanstoharmonizedecisions,investmentsandactivitiestoimproveperformance,securityandresilienceacrosstheboard.Theanalyticalframeworkcanbeavaluableaidtoguidethinkingandactionbygloballeaderstomanageriskinglobalmovementsystemsandachievecommongoals.
Astrategytoovercometheasymmetricriskposedbyterrorismandnaturaldisastersinthehighlynetworkedglobalmovementsystemshouldlinkthefullrangeofavailabletoolstoachievethesegoals.Ouranalysissuggeststhreemainopportunitiestoachieveintelligentimmunitythatinvolvenewstrategiesforpeople,technologyandgovernance.
Strategic human capital–Webelievethatindividualswithincompaniesandgovernmentsfaceincreasinglycomplexchoicesabouthowtoimproveperformanceandaddressrisk.Individualmanagersandemployeesfaceunprecedentedvolumesofinformation,newtechnologiesandcompetitivepressuresthatcomplicatetheirwork.Atthesametime,inanetworkedeconomy,decisionsmadeattheindividuallevelcanhaveincreasinglyglobalramifications.
Unfortunately,thecriticalroleofpeopleinmanagingriskandcomplexityinanetworkedenvironmentisoftenoverlooked.Fromthefrontofficetothefrontline,peoplemakeglobalmovementsystemswork.Wecallforanewstrategicapproachtohumancapitalthattransformstherelationshipbetweenindividualsandtheirorganizationsbyimprovingtrustandaccessatvirtuallyalllevels.This
IBM Global Business ServicesPage 1�
resultsinagreatersharedownershipofmissionandobjectivesandempowersindividualstomake“therightdecisionsattherighttime.”Thisapproach,adoptedbyindividualorganizationsintheglobalcommunity,willhelppromoteintelligentimmunityacrosstheentiresystem.
Strategichumancapitalrequiresleaderstoemployemergingtechniquesformanaginginanetworkedenvironment.Thesetechniquesincludeimprovedcollaboration,latitudetoreachacrossandoutsideorganizationalboundaries,investmentinorganizationaltransformation,newandmoreflexiblestructures,enhancedtechnologyand,aboveall,greatlyimprovedtrainingformanagerialandsupervisoryskillsacrosstheworkforce.Toaddressthesechallenges,werecommend:
Taking a strategic approach to front-line employees in global movement systems
Leading, organizing, training and equipping front-line employees for the new
tasks at hand
Engaging society on a more comprehensive basis in recognition of the new level
of personal responsibility that each user has for the system in a more connected
and interdependent world.
Thegoalofthiseffortistoenhancetheindividualemployee’sunderstandingofhisorherimportantroleinimprovingenterpriseperformanceandreducingrisk.Wearguethatasignificantinitiativeforinvestinginhumancapitalandestablishingstandardsforhumancapitaldevelopmentintheareasofsecurityandpreparednesswillmakecompaniesandgovernmentsbetterabletoprevent,withstandandrespondtodisruption.Increasedinvestmentsinthisapproachwillallowpeopletoassumehigher-orderresponsibilitiesandautomatetasksthatdonotrequirehumanintervention,furtherleveragingthetimethatfront-linepersonnelhavetofocusontheiruniquecontributiontothesafeandreliableoperationoftheglobalmovementsystem.Leveraging unique data assets and skills through technology–Thosewhohavemanagedandoperatedportionsoftheglobalmovementsystem—onthefrontlinesingovernmentorintheprivatesector—almostuniversallyagreethatweneedtochangehowweusetechnologytosimplifyworkprocessesandmakehumanactivitymoreeffective.Despitewidespreadrecognitionoftheimportanceofsharinginformation,companiesandgovernmentsarefailingtofully
•
•
•
IBM Global Business ServicesPage 1�
leveragenaturaladvantagesthattheypossessininformationandtechnologytostrategicallyaddressasymmetricriskinglobalmovementsystems.GlobalMovementManagementsetsforthavisionfordatacollaborationonasignificantscaletomakeiteasierforindividualstodotheirjobs,forcompaniestoimprovetheirperformanceandforsocietiestomaintaintheglobaleconomy.
Thispapersetsforthatechnologystrategyforglobalmovementsystemsthatincludesthreemajorcomponents:
Adoption of a “micro-macro” approach that unlocks currently trapped data to
achieve greater information granularity and that promotes greater information
federation/aggregation
Building the “connective tissue” needed to enable greater collaboration both
vertically between individuals and organizations, and horizontally among
organizations
Peer production that results from unlocking information and sharing it more
widely, helping to drive innovation to dramatically improve the performance,
security and resilience of global movement systems.
Insum:Unlocktrappedinformation,shareitbroadlyandcreatenewknowledgeandinnovation.
Wecanimprovetheuseoftechnologytoenableindividualstobemoreeffectiveintheirjobs,especiallywhentheyhavebeengiventhetrainingandauthoritytomakegooduseofit.Moreimportantly,wecanusetechnologyasastrategicadvantagebyleveragingourabilitytomanageinformationtowhichdangerouselementsdonothaveaccess–andtodosoonabroadscaleinordertoprevent,detectandinterdictmaliciousactivities.
Thesharingofcurrentlytrappeddatawillnotoccuruntiltoolsandservicesbecomeaffordableandwidelyavailablefordataharmonizationandinteroperability;permissioning,anonymizationandencryption;anddataaggregation,analysisandvisualization.Ifsuchtoolsbecomewidelyavailableandasignificantamountofcurrentlytrappeddatabecomesshared,theresultinggreaterawarenessofglobalsystemswillhelpenablecompaniestoimproveeconomicperformancebyidentifyingopportunitiesforimprovementsincriticaleconomicflows.Inaddition,thissameactionwillhelpimprovesecuritybymakingiteasiertoidentifyvulnerabilitiesandtospotanomalies.Italsowill
•
•
•
IBM Global Business ServicesPage 1�
helpimproveresiliencebyenablingcompaniesandgovernmentstoisolatedisturbances,avoidoverreactingtodisruptions,andrestartoperationsmorequicklyafteranevent.
Finally,weassertthatgreaterenterprisevisibilitycanhelppartnersandcompetitorsidentifymutuallybeneficialbestpractices.Upstreamcompaniescanbebetterequippedtoprovidewarningsofsupplyshortagesorotherdisruptionsbeforetheyaffectdownstreampartners.Downstreamcompaniescanprovideearlywarningsaboutdemandordeliverydisruptionstothoseupstream.Companiescanbenefitfromgreatercommunicationwithgovernmentandlawenforcementofficialsaboutintentionalthreats.Governmentscanaugmentcounterterrorismeffortswithmoreaccessiblecommercialdatawhilealsoprovidingahigherdegreeofprotectionforprivacyandcivillibertiesthaniscurrentlythecase.Byfreeinguptrappeddataandsharinggreatervolumesofinformation,companiesandgovernmentscantakeadvantageofopen-sourcetechniquesor“peerproduction”todriveinnovationandhelpmakeglobalsystemsmoreefficient,resilientandsecure.
Addressing the governance gap–Governanceisthecollectionofinstitutions,rules,standards,norms,decisionrights,practicesandprocessesthatadminister,coordinateand/ordirectactivitywithinasystemorenterprise.Governanceforglobalmovementsystemsisthemeansbywhichadiverseandinterdependentcommunityofglobalstakeholderspursuesimprovementstotheperformanceofglobalmovementsystems.Governanceofthosesystemstodayischaracterizedbythelackofacoordinatedapproachthatisnecessarytoaddressnetworkedrisk.Wecallthisthe“governancegap.”
Tobridgethisgap,participantsintheglobalmovementsystemsneedtoembraceamorecomprehensivesetoffactorstounderstandtheactualrisks,costsandbenefitsthataccruetoanorganizationinanetworkedenvironment.Moreover,participantsneedameansbywhichtoorganizetheireffortstoaddresstheserisks,costsandbenefits.Ourresearchshowsthatorganizationshavesuccessfullymetthechallengesoforganizingeffortsacrossnationalboundariesintheglobalmovementsystembefore–forexample,forinternationalmaritimecargoandfortheInternet.Thesesuccessstoriesprovideamodelforestablishinganewglobalmovementsystemgovernanceframework.
IBM Global Business ServicesPage 1�
Therefore,wecallforthecreationofaGlobalMovementManagementOrganization(GMMO)basedonkeyattributesofthesemodelsforsuccess.Weenvisionanewinternationalentitytofillthegovernancegapthatpresentlylimitstheeffectivenessofinternationalefforts.TheGMMOcanservetobringtogetherkeystakeholderswithasharedinterestinstrengtheningglobalmovementsystemsandprovideaneffectiveforumandprocesstoenablecooperationamongregional,nationalandsector-specificstakeholders.
TheGMMOcanleverageexistinginternationalorganizationsthroughdedicatedandvisionaryleadershiptofacilitatethreeimportantactivities.First,itcanalignsecurityandresiliencewithcommercialimperativesinglobalmovementsystems.Second,itcanimproveinternationalcooperationandharmonizationamongpublicandprivatestakeholderstostrengthenglobalmovementsystems.Third,itcanintegratesecurityandresilienceinadeliberateefforttoharmonizeriskmanagementactivitiesgloballyandtoenfranchiselessdevelopedeconomicactorsthroughanumberofincentivizingmechanisms,includinggrants,loans,servicesandtraining.
Furthermore,aswestudiedtheroleofpeople,technologyandgovernanceintheglobalmovementsystem,severalprinciplesthatsupportthisGMMOapproachemerged:aligningwithmarketincentives,layeringhorizontalandverticalapproachestoimprovesecurity,andplacingusefulinformationinthehandsoffront-lineemployeeswhilehelpingtoensurethattheyhavethetrainingandauthoritytoact.Improvedinformationsharingwillrequiregreaterstandardizationoftechnologies,toolsandprotocols.Privacyandotherdataprotectionsmustbeaddressedatthearchitectureanddesignlayer.Finally,mechanismsandmetricstomeasure,assessandoptimizepoliciesandprogramsarerequiredtohelpmakeefficiency,securityandresilienceinitiativeswork.
Insummary,theperformance,securityandresilienceofglobalmovementsystemshavealwaysbeendeeplyintertwined.September11providedacatalysttoinvestinsecurity,but,toooften,securityinitiativeshavebeenviewedasbeingatoddswithcommerce.Thispapersupportstheideathatcommerce,securityandresiliencearemutuallyreinforcingobjectives.Importantly,weproposeastrategythatemploysassetsthatwehave,andtheterroristsdonot.Theseincludelargenumbersofdedicatedpeople,thebetteruseoftechnologytounlocktrappedcommercialdataanddramaticallyimproveinformationsharingand
IBM Global Business ServicesPage 1�
theformationofinternationalorganizationstoleveragethecombinedweightofgovernments,non-governmentalorganizationsandcorporationsaroundtheworld.Thisstrategywillhelptocountertheasymmetricriskposedbyterroristsandmanagetheunpredictableconsequencesofunintentionaldisruptions.Theideasandrecommendationsinthispaper–promotingintelligentimmunityasameanstomanage21st-centuryrisk,applyingaglobalmovementmanagementframework,strengtheninghumancapital,makingbetteruseoftechnologyandcreatinganewinternationalgovernanceorganization–provideastartingpointforstakeholdersacrossvirtuallyallsectorstohelpbuildmoreefficient,secureandresilientglobalmovementsystems.
IBM Global Business ServicesPage 1�
I. The unique character of risk in the 21st century
Risktodayischaracterizedbytheriseoftheindividualaswellastheriseofsmallgroupsasstrategicthreatsandthespeedandunpredictabilitywithwhichtheharmfuleffectsofdisruptionsinonepartoftheworldcanspreadtoothercompanies,sectorsandcountries.Harmgeneratedbysmallfactionsatlowcostcantransmitquicklythroughhighlynetworkedglobaleconomicsystemsandmagnifyintounexpectedandexponentiallylargerdamage.Neverbeforehavetherisksfacingtheglobaleconomyandinternationalcommunitybeenmorecomplexandintertwined.
Historically,stateshavebeenviewedasthekeyplayersintheinternationaleconomicandpoliticalsystem.Statescontrolledterritoriesandarmies.Theyactedasagentsrepresentingtheirsocietiesontheworldstage.Otherthandiseaseandnaturaldisasters,stateswereuniquelycapableofinflictingdamagetoothercountriesanddisruptingtheinternationalsystem.Untiltheearly20thcentury,regionalwars,naturaldisastersanddiseaseposedthelargest-scaleriskstotheinternationalsystem.ThetwoWorldWarswere,inreality,less“world”warsthanextensionsofconflictsbetweenregionalpowers.ThethreatofnuclearwarbetweentheUnitedStatesandtheSovietUnionformostofthelatterhalfofthe20thcenturymaderisktrulyglobalforthefirsttime.
Startinginthe1950sand1960s,scholarsandacademicsbeganacknowledgingtheincreasingimportanceofnon-stateactorssuchasinternationalorganizationsandmultinationalcorporationstotheinternationalsystem.Bythe1990s,withtheendoftheColdWar,concernsoverglobalriskshiftedtocross-cuttingissues–theenvironment,poverty,HIV/AIDS,drugtrafficking,weaponsproliferation–thattranscendedcountry-to-countryorevenregion-to-regionsolutions.
Asymmetric riskTheterroristattacksof9/11focusedattentiononanewformofriskinthe21stcentury:asymmetricrisk.The9/11attacksdemonstratedthatindividualsorsmallgroupsofactorswithmaliciousintentcouldintentionallyexploitorattackglobalmovementsystemsandcreatemuchmoreextensiveandwidespreaddamagetothebroaderglobaleconomy.Tobesure,theriskposedbyindividualmaliciousactorsorlocalizedeventscausingmuchwidersystemicharmhadbeenontherisefor
IBM Global Business ServicesPage �0
sometimeduetoglobalization.(Seethesidebar,“Examplesofasymmetricrisk.”)But9/11sharpenedattentiononasymmetricriskbecauseoftheboldnessoftheattack,thelowcostandsmallnumberofactorsinvolved,theintentionalnatureofthedisruptionandtheglobalrepercussionsoftheevent.
Theriseofindividual(orsmallgroupsof)actorsandindividualeventsasviablestrategicthreatstointernationalsystemsistheuniquechallengeofthe21stcentury.(SeeFigure1.)ThisisthedarksideofMetcalfe’slaw,whichstatesthatthepowerofanetworkincreasesbythesquareofthenumberofusers.13Ifgreaterconnectivitymakesnetworksmorepowerful,itisalsotheAchilles’heelofnetworkedglobalsystems.Inmanycases,thischallengehasoutstrippedtheabilityoftraditionalhierarchicalorganizationstorespondeffectively.Thisimpliestheneedforanewcomprehensiveandcoordinatedapproachandglobalguidanceforchange.
Figure 1. Asymmetric risk compared to traditional risk.
Source: IBM Global Business Services.
Arecentstudyofsupplychaindisruptionscoveringtenyearsand861firmsprovidesaquickmeasureofthemassiveimpactofevensmalldisruptionslikeproductionorshippingdelays.Afterannouncementofdisruptions,companies,onaverage,sufferedlossesinstockvaluationofninepercent,orroughlyUS$130millionperincident,withacumulativecostofUS$112billion.14
Low
High
Few ManyNumber of Actors or Size of Force
Leve
l of R
isk
Pos
ed to
Soc
iety
by
Inte
ntio
nal A
cts
Traditional Risk
21st CenturyAsymmetrical Risk
IBM Global Business ServicesPage �1
Examples of asymmetric risk
Internet–In1999alonelycomputerprogrammerinNewJerseynamedane-mailvirusafteranexoticdancerandposteditmoreasan“actofgraffiti”thananintentionalactofdestruction.TheMelissaviruswasthefirstincidentofitskindonthecommercialInternetandinflictedanestimatedUS$300-600milliondollarsindamages,shuttingdownapproximately10-25oftheFortune500companies,withanadditional250disconnectingfromtheInternetasaprecaution.15In2000,acollegestudentinthePhilippinesauthoredtheILoveYoucomputerworm,whichpropagatedviapeople’semailcontactsinMicrosoft®Outlook®Contactslist.ResultingdamageswereestimatedatUS$5billion.16
Finance–In1992SingaporeantraderNickLeesonmadeaseriesofsuccessfulspeculativetradesthataccountedfor10percentoftheannualprofitsforhisemployer,BaringsBank–thentheoldestmerchantbankingcompanyinLondon.Afterhisinitialsuccesses,Leesonbeganmakingriskierandriskiertrades,incurringheavierandheavierlosses,whichhehidfromhisemployer.By1995,hehadincurredUS$1.4billioninlosses,resultinginBaringsBank’scollapse.17
In1998theFederalReserveBankhadtoorchestrateaUS$3.6billionbail-outfortheLongTermCapitalManagement(LTCM)hedgefundinordertopreventawidercollapseinfinancialmarkets.LTCMwasfoundedbyaformervicechairmanofSalomonBrothers,anditsboardmembersincludedtheNobel-laureateeconomistswhohadinventedthetechniquesforvaluingfinancialderivatives.Atthebeginningof1998,LTCMhadUS$5billioninequityassets,US$124billionindebtandUS$1.25trillionofoff-balancesheetderivativepositions,mostofwhichwereininterestratederivatives.18Inmid-1998Russiadefaultedonitsdebt,whichthrewglobalfinancialmarketsintoturmoilandjeopardizedmostofLTCM’spositions.Thefirmwaslosinghundredsofmillionsofdollarsinvalueperdayandwithinmonthslostnearlyallofitsequityvalue.FearingthatthefailureofLTCMcouldtriggerawidercollapseinglobalfinancialmarkets,theFederalReserveBankofNewYorkorganizedaUS$3.6billionbail-outbyLTCM’smajorcreditors.19
Oil and gas–Inthesummerof2004aninsurgentgroupattackedasouthernsectionoftheIraqioilpipelineinfrastructure.WhiletheattackcostthegroupanestimatedUS$2,000toorganizeandcarryout(andnoneoftheattackerswerekilledorcapturedduringtheattack),IraqiofficialsestimatedlostrevenuetoexceedUS$500million,arateofreturnfortheattackersofapproximately250,000percent.20
InFebruary2006therebelgroupMovementfortheEmancipationoftheNigerDeltaattackedtheloadingdockofmajoroilexportplatformsintheNigeriandeltaregion.Theattackcostnomorethanafewthousanddollars,andagaintherewerenocasualties.CompaniesaffectedestimatedtheirlostrevenuetobearoundUS$50million,arateofreturnfortheattackersofapproximately25,000percent.21
Maritime trade–InSeptember2002,U.S.WestCoastseaportsexperienceda10-daylockoutresultingfromalabordisputebetweenthelongshoremenandportowners.Thelockouthaltedtheflowofcontainersat29ports,whichnormallyprocessed30containersaminute,24hoursaday,worthUS$320billionperyear.Withindays,anumberofautomanufacturingplantshadtocloseforlackofparts,toyandclothingretailersexperienceddisruptionsthataffectedtheirholidaysales,producemanufacturersandfarmerslostmillionsofdollarsasfooditemsspoiled,U.S.railroadsbackedup,andShanghaistoppedallshipmentstotheUnitedStatesuntilbackloggedshipsandcontainerscouldstart
IBM Global Business ServicesPage ��
comingback.Asthelockoutprogressed,theimpactontheU.S.economyrosefromUS$1billionperdaytoUS$2billionperday.Ifthedisruptionhadcontinued,damagewasestimatedatUS$3billionperday,ornearly10percentoftheU.S.GrossDomesticProduct(GDP).Intheend,thetotalcostofthedisruptionwasUS$10-20billion.Alabordisputeinvolving10,500workershadthreatenedthejobsof4millionU.S.workers.Ittookmonthstofullyrecoverfromtheeffectsofthelockout.22
Manufacturing–PhilipsNV,aDutchproviderofsiliconchips,sufferedasmallbutdamagingfireataU.S.plantin2000.Philipsreestablishedproductionrelativelyquickly,butthedisruptionstillledtoaUS$40millionlossthatyear.AlargeEuropeanmobilephonemanufacturerreliedonPhilipschipsasanessentialcomponentfortheirmobilehandsets.BecausethecompanywasslowtorecognizetheimplicationsofthePhilipsfire,itsresponsewasdelayed,andnosourceforreplacementchipscouldbefoundinatimelymanner.AseeminglysmalleventatanothercompanyandonanothercontinentcontributedtothehandsetmanufacturerreportingafinanciallossofUS$2.34billionthatyear.23
Electric grid–InSeptember2003,stormsdamagedapowerlinethatsuppliedelectricitytoItalyfromSwitzerland.ThesuddenincreaseindemandtootherpowerlinescausedaseriesofcascadingfailuresthatcutoffelectricalpowertoItalyfromFranceandSwitzerland.Theresultingblackoutaffected56millionpeopleinItalyandSwitzerlandforuptoninehours.ThroughoutItaly,allflightsand110trainswerecancelled,with30,000peoplestrandedonboard.24
Inadditiontotheabilityofindividualmaliciousactorsoreventstocreatesignificantasymmetricrisk,riskhasbecomemorechallengingduetootherfactorsaswell.First,thenetworkednatureoftheglobaleconomymeansthatdisruptionsaredifficulttoisolate.Second,disruptionsmovethroughsystemswithmuchgreaterspeed.Third,thecomplexityofrelationshipswithinglobalnetworksmakesitdifficulttopredictthenatureandextentofdisruptionthatmighteventuallyoccur.Moderncomplexsystems,knownbytheirefficiency,interdependence,ever-decreasinglatencyanddecliningavailabilityofspareinventoryorcapacity,cancreatehighlyunpredictableeffectsthatcantransmitandmagnifywhatstartedoutaslocalizeddisruptions.
Thesechallengesarethenaturalresultofthenetworkednatureandsheercomplexityofthemodernglobaleconomy.Theeffectsarewelldescribedbychaostheory.Accordingtochaostheory,evenrelativelysimplesystemsthatobeyknownrulesandbehaviorsdisplayunpredictableoutcomesdependingontheslightestvariationsinthenatureofaneventordisruption.Asindividualmovementsystemsbecomeincreasinglynetworked,interconnectedandinterdependent,smalldisruptionsandeventscreateanevenhigherlevelofunpredictability.25
IBM Global Business ServicesPage ��
Types of risks facing global movement systemsMuchofthedamagefromadisruptioncanoccurasaresultofindirectcascadingeffectsorunintentionalself-inflicteddamageduetooverreaction.Cascadingeffectscomprisetheindirectdisruptionsthatoccurbeyondtheoriginaltargetorpointofdisruption.Cascadingeffectsimpactothersectorsandeconomicassetsbecauseofthelinksbetweenthoseassetsandtheoriginallyaffectedfacilityororganization.26Unintentionalself-inflicteddamagecanunnecessarilyexacerbateorevencausenewdisruptionsifcompaniesandgovernmentsoverreactorreactpoorlytodisruptions.Thelikelihoodofunintentionalself-inflicteddamageisgreatertodaythaninthepast.Governmentandprivatesectorleadersandemployeesfaceevergreatercomplexity,requiringthemtohavegreaterlevelsoftechnicalexpertiseandknowledgethaneverbefore.Inaddition,theacceleratedspeedwithwhichdisruptionsmovethroughsystemsrequiresemployeestoprocessmoreinformationfasterandtomakegooddecisionsquickly.Lackofsufficientknowledgeaboutthenature,causeandsourceofadisruptioncanmakeithardertoisolateadisruptionandcould,forexample,leaddecisionmakerstoshutdownentiresystemsordelaythereopeningoffacilities.Inshort,pointriskinnetworkedsystemscanquicklythreatentobecomesectorrisk,whichcanquicklycascadetoothersectorstobecomecontagionrisk.
Globalmovementsystemsposeothertypesofriskaswell.(Seethesidebar,“Seventypesofriskstoglobalmovementsystems.”)Globalmovementsystemscanserveasanenablerformaliciousactors(e.g.,InternetvirusesandwormsandtheuseoftheInternetasanoperationaltoolbyterrorists).Theycanserveasavectorforweaponsofmassdestruction(e.g.,cargoshippingcontainers)orawayforterroristsorotherdangerstoenteracountry(e.g.,immigration,airtravel,thefoodsupply).Someindividualsectorsarehighlyvulnerabletoterrorismbecausetheyprovideamass-casualtytarget(e.g.,masstransit,touristhubs)orbecauseakeycomponentcouldbeturnedintoaweapon(e.g.,airplanes,railcarscarryingpoisonouschemicals,gasolinetankertrucks).Invirtuallyallsectors,disruptionswillcauseeconomicdamage.
Reducingcascadingeffectsandunintentionalself-inflicteddamageisanessentialcomponenttomanagingriskinthe21stcentury.27Itisclearthatbettercommunications,betterrealtimedatavisibilityandawarenessofsystems,clearerprotocolsforisolatingeventsandwell-rehearsedplaybooksforrestartingsystemsafterdisruptionswouldgofartoreducethedamagethatsocieties
IBM Global Business ServicesPage ��
mightunintentionallyinflictuponthemselvesowingtoinsufficientinformationorinsufficientplanning.However,thefirststeptoimprovingtheoverallperformance,securityandresilienceoftheglobalmovementsystemissimplytothinkdifferentlyaboutrisktoglobalmovementsystems.
Seven types of risks to global movement systems
Wehaveidentifiedseventypesofrisksposedbyglobalmovementsystems:
Enabling agents–TheInternetandotherglobalcommunicationsnetworkshaveenabledterroristgroupstobecomesignificantlymoreeffectiveatrecruiting,organizing,trainingandplanningaroundtheglobe.28AccordingtoseniorEgyptiancounterterrorismofficials,nearlyalloftheindividualsinvolvedinninesignificantterroristconspiraciesinEgyptoverthelasttwoyearswererecruitedandtrainedovertheInternet.29Saudiofficialsestimatethat80percentofterroristrecruitmenttakesplaceontheInternet.30
Systems as vectors –Certainglobalsystems,includingimmigration,maritimecargoshipping,aviationandthefoodsupply,havethepotentialtoserveasavectortoconveyterrorists,weaponsorotherthreatsintothemidstofsocieties.Toaddressthethreatofterroristentry,immigrationpoliciesinanumberofcountries,includingtheUnitedStates,Australia,FranceandtheUnitedKingdom,amongothers,havebeentightened,withincreasedcredentialrequirementsforforeigncitizensseekingentry.31Publicofficialsfearthattheglobalmaritimeshippingsystemmightserveasameansforterroriststodeliverweaponsofmassdestruction(WMD)intotheUnitedStates.Inthecaseofinfectiousdisease,itisfearedthattheaviationsystemcouldhelpspeedthespreadofnewinfectiousdiseases,causingaglobalpandemic.32Thiswasevidentwhencasesofavianfluin1997arousedfearsaboutanH5N1pandemic,andin2007whenanAmericanwithadrug-resistantstrainoftuberculosisignoredordersnottotravelandslippedthroughtheglobalaviationsystemeventhoughhehadbeenplacedonno-flylistsbyhomelandsecurityofficials.33Finally,theriskofglobaleconomicsystemsactingasavectorfordangerousitemswasagainmadeclearin2007whenachemicalusedinChinatomakeplasticsandfertilizerwasaddedtowheat,riceandcornproductsusedintheUnitedStatesandSouthAfricatomanufacturepetfood,leadingtothedeathofscoresofanimalsandthecontaminationofsomehumanfoodproducts.34
IBM Global Business ServicesPage ��
Mass casualty targets–Masstransitvenueshavebeenafavoritetargetofterroristsfordecades.ThinkoftheIRA’sterroristcampaigninthe1970s,suicidebombersinIsraelsinceOctober2000,the1995sarinattacksontheTokyosubway,andthe2004,2005and2006attacksinSpain,LondonandMumbai,respectively.35Transittargetspresentconcentratedpopulationswithinsmallspaces.Atthesametime,the“open”abilityofthepublictoenterandexittransitsystemseasilyalsomakesthemdifficulttodefend.Similarly,touristvenueswithalargegroupsofpeopleinacontainedspacepresentattractivetargets,asevidencedbytheBalinightclubbombingsin2002.
Weaponization–Partsofvariousmovementsystemscanthemselvesbeexploitedasweapons.The9/11hijackersturnedairplanesintomissiles.Therehasalsobeenagrowingfearthatfacilities,trucksorrailcarscontainingchemicals,oilandgas,andnuclearmaterialscouldbetransformedintobombs,incendiariesorchemicalorradiologicalweapons.TheeffectsoftheBhopaldisasterinIndiain1984,thegenerallylowsecurityaroundchemicalfacilitiesandtransport,andtheuseofchlorinetankersaschemicalbombsbyIraqiinsurgentsin2006-2007makehazardouschemicalsaparticularworry.36
Economic sabotage–Terroristshavemadeaconcertedefforttotargeteconomicsystemstoinflictmasseconomiceffectsaswellascasualties.In2002,OsamabinLadendeclaredthatthealQaedaattackswould“fill[our]heartswithterrorandtarget[our]economiclifeline.”37TheBalibombingscrippledIndonesiantourismforseveralyearsafterwards.TerroristssoughttoattacktheAbqaiqoilrefineryinSaudiArabiain2006.ExpertswarnthatIraqhasbecomea“graduateschool”forterroriststotrainandhonetheirtechniquesagainstcriticalinfrastructuretargets,andtrendsareworrying.38Terroristgroupshave,withincreasingfrequencyandsophistication,targetedoilandgas,chemical,electricandwatertransportandfacilities.When,andas,theseoperativesreturnhomeanddispersearoundtheglobe,theirexpertisewillposeasignificantthreattoeconomicinfrastructuretargetsformanyyearstocome.
Cascading effects–Cascadingeffectscomprisetheindirectdisruptionsthatoccurbeyondtheoriginaltargetorpointofdisruption.Cascadingeffectsimpactothersectorsandothereconomicassetsbecauseofthelinksbetweenthoseassetsandtheoriginallyaffectedfacilityororganization.Theelectricgridprovidesapowerfulexampleofcascadingeffectsthatwouldemanatefromasustained
IBM Global Business ServicesPage ��
andwidespreaddisruption.AsPaulGilbert,ChairmanofthePanelonEnergyFacilities,CitiesandFixedInfrastructure,saidin2003intestimonybeforetheHouseSelectCommitteeonHomelandSecurity:
“Becauseourcriticalinfrastructureissocompletelyintegrated,withthepoweroutforevenadayortwo,bothfoodandwatersupplysoonfail.Transportationsystemswouldbeatastandstill.Wastewatercouldnotbepumpedawayandsowouldbecomeahealthproblem.Intimenaturalgaspressurewoulddeclineandsomewouldlosegasaltogether.Nightswouldbeverydarkandcommunicationswouldbespottyornon-existent.Storagebatterieswouldhavebeenlonggonefromthestoresifanystoreswereopen.Work,jobs,employment,businessandproductionwouldbestopped.Oureconomywouldtakeamajorhit.Allinallourcitieswouldnotbeveryniceplacestobe.Somelocalpowergridswouldgetbackupandsotherewouldbeislandsoflightinthedarkness.Havesandhave-notswouldgetinvolved.Itwouldnotbeaverysafeplacetobeeither.Martiallawwouldlikelyfollowalongwithemergencyfoodandwatersupplyrelief.Wewouldrallyandfindwaystogetbywhilethesystemisbeingrepaired.Intime,thepowerwillstarttocomeback.Tentativelyatfirst,withrollingblackoutsandthenwithallitsglory.Severalweekstomonthshavepassed,andthecleanupwouldbegin.”39
Unintentional self-inflicted damage–Finally,oneofthemajorrisksintoday’sglobaleconomyistheriskthatsocieties,governmentsandeconomicsectorscanharmthemselvesbyoverreactingorreactingpoorlytocertaindisruptions.Lackofsufficientknowledgeaboutthenature,causeandsourceofadisruptioncanmakeithardertoisolateadisruptionandcouldleaddecisionmakerstoshutdownentiresystemsordelayreopeningoffacilities.Whilecertainlyjustifiableinmanycases–on9/11,forexample,thedecisionwasmadetoshutdowntheentireU.S.aviationsystem–itisclearthatbettercommunications,betteraccesstorealtimedataandvisibilityintosystems,clearerprotocolsforisolatingevents,andplaybooksforrestartingsystemsafterdisruptions,wouldgofartoreducethedamagethatsocietiesunintentionallyinflictonthemselvesowingtoalackofsufficientinformationorlackofrecoveryproceduresinplace.Reducingself-inflicteddamageisanessentialcomponenttoimprovingtheresilienceofglobaleconomicsystems.40
IBM Global Business ServicesPage ��
II. Intelligent immunity: A new approach to address global risk
Anewapproachisrequiredtoguidetheformationofpolicies,plansandimplementationeffortstoaddressterrorismandotherthreatstoglobaleconomicsystems.Thisapproachwouldaddressterrorismwithinthecontextofglobalizationandwithrecognitionofthediverserangeofstakeholdersinglobalmovementsystems.Itwouldaddressthethreatofterrorismbutrecognizethatoverreactingtothreatsorfailingtousethefullrangeoftools–economic,socialandpolitical,aswellasmilitary–couldverywellposeunacceptablecostsonthecriticalflowsofgoods,services,moneyandinformationuponwhichtheworldrelies.AdmiralJamesLoy,theformerU.S.DeputySecretaryforHomelandSecurityandCommandantoftheU.S.CoastGuard,haspubliclycalledfortheneedtodevelopjustsuchanewandunifyingapproach.41
Weintroduce“intelligentimmunity”astheconstructneededtocoalescestrategicthinkingabouthowtocounterasymmetricthreats.Intelligentimmunityalsoisdesignedtoaddressthenetworkednatureofeconomicandsecurityriskinglobalmovementsystems.Thisconstructseekstofosterdiscussionandinsightthatleadstostrategiesthatwillmakecriticaleconomicsystemsmoreresistanttodisruptionbyimprovingtheiroverallhealth.Commerce,securityandresiliencearemutuallyreinforcing,andtheyconstitutetheessentialelementsofahealthysystem.
Achievingthisrequiresanintegratedandevolvingmixofpreemptive,preventive,preparatoryandresponsivemeasuresthatleveragehumancapital,technologyandgovernance.
IBM Global Business ServicesPage ��
Asanexample,thinkofthehumanbodywithitsselectiveanddiscriminatingreactiontodisease.Ingeneral,mostpeopledonotspendalltheirtimeworryingaboutfallingill.Instead,theyundertakecertainbasichabitstomaintainandimprovetheirhealthandlettheirimmunesystemsdotherest.Immunityinthehumanbodyservesahomeostaticpurpose–generallypreventingdiseaseand,whenrequired,returningtoasteadystateofhealthinresponsetoattackandwithoutharmingnormalsystems.Thisimmuno-responsegenerallydoesnotinterferewithnormalfunctioning.Theimmunesystemusesthecirculatoryandothersystemsofthehumanbodyinacoordinatedfashiontoaddressthebody’sconstantencounterswithpathogens,employinganetworkofcentralregulators(majororgansinthebody)andadecentralizedsystemofsignals(neurotransmitters)thatdetectandtheninterdictpathogenswithwhitebloodcells.Whenabodyisfunctioningnormally,itrespondstothreatsandproblemswithoutjeopardizingitself.Itmaintainsitsowninternalstabilityowingtothecoordinatedresponseofitsparts.
Applyingtheimmunityanalogytotheglobaleconomy,globalmovementsystemsareakintothebody’scirculatorysystem.Maliciousactorsorindividualdisruptionscanbeequatedtopathogens,diseaseorinjury.Centralregulatorsincludetraditionalhierarchicalorganizationslikecompanies,governmentsandinternationalorganizations.Decentralizedregulatorsencompassthecollectionofrules,normsandpatterns,aswellascommunicationsthatdefinemarketsandconditionbehavioralpatternsandactivityattheindividualandlocallevel.Theintelligentimmunityapproachfocusesnotonlyonhelpingtomakesystemsmoresecureagainstintentionalthreatsliketerrorism,butalsoonmakingthemmoreresilientinthefaceofvirtuallyallmannerofdisruptionsandseekingtoimprovetheiroverallperformance.Intelligentimmunitysetsthestageforaholisticapproachtoimprovetheoverallhealthandwell-beingofglobalmovementsystemswhileavoidingactionsthatimpedegrowthandeverydaycommerce.
Adoptinganapproachofintelligentimmunitytoglobalmovementsystemscanhelpsocietyreduceriskinawaythatdoesnotjeopardizethenormalfunctioningofcriticaleconomicflows.Wemaintainhealthandadoptpatternsthatadjustto21stcenturyriskswithoutdestroyingthethingswemostwanttopreserveandthatcomprisethefabricofoursociety.
IBM Global Business ServicesPage ��
Anintelligentimmunityapproachcanalsohelpsocietyreducetheamountofanxietyitsuffersaboutterrorism.Constantwarninganddiscussionmayhavecreatedanenvironmentwhereperceivedriskisgreaterthanrealrisk.Fearitselfisadesiredoutcomeofterrorismbecauseitdrainsenergyandresourcesanderodesthesocialcohesionofthoselivinginfear.Societyneedstobeaware,vigilantandpreparedforterrorismandotherdisruptions,butitneednotsacrificeitsvalues,prosperityandwell-beinginthenameofsecurity.
Furthermore,thisapproachhelpstodescribetheconvergenceoflogicalandphysicalsecurityintheglobalmovementsystem.Theimmunesystemcomprisesanumberofsystemssimultaneously:physicalsystemsofblood,veinsandarteries;chemicalsystemsofhormonesandotherneurotransmitters;andpsychologicalandneuromuscularsystemswherefeelingsoffeartransformfromelectricalsignalstochemicalreactionstophysicalaction,withspeed,coordinationandprecision.Analogously,virtuallyallactivityintheglobalmovementsysteminvolvesthemovementofphysicalandvirtualobjectsaswellasthecreationanddissolutionofassociatedinformation–thedataandmetadatathatenableustomanagetheglobaleconomy.
Mostimportant,anintelligentimmunityapproachtomanagingriskforglobalmovementsystemshasthebenefitoftreatingcommerceandsecurityascomplementaryaspectsofanintegratedeffort,ortwohalvesofawhole.Manykeydecisionmakersoftenviewcommerceandsecurityinopposition.Anintelligentimmunityapproachallowscommerceandsecuritytocomplementeachotherinthesamesystem;thatis,tobeconsideredasmutuallyreinforcingobjectiveswithinacomprehensiveframework.Inotherwords,bettersecurityandresiliencecanimprovebusinessperformance;improvementsincorebusinessoperationscanimprovesecurityandresilience.
IBM Global Business ServicesPage �0
Tohelpbuildintelligentimmunityinglobalmovementsystems,IBMhasdevelopedaGlobalMovementManagementanalyticalframework.Itcanbeusedtodescribeandanalyzeanymovementsystemasaseriesofcomponentsandtorevealfunctionalcommonalitiesacrosssystemssoastoachievegreaterenterprisevisibilityandprovidestrategicguidanceforaction.TheGlobalMovementManagementanalyticalframeworkcanassistpolicymakersaswellasownersandoperatorsofglobalmovementsystemstoachieveperformancegainsandsecuritybenefitsconcurrently,thusincreasingtheintelligentimmunityofcriticalsystemsagainstmaliciousandunintentionaldisruptions.
IBM Global Business ServicesPage �1
III. Applying a Global Movement Management framework
Toaddresseconomicandsecurityriskinglobalmovementsystems,anintelligentimmunityapproach–fromthemultinationallevelthroughtotheindividuallevel–requiresanintegratedandevolvingmixofpreparatory,preventive,preemptiveandresponsivemeasures.Understandinghowbesttoemploythatmixdependsonunderstandingthewaysinwhichtheglobalmovementofpeople,cargo,conveyances,moneyandinformationareinterrelated.
InIBM’spreviouspaper,“GlobalMovementManagement:SecuringtheGlobalEconomy,”publishedin2005,IBMpresentedaframeworkthatorganizedglobalmovementsystemsintofivekeyflowsandasetofcriticalfunctionscommontoeach.42Buildingonthatwork,wedecidedtotestthisframeworkfromanumberofdifferentperspectiveswithleadersfromIBM’ssupplychain,strategyandchange,andhumancapitalmanagementpractices,aswellasoutsideexperts.Theseconsultationshelpedtoshapeamoredetailedandrefinedframeworkbasedonacomponentsystemanalysisofglobalmovementsystems(seeFigure2).Whiletheworld’scriticalmovementsystemsarehighlycomplex,theycanbebrokendownintotheircomponentsandanalyzedtoprovidepowerfulinsightsintohowtomakethemmoreefficient,secureandresilient.
IBM Global Business ServicesPage ��
Figure 2. Global Movement Management uses a component system analysis.
Source: IBM Global Business Services.
Elements of the Global Movement Management frameworkTheGlobalMovementManagementframeworkusesacomponentsystemanalysisthatcanbeappliedtoanyindividualglobalmovementsystem(e.g.,immigration,aviation,masstransit,theInternet,etc.)tohelpidentifyitscoreoperationalaspectsaswellasstrengths,weaknesses,opportunitiesandthreats.TheGlobalMovementManagementanalyticalframework(illustratedinFigure3)comprises:
Five key objects of value
Five questions
Five chains of movement
Five traditional security functions
Five emerging security functions.
•
•
•
•
•
IBM Global Business ServicesPage ��
End
Use
Tran
spor
t 1
Contr
ol Po
int
Orig
in/
Prod
uctio
nTr
ansp
ort 1
+nDe
stin
atio
n(p
ort,
airp
ort,
war
ehou
se)
Dist
ribut
ion
(”la
st m
ile”)
Contr
ol Po
intCo
ntrol
Point
Contr
ol Po
int
Time/
Spac
e
Contr
ol Po
int
Tech
nolo
gy
Stra
tegi
c Hu
man
Cap
ital
Gove
rnan
ce
Faci
lity
Secu
rity
Conv
eyan
ce S
ecur
ityId
entit
y, Cr
eden
tialin
g &
Pro
vena
nce
Scre
enin
g &
Insp
ectio
nIn
terd
ictio
n &
Enf
orce
men
t
Ente
rpris
e-w
ide
Secu
rity
Trai
ning
Trac
king
Risk
Ana
lysi
sEn
terp
rise
Awar
enes
s/C3
I2Re
silie
nce
Engi
neer
ing
& R
espo
nse
Plan
ning
Emerging SecurityFunctions
Traditional SecurityFunctions
Peop
le
Carg
o
Conv
eyan
ces
Mon
ey
Info
rmat
ion
Polic
yM
etad
ata
Data
Valu
eSu
pply
Key Objects of Value
FiveChains
Figu
re 3
. Glo
bal M
ovem
ent M
anag
emen
t ana
lytica
l fra
mew
ork.
Sour
ce: I
BM G
loba
l Bus
ines
s Ser
vices
.
IBM Global Business ServicesPage ��
Five key objects of value–Thekeyflowsintheglobaleconomyatanygiventimecomprisetheexistenceandmovementthroughtimeandspaceofanyoffiveobjectsofvalue:people,cargo,conveyances,moneyandinformation(seeFigure4).Hence,anyeconomicflowcanbedescribedbywhichoneormoreoftheobjectsareinvolved.
Figure 4. The five key objects of value.
Source: IBM Global Business Services.
Five questions–Essentialinformationisneededaboutanyobjectmovingthroughtheglobaleconomy.Therefore,thefollowingfivebasicquestionsneedtobeanswered:
What is the object? With any object in transit, it is essential to establish its
identity or authenticity. Is the object what it is registered to be, or is it something
else? Is the person traveling on a student visa really a student, or is it someone
with a false identity document? Even if the person is a known or suspected
threat, like one of the 9/11 terrorists, does the computer in front of a border or
customs official provide the most complete and up-to-date information? Does
the shipping container hold shoes or a nuclear weapon? Is the worker gaining
access to a secure area in an airport or seaport who that person says he or she
is, and has the person passed appropriate security background checks?
Where is the object? This question addresses the geographic location of an
object in transit at any point in time. Is the object at its origin, in transit or at its
final destination? Is a shipment of fuel at the oil field, at the refinery or in the
tanker truck about to enter New York’s Holland Tunnel? For a traveler, is that
person in their home country applying for a visa, on an airplane from Germany
to the United States, or already in the United States and, if so, where?
•
•
People Cargo Conveyances Money Information
IBM Global Business ServicesPage ��
When did the object leave/When is it scheduled to arrive? For most supply
chains, a predetermined schedule answers these questions. However, it is as
important to understand whether the object at a particular location arrived at
the time it was expected to be there, or whether the object has been delayed. To
address the “when” question, many airfreight shipping companies offer customers
the ability to track shipping information and know when objects pass through
key transit hubs and checkpoints. For mega-retailers moving enormous amounts
of merchandise, RFID scans of shipments throughout transit allow them to
determine if inventories will arrive at stores in time to meet specific regional and
local demand.
How is the object being conveyed, exchanged, paid for? Asking “how” in this
way can provide other valuable information. Is a person booked to enter the
United States by airplane, by boat or over land? How did the person send a
shipment: by a trusted carrier or by a smaller company with little transactional
history and unknown security practices? How did a person pay for an item:
with cash, credit, a new or longstanding bank account, or informal traditional
transfer systems like hawala financing?43
Is the object secure? Has the object been tampered with? Does it pose a risk
either to itself or to other objects in the system because of what it contains or
how it behaves?
Five chains of movement–Anyobjectmovingthroughtimeandspaceintheglobaleconomycanberepresentedinageneric“supplychain,”asdepictedinFigure5.Anyobjectmovesthroughtimeandspace,fromorigintodestination,fromthecustodyofonehandlertoanotherandthroughvariouscontrolpoints.Asanyobjectmoves,governmentsandcompanieshaveinplacerulesforhowitshouldbehandledandtreated,andhowitsmovementisrecorded.Whilemostpeoplethinkofphysicalsupplychains,infact,globalmovementsystemscomprisefivechains,somephysicalandsomevirtual.Thesefivebasicchainsaredescribednext.
Figure 5. A generic supply chain.
Source: IBM Global Business Services.
•
•
•
End UseTransport 1
Control Point
Origin/Production
Transport 1+nDestination(port, airport,warehouse)
Distribution(”last mile”)
Control Point Control Point Control Point
Time/Space
Control Point
IBM Global Business ServicesPage ��
The supply chain represents the sequential location, custody and control points
for any object as it moves from origin to destination. This can mean objects
moving through the maritime cargo system, electricity moving through a power
grid, a traveler moving through the immigration and air travel systems, or
electronic payments moving over the Internet.
The value chain represents the monetary, economic and public-goods value of
any object at any point in the supply chain.
The information chain represents the collection, exchange and storage of
information about any object as it moves through time and space, from the
custody of one party to another. The data chain is a subset of information that
is stored and accessible in electronic form, whereas other information on goods
may be recorded and stored in non-automated paper form.
The metadata chain is data about data that define uniform categories or like
families of information. For example, “Passenger Name” is the metadata category
for passenger data such as Jane Doe, John Smith and Mary White; or “Vendor”
for a department-store retail chain might include data such as Nike, Champion,
Polo and Gucci. Metadata is important because it provides a taxonomy with
which to catalog and more easily understand individual data items.
The policy chain represents the rules – imposed by common practice,
companies, or governments – that determine how any object is to be handled
or inspected at any point in a supply chain; how information or data about any
object is to be recorded, stored, exchanged or reported; and how value is to be
exchanged and settled for any object at any point in time.
Five traditional security functions–Thesecurityrisksassociatedwiththefiveobjectsofvalueandthefivechainsmustbemanagedasobjectsmovethroughtheglobalmovementsystem.TorefinetheGlobalMovementManagementframework,wetooktheoriginalsixsecurityandresiliencebusinessfunctionsidentifiedinIBM’spreviousGlobalMovementManagementpaper,adjustedthemslightlyandaddedfournewfunctions.44Wethendividedthesetenfunctionsintofivetraditionalsecurityfunctionsandfiveemergingsecurityfunctions.45
Traditionalsecurityreferstobasicsecuritymeasuresundertakentoreducevulnerabilitytocrimeoranattack.Thesemeasuresareaimedathardeningfacilities;restrictingaccesstofacilitiesorsensitiveareas;confirmingtheidentity,examiningtheprovenance,conductinginspectionsofpeopleanditemsastheyenterafacilityorconveyanceorwhiletheyareintransit;andstoppingorseizing
•
•
•
•
•
IBM Global Business ServicesPage ��
itemsorpeoplethataresuspicious,poseathreatorarenotincompliancewithcertainrules.Thedominantresponsetoimprovesecurityafter9/11has,forthemostpart,focusedonthesetypesofactivities:
Facility security –These measures include the hardening of targets: building
barriers; reinforcing storage units; providing electronic security measures; and
adding security guards to patrol, stand watch or escort. These efforts are aimed
at deterring, detecting, denying and delaying any improper attempts to access
a facility.
Conveyance security – Conveyance security refers to measures taken to protect
objects in transit through the hardening of vessels and other steps to prevent
theft or sabotage while in transit. These measures may include the use of
stronger materials or reinforced construction techniques and increased use of
alarms, escorts and tracking.
Credentialing, identity verification and provenance – Credentialing helps ensure that
people and objects are who or what they claim to be. Generally, credentials are
issued at points of surety, where a credentialing authority is convinced that
certain standards of proof have been met. These credentials are stored for future
use to help validate claims of identity, content or other conditions. Credentialing
information can be used to help manage risk and allocate inspection resources
appropriately. Credentialing can also include more than an identity document.
Often, officials at control points or in spot inspections will inquire about an
object’s provenance, information that identifies its chain of custody, means of
transport and path of travel for an object until that point of inspection.
Screening and inspection – These measures help ensure that objects are properly
identified and registered. Objects are physically examined, or information about
objects (e.g., shipping manifests, bank records, identity documents) is screened
to help determine whether objects have been tampered with or might contain
dangerous or contraband items. The screening and inspection function helps
validate that only lawful or low-risk people or things enter intentional openings
in perimeter boundaries, such as ports of entry, and that authorities are able
to track the duration of their stay within those boundaries effectively. This
function is used throughout the supply chain to allocate additional inspection,
enforcement and interdiction resources, and it informs compliance programs
such as warnings, training, audits and facilitation programs.
Interdiction and enforcement – This function includes quick actions to address a
security incident before it fully materializes. Many other security functions
such as perimeter security and tracking are only useful in the context of strong
•
•
•
•
•
IBM Global Business ServicesPage ��
interdiction and enforcement capabilities. Interdiction and enforcement can
include national-level efforts for such activities as, for example, stopping illegal
aliens at the border or drug runners on fast boats in the Caribbean, interior
enforcement activities, and responses to breaches in physical security and
checkpoint security at individual facilities.
Five emerging security functions–Thefiveemergingsecurityfunctionsare,forthemostpart,aimedatfillinggapsinthetraditionalsecurityparadigmbyimprovingknowledge,awareness,traininganddecisionmaking.Theseemergingfunctionscanstronglybenefitsecuritywhilealsoprovidingdualbenefitstoimprovecoreoperationsandbusinessperformance:
Enterprisewide security training – Security must not be thought of as the responsibility
of only dedicated security professionals like security guards and the Chief
Security Officer. All personnel, from the CEO to logistics managers to truck
drivers, must be taught to think about, understand and implement security
in their everyday activities. Organizations need to recognize that everyday
employees — not just security personnel — are the eyes, ears and sensors who are
often in the best position to spot threats and vulnerabilities.
Tracking – Tracking includes processes and systems to determine the location of
objects and help ensure that their location is consistent with what is authorized
and expected. It includes the process of attributing custody of items at any time
during their movement through a system. It also includes traceability processes,
such as tracking backward to find the source or origin of a system disruption
(e.g., tainted food or medicine, or WMD materials intercepted in a cargo
container). Tracking information can be aggregated to create a comprehensive
picture of traffic within a movement system, which can be used both for security
and business performance (e.g., inventory management, resource allocation).
Tracking can occur in realtime, providing information at virtually all points
during transit, or on a periodic but regular basis whenever objects move through
control points where data can be collected and transmitted.
Risk analysis – Risk analysis is the analysis of data collected about an object to
determine if and what kind of dangers might be posed by that object. Risk
management processes information – such as an object’s contents, origin, destination,
sender and receiver – in the aggregate, seeking to identify anomalies or discrepancies
that warrant suspicion, investigation, clarification or additional inspection. Most
important, risk management programs facilitate efficient resource management and
the expedited movement of low-risk people and cargo (the vast majority of the flow)
by focusing resources on those objects that pose the highest risk.
•
•
•
IBM Global Business ServicesPage ��
Enterprise awareness/Command, Control, Communications and Information Integration (C3I2) –
Enterprise awareness is a high-level understanding of threats, vulnerabilities and
potential impacts based on the aggregation and analysis of data from a variety of
sources. C3I2 includes command and control activities that monitor all available
information within a system and from related systems, and fuse that information
to create timely intelligence about potential threats to the system. C3I2 supports
efforts across all business functions to share and analyze data more effectively,
improve risk analysis, and improve enforcement and interdiction response times
and effectiveness.
Resilience engineering and response planning – Resilience engineering aims to create
systems and processes that are robust and flexible, capable of bending rather
than breaking when strained or attacked. Instead of focusing solely on physical
protection and the hardening of assets, resilience engineering uses data about
systems to create backup capacity and contingency plans to significantly reduce
the impact of any loss.46 In addition to engineering, the resilience of a system
depends greatly on what actions and decisions take place in response to a
disruption. Are employees and executives able to calibrate and exercise response
proportional to a disruption? Will they overreact, unintentionally creating
additional burdens on the system, which could compound costs and magnify
disruptions? The answers to these questions will depend on whether response
plans are in place, known and rehearsed, enabling officials to behave in an
appropriately measured manner.
Seethesidebar,“GlobalMovementManagementandthemaritimecargosector,”forahigh-leveloverviewofthemaritimesupplyandinformationchains.AppendixA,“GlobalMovementManagementAnalysisoftheMaritimeCargoSector”providesa‘realworld’applicationofthefiveanalyticalcatgoriesdiscussedaboveaswellasadetaileddepictionofmaritimecargoandinformationflows(seeFigure13).
Global Movement Management and the maritime cargo sector
Maritimecargocomprises90percentofglobaltrade.47Everyday1.1millioncargocontainersmovearoundtheglobe,and417millioncontainersareloadedandemptiedeveryyear.48Overthenext20years,thevolumeofcargoatmajorportsisexpectedtomorethandoubleandpossiblytriple.49ToillustratetheGlobalMovementManagementframeworkusingareal-worldexample,weappliedallfivepartsofthecomponentsystemanalysistothemaritimecargosector.Highlightsofouranalysis:
•
•
IBM Global Business ServicesPage �0
Technology and Information Management–Throughouttheinformationchain,dataisgenerallyofpoorquality.Automationiscommonlylowandpaper-based,andmanualentrysystemsdominate.Informationisnotaggregatedoranalyzedwellandismostoftenburdenedbyrepetitivedatare-entryandre-keying.50
Human Capital–Betterinformationmanagementcanalsoallowemployeestofocusonmorevalue-addedactivitiesandengageintrainingandotheractivitiesthatimprovetheirawareness,knowledgeandvigilanceregardingsecurityissues.Individualpeoplethroughoutthemaritimecargosupplychainarecriticaltosecurity.Individualmanagers,employeesandofficialspackage,load,handle,move,exchange,inspectandscreenobjectsthroughouttheshipmentprocess.
Governance–Improvingtechnology,informationmanagementandhumancapitalpointtotheneedtoharmonizebestpracticesacrossarangeofplayersandcountries.Thisevokesthepotentialforcompaniesandcountriestocooperateonsharedinterestsinimprovinggovernancerelatingtomaritimesecurityissues.Therangeofplayersinvolvedthroughoutthemaritimesupplychainaswellastherangeofnewsecurityinitiativesindicateaneedtoconvenekeystakeholdersinanefforttoimprovegovernanceandharmonizationofeffortswithinindividualenterprisesandcountries.
Ouranalysisshowedthatgreaterautomationanddatainteroperabilityinthemaritimecargosectorwouldincreaseinformationsharingandimproveawarenessofthemanyplayersinvolvedregardingtheirpartinthemaritimesupplychainaswellasrelatedactivitiesortransactionsnearbythatmayaffectthem.Reducedmanualdatareentrywouldincreasethespeedofprocessingobjectsandincreaseconfidenceinthesecurityofobjectsthatindividualemployeesareinvolvedinprocessing.Freeinguptimethatwouldotherwisebelostonmanagingvolumesofpaperformsandmanualdataentryandredundantre-entrycouldfreeuphumancapitalformoreprofitableandproductiveactivities.Thiscouldhelpimproveefficiencyandperformance.ThetechnologyandinformationmanagementcapabilitiestosupportthiseffortwouldgeneratebothenhancedC3I2fortheprivatesectorandmorefinelytunedriskanalysisforthepublicsectorauthoritiesresponsibleforsecurity.
Layered securityTraditionalandemergingsecurityfunctionsexistatmanydifferentlevelsthroughouttheglobalmovementsystem.Theyexist“vertically”withinindividualcompaniesandsectors.Theyalsoexist“horizontally”andcrossovermultiplesectorsasobjectsmovefromsuppliertomanufacturertodistributortoenduser,andfromcompanytocompanyandcountrytocountry.Effectivelylayeringsecuritymeasuresbothverticallyandhorizontallyiscriticaltobuildingintelligentimmunityinglobalmovementsystems.
IBM Global Business ServicesPage �1
Alayeredapproachtosecurity(seeFigure6)providesflexibilityforownersandoperatorsofsystemswhilealsointroducinganelementofunpredictability,makingitharderforamaliciousactortoplanandadapt.Layeredsecuritycanmitigateflawsinindividualsecuritymeasures,helpreducefalsepositivesandprovideflexibilityinanenvironmentthatpresentscomplexchallenges.Mostimportantly,alayeredapproachtosecuringglobalmovementsystemscangreatlyincreaseoverallsecurityevenifindividualsecuritymeasuresarelessthanperfect.(Seethesidebar,“Layeringsecuritymeasuresincreasesoverallsecurityeffectiveness.”)
Figure 6. Layered approach to security.
Source: IBM Global Business Services.
Layering security measures increases overall security effectiveness
Theeffectivenessofanindividualsecuritymeasureisfairlyweakifitsfailurerateis40percent(e.g.,meaningitiseffectiveonly60percentofthetime).However,layeringaseriesofevenflawedindividualsecuritymeasurescanresultinoveralleffectivenessapproaching100percent.Toillustrate,ifsecuritymeasuresA,B,C,DandEeachhavea40percentfailurerate,thenlayeringthemsequentiallyincreasestheprobabilityofsuccessfullystoppinganattackto98percent.Thiscanbeexpressedbythefollowingequation:
100%-(40%)x(40%)x(40%)x(40%)x(40%)=100%-1.024%=98%
Thissimplemathematicalexampleassumesthateverysecuritylayerisindependentandthatmeasuresoccursequentially.Inreality,however,securitymeasuresneednotbeindependentandsequential.Increasingthelevelofcoordinationandharmonizationbetweenlayerscanhelpincreaseoveralleffectivenessevenmore.
Security Layer A
Security Layer B
Security Layer C
Security Layer D
Security Layer E
IBM Global Business ServicesPage ��
Consideraseriesofsemi-permeablemembranes,whichmustpermitthehealthyflowofcommercewhilealsofilteringoutthreatstothesystem.Eachmembranepossessespassagewaysthatallowpeople,cargo,conveyances,moneyandinformationtopass.Thepassagewaysinthesemembranescanbeamixofchannels(whicharemoreregulatedanddemonstrateahigherdegreeofsensitivityanddifferentiation)orpores(whicharemorepassive).Theporesandchannelsinthesemembranescanbelocatedindifferentpositions,possessdifferentdimensions,andestablishdifferentcriteriatoalloworpreventobjectsfrompassing.Togetherthesemembranesworkmoreeffectivelythantheywouldindividually.Theyareevenmoreeffectivewhentheyareharmonizedtomutuallyreinforceoneanother.Inpractice,themetaphoricalseriesofmembranescomprisesphysicalcontrolpointsandinfrastructure,amixofhuman,technologicalandproceduralscreensaswellasresponse,escalationandredressmechanisms.
Arrayedincombination,withaneffectivelevelofcoordination,anumberofimperfectsecuritylayerscanbetterpreventdisruptionswhilealsomaintainingthehealthyflowofcommerce.Indeed,well-coordinatedsecuritylayerscouldevenhelpimprovecommercebyallowingafalsealarminonelayertobequicklyresolvedatsubsequentandsuccessivesecuritylayers.
Achievinggoodcoordinationbetweendifferentsecuritylayerscanimproveenterpriseawarenessinglobalmovementsystems.Systemwidecoordinationwouldhelpensurethatatanygiventime,theoverallsecurityofasystemisknownandcalibrated.However,harmonizationamongsecuritylayersmakesitincumbentonownersandoperatorstobeawareoftheeffectsthattheirdecisionsinonepartofasystemwillhaveinotherpartsofasystemandonthesystemoverall.
IBM Global Business ServicesPage ��
IV. Strategic human capital: Baseline for success
Outsideofmilitaryactivity,effortstoimprovesecurityinthepastsixyearshavefocusedonseveralnotableareas.Theseareasincludegovernmentreorganization,technologyinvestment,increasedintelligence,stepped-uplawenforcement,sitehardening,heightenedscreeningandmorecredentialing.However,lessattentionhasbeenfocusedonhumancapital–thepeopleinindustrywhomanageandoperateourvitaleconomicsystemsandthoseingovernmentwhooverseecriticalsecurityprograms.Belowwedescribetheconditionsthatmakethe“peoplefactor”inglobalmovementsystemssoimportantandwhatcanbedonetoimprovetheperformanceofpeopletoachieveintelligentimmunityinglobalmovementsystems.
People are a critical factor in global movement systemsPeopleembodythepointoftransformationbetweeninformationandactionmillionsoftimesadaywithincriticaleconomicsectors.Theyprovideessentialknowledge,skillsandabilitiesastheyenableoroverseetheglobalmovementofpeople,cargo,conveyances,moneyandinformation.Theiractivitiesrequiredecisionmakingandjudgmentbasedonmyriadfactors.Thesefactorsincludepeople’sexperiencethatcomesfromdoingtheirjobseverydayincludingspecific,granularanddetaileddatafromITsystems;moregeneralknowledgeaboutmarkets,systems,peopleandeventsinthesystem;anunderstandingoftherules,normsandcustomsthatcharacterizetheindustrytheyworkinandtheorganizationtheyworkfor;andtheabilitytospotsuspiciouspatternsoractivitywithinsystems.
Moreover,individualswithincompaniesandgovernmentsfaceincreasinglycomplexchoicesabouthowtoimproveperformanceandaddressrisk.Theyfaceunprecedentedvolumesofinformation,newtechnologiesandcompetitivepressuresthatcomplicatetheirwork.Atthesametime,inanetworkedeconomy,decisionsmadeattheindividuallevelcanhaveincreasinglyglobalramifications.Severalobservationscanbemadeaboutthedynamicrolethatpeopleplayintheglobalmovementsystem.First,thesecurity,resilienceandefficiencyofglobalmovementsystemsrestprimarilyonthehumanfactor.Individualhumanbeingsareboththegreateststrengthinglobalmovementsystemsand,atthesametime,acriticalriskfactor.Peoplemustserveasastartingpointforstrategiesaimedatimprovingthestrengthofthesystemacrossallflows.
IBM Global Business ServicesPage ��
Second,peopleareessentialfirst-ordersensorsbecausetheypossessbothgeneralandspecificknowledgeoftheirownenvironment.Itisthisspecificknowledgethatismostdifficulttoobtainforterroristsandisessentialtotheiroperations.Monthsorevenyearsofdetailedcasingofatargetandrelentlessrehearsalcannotanticipatefullyeverycontingency,especiallywithoutarousingthesuspicionofawell-prepared,well-trainedandwell-coordinatedcommunity.Duringanaturaldisaster,thepeopledirectlyaffectedareinthebestpositiontoidentifytheirspecificneedsandlocalconditions.
Thespecificknowledgeoftimeandplace,writtenaboutextensivelybyMichaelJensenatHarvardBusinessSchool,isbydefinitionthemostexpensiveanddifficultknowledgetoobtain.51Itisprizedknowledgeinaterroristoperationandastrategicandtacticaladvantageforthosewhoown,operateandseektoprotectthesystem.Itisextremelyvaluableinformationforadisasterreliefcoordinatorstrivingtogetanaccuratepictureofconditionsontheground.Inbothcases,peopleareessentialtoimprovingthesecurityandresilienceofasystembecausetheyhavespecificandlocalknowledge.
Forexample,atraindriveronasubway,ajanitorinabuilding,apostmanonamaildeliveryroute,asailorinahomeport,acustomsofficialathisorherpostorapoliceofficeronthebeatallshareadeepandnuancedunderstandingofthenormalconditionsthatprevailintheirareaofresponsibility.Theyhaveasenseofthepeople,thingsandactivitiesthatbelongintheirworld.Whencombinedwithvigilanceandtheknowledgeandwillingnesstotakeariskandreporttheirobservations,front-linepersonnelcancreateaninvaluableadvantageindealingwithterroristsandprovideessentialinformationpriortoorduringanunfoldingdisaster.
Third,peoplearethebestintegrativesensors,abletofusemultiplesourcesofinformationandarrivequicklyatjudgmentswithinsight.Whilemanyofthesecuritysolutionspursuedafter9/11havefocusedheavilyontechnology,technologywillprovideonlyapartialsolutiontoimprovingsecurityandresilience.Newsecuritytechnologiesfunctiononlyaswellasthehumansthatusethem.Front-lineemployeesaretheeyesandearsofanyorganization.Theyareoftenthebestsourceforup-to-datelocalinformationandwilloftenbethefirsttospottrouble.Well-trainedemployeesproviderobust“micro”levelinformation,whileatthesametimetheyhavetheexperiencerequiredtoaggregateand
IBM Global Business ServicesPage ��
analyzeinformationata“macro”level.Strategicuseofhumancapitaldevelopmentisessentialtoimproveriskmanagementbecausehumancollectionandsynthesisofinformation,decisionmakingandjudgment,whencombinedwithwell-designedtechnology,exceedthecapabilityoftechnologyalone.
Fourth,inadditiontotheirroleassensorsandcollectors,peoplearethekeyanalystsandsynthesizersofintelligenceandthecritical“deciders”invirtuallyalloperationalcontexts.Peopledecidebetweenactionsthatenablecommerceorslowit.Peopledecidehowtorespondtoman-madeandnaturaldisruptionsinamomentofcrisistoprotectlifeandproperty,andtorestoresystemstonormaloperation.
Strategic human capital approach for strengthening global movement systemsThecriticalroleofpeopleinmanagingriskandcomplexityinanetworkedenvironmentistoooftenoverlooked.Fromthefrontofficetothefrontline,peoplemakeglobalmovementsystemswork.Wecallforanewstrategicapproachtohumancapitalthattransformstherelationshipbetweenindividualsandtheirorganizationsbyimprovingtrustandaccessatvirtuallyalllevels.Thisresultsinagreatersharedownershipofmissionandobjectives,andempowersindividualstomaketherightdecisionsattherighttime.Thisapproach,adoptedbyindividualorganizationsintheglobalcommunity,willhelppromoteintelligentimmunityacrosstheentiresystem.
Thisstrategichumancapitalapproachrequiresleaderstoemployemergingtechniquesformanaginginanetworkedenvironment.Neededtechniquesincludeimprovedcollaboration,latitudetoreachacrossandoutsideorganizationalboundaries,investmentinorganizationaltransformation,newstructures,bettertechnologythatservestheneedsofemployeestosiftthroughlargeamountsofinformationmoreeffectively,andmostimportantly,greatlyimprovedtrainingtoimprovemanagerialandsupervisoryskillsaswellasdomainknowledge.
Investmentsinthisapproachwillhelpenablepeopletobeabletoassumehigherorderresponsibilitiesbyautomatingthosechoresbestsuitedforamachine.Thisalsowillhelpimprovetheirabilitytomanagecomplexdatainputsandsupportbetteranalysisandjudgmentaswellashelpempowerthemsotheirdecisionsaremoreinfluential.
IBM Global Business ServicesPage ��
Wehaveestablishedthatpeoplemakeglobaleconomicsystemswork.Forpeopletosucceed,investmentsneedtobemadeinasystemwherepeopleareempoweredto:
Act as innovators within global systems to improve the efficiency of commerce
Act as the first line of defense to sense anomalies in and prevent disruptions to
global systems
Lessen the chance that terrorists can use the system successfully for ill purposes
Influence or make the right decisions on how to respond to disruptions to global
systems that might occur.
Theapproachwearetalkingaboutisflexibleenoughtoencompassandsupportthebroadrangeofrolesthatpeopleplayinthesystemunderbothnormalandabnormalconditions;thatis,duringday-to-dayoperationsaswellasinacrisis.(Seethesidebar,“Strategichumancapitalapproaches.”)Itisconsistentwiththecurrentapproachtohumancapitalwhich,atitsbest,isbasedlargelyonariskmanagementstrategyappliedtoarangeofdifferentsystems.Itisdifferentfromthecurrentapproachtohumancapitalinthatitisourbeliefthattheentiresystemrequiresablendedapproachtopeopleandtechnologywherethepeoplefactorhasaprimaryroleinthelarger,layeredstrategyofintelligentimmunitythathas,untilthispoint,beenundervalued–ifrecognizedatall.
Strategic human capital approaches
Herearetwopracticalexamplesthatdemonstratethedifferentbutessentialrolesthatpeopleplayintheirrespectivesystems.Inmaritimecargo,takingastrategicapproachtohumancapitalwouldinvolveautomatingtheroutinetransactions,significantlyreducinghumanintervention,employingriskmanagementtechniquestoidentifyabnormalandhigh-risktransactions,andfocusingresourcestoresolvethem.Inthissystem,peoplewouldthendevelop,implementandoperatethemitigationprograms,performexceptionmanagement,makecriticaldecisionsandexecutethroughtraining,warnings,inspectionsandenforcement.Inthiscase,peoplefollowtheevolutionoftechnology.Bycontrast,inimmigrationandtravel,wherepeopleplayanimportantroleasprimarysensorsbymeetingandassessingeverypersonwhoenterstheircountry,astrategicapproachtohumancapitalwouldbeginwithtrainingandsupervisionthatempoweredthemtobethefirstlineofdefenseinthiscriticalflowoftheglobalmovementsystem.
•
•
•
•
IBM Global Business ServicesPage ��
Toenhancethepositiveroleofbeneficialactorsinthesystem,owners,managers,operatorsandregulatorsshouldadoptthreeimportantrecommendations:
Take a strategic approach to front-line employees in global movement systems.
Lead, organize, train and equip front-line employees for the new tasks at hand.
Engage society on a more comprehensive basis in recognition of the new level
of personal responsibility that each user has for the system in a more connected
and interdependent world.
Themotivationtoparticipateintheseeffortswill,ofcourse,differbetweencommercialandgovernmentalplayers.Butbothsectorsmustrealizethatneithersectorcanaccomplishitsgoalswithouttheinvolvementandpositiveassistanceoftheother.
Take a strategic approach to front-line employeesAstrategytoimprovethesecurity,resilienceandefficientcommercialexchangeofglobalmovementsystemsmustencompasspeopleandthedifferentrolesthattheyplayonthefrontlines.Itmustallowpeopletoeasilyreportanomalies,takeactionbasedontheirconclusionsandprovideincentivestobeartheriskofdoingso.Tosuccessfullyharnesstheknowledgeoffront-lineworkers,itisessentialtoco-locatespecificandgeneralknowledgetogetherandempoweremployeestoplayasignificantroleindecisionmakingregardingtheefficiency,securityandresilienceofcriticalsystems.Co-locationmeansplacinginformationinthehandsofpeoplewiththerightgeneralandspecificknowledgewhoarealsoempoweredtomakedecisionswherevertheyareinanorganization.
Front-lineworkersinglobalmovementsystemsemployhumanjudgmentthatcanbeasourceofstrengththroughspecificknowledgeandtrainingaswellasapotentialsourceofweaknessthroughpoordecisionmaking,inattentionorcorruption.Astrategicapproachtofront-lineworkersrequiresadifferentkindofthinkingandahigherlevelofinvestmentinleadership,trainingandprofessionaldevelopmenttoachievebetterqualityandinnovationinglobalmovementsystems.Thiswillrequireanorganizationalcultureshiftinwhichtrustbecomesmoreimportant,therebyenhancingexchangeofinformationandencouragingfront-lineemployeestoactmorelikeownersoftheentiremission,notjustanarrowportionofit.
•
•
•
IBM Global Business ServicesPage ��
Astrategicapproachaimedatimprovingfront-lineperformancehasanumberofimportantattributes.Forexample:
People need to be empowered and incentivized to assume risk and take the
initiative by trying new approaches. This means rewarding an employee who
suggests a new model that improves the ability to identify and manage risk
in the system. It means avoiding penalty if a new suggestion does not yield
improved efficiency or effectiveness. There should be trust that an employee’s
actions are honorable – for example, if a goverment employee reaches out to
another government agency or the private sector, it should be assumed that he
or she is doing so in good faith. It also means providing an environment where
employees can freely establish links with other government agencies as well as
with the private and non-profit sectors so that front-line employees can learn
about innovative homeland security efforts and pilot programs.
In government especially, managers and supervisors may need some amount
of dedicated funding to pay for regularly scheduled training, travel and skills
development necessary for informed risk-taking, innovation and collaboration.
Professional development is critical to keeping pace with the rate of change in
the threat environment.
Improved incentives and better training will create a more supportive
environment where employees can experiment with new techniques and
develop innovative strategies. The innovation that results will help to more
quickly and accurately prevent or identify and interdict problem actors in the
system. The strategic use of employees advocated here goes far beyond simply
paying them more or offering additional benefits. It means leveraging their
knowledge, performance and commitment as employees and human beings to
create a more intelligent, innovative and rapid response to risk – putting more
intelligence in intelligent immunity.
The same investments in people within corporations that have been shown
to measurably improve total shareholder return now must be made in the
government and non-governmental organizations that exercise extensive
influence on global movement systems. Moreover, we argue that increased
globalization, liberalization of trade and increased standardization of IT
and telecommunications have already given rise to new ways of structuring
collective enterprises and organizing people, driving the evolution of the globally
integrated firm.
•
•
•
•
IBM Global Business ServicesPage ��
The “circle of influence” for public, private and non-governmental workers
on the front line must be broadened to match a new “circle of concern.”
Investments in strategic human capital should focus on creating a new
organizational culture to perform at higher levels by improving the quality
of leadership, the flexibility of organizational structure, availability and
effectiveness of training, and better equipment in order to increase security
harmonization and coordination across global movement systems.
Lead, organize, train and equipGreateremphasismustbeplacedonavarietyofactionsdesignedtoempowerfront-lineemployees.Theseactionsincludedevelopingbetterandmorenetwork-proficientleadership;morestreamlinedorganizationalstructures;enhancedtrainingfordomain-specificchallengesaswellassoundsupervisoryandmanagementskills;andfinally,technologytoolstohelpfront-lineworkersdealwiththeenormousvolumeofinformationthattheyconfrontwithoutfeelingoverwhelmed,andwithouthavingtheseaofinformationsupplanthumanjudgment.
Leadership–Strengtheningglobalmovementsystemswillrequiremanagingchangeonamassivescale–fromasystemwheresecuritywasofsecondaryconcerntocommercialimperativestoonewheresecurityandresiliencebecomeco-equalstrategicimperatives.Researchstudiesonchangeinitiativesintheprivatesectorconsistentlyfindthateffectiveleadershipisessentialtothesuccessofmajorchangeefforts.52Studiesoforganizationalculturechange–aconceptusuallyassociatedwithsignificantorganizationalreform–alsofindthatleadersplayacriticalroleinformingandtransformingorganizationalcultures.54Withoutstrongleadership,noplanforanimprovedglobalmovementsystemcansucceed.
Whatmakestheleadershipchallengeofmotivatingandguidingchangeinglobalmovementsystemssosignificantisitsenormousscope,scaleandcomplexity.Wearguethatleadershipmustbeexercisedonbothanindividual,organizationalandglobalbasisbecauseofthenetworkedandglobalnatureofthesystemandthewidespreadcostofdisruption.Thechallengeisenormous,butthereisreasontobeconfidentthatleaderscanimproveglobalmovementsystemswithacomprehensivevisionandexperiencewithchangemanagement.Inaddition,leadersmuststepforwardtobalanceoverarchingsystemobjectiveswhenadisruptionoccurs–makingdifficultdecisionsunderconditionsofsignificantambiguity.
•
IBM Global Business ServicesPage �0
Organizational structure–Privatesectorinvestmentsinhumancapitalhavealsobeenhamperedbyafailuretounderstandthestrategicnatureofsecurityandresilienceinglobalsupplychains.Layeredsecurityrequirescoordinationamongandacrosslayerswithoutcompromisingtheindependenceofapproachthatprotectsthesystemagainstabreakdown.(SeetheLayeredsecuritysubsectioninSectionIII,“ApplyingaGlobalMovementManagementframework.”)Changesinfunctionamonggovernmentagenciesandwithincommercialenterpriseshavenotbeenfollowedwithchangesinstructurethatwillenhancemissionaccomplishment.
Ingovernment,bureaucraticstructureoftenimpedesinformationsharing,cooperationandcoordination.Yetslowreactiontimebetweensensing,understanding,decidingandactingisoneofthekeyweaknessesthatterroriststrytoexploit.Wecannotallowourorganizations,bydesign,tohinderthequalitiesofrapidandadaptivedecisionmakingthatareneededinthenetworkedworldinwhichwelive.
Problemswithorganizationalstructurearenotconfinedtothepublicsector.Thiscanbeseen,forexample,intheroleplayedbyChiefSecurityOfficers(CSOs)incorporationsaroundtheglobe.ManycompanieshavehirednewCSOssince9/11,madethemreportdirectlytotheCEO,orincreasedtheresourcesavailabletoCSOs.Forthemostpart,however,CSOstendtohaveskillsetsandresponsibilitiesthatarenarrowlyfocusedonphysicalandpersonnelsecurity.Whilesuchskillsarevaluable,theyfailtofullyaccountforthestrategicnatureofsecurityandresilience.Securityandresilienceencompassmorethansimplypreventionandresponse,andinvestmentsmadedonotnecessarilyleadtogreateroperationalcosts.Thatis,investmentsinsecurityandresiliencecanbenefitcorebusinessprocesses,improvebusinessperformanceandbeameaningfulcompetitivedifferentiator.
Inthe1990s,ITunderwentthekindoftransformationthatneedstooccurnowwithsecurity.ITceasedbeinganobscurescienceandviewedonlyasanecessaryinvestmentforenablingtechnicalandadministrativework.Instead,companieslearnedhowtodeployITasastrategicassetandcompetitivedifferentiator.ThemoveofChiefInformationOfficersfromthebackofficetostrategicroleswheretheyhadgreaterinvolvementinbusinessstrategyandimplementationunleashedbetterperformanceandproductivitygrowth.
IBM Global Business ServicesPage �1
AsimilarchangemustoccurtoelevateexpectationsforCSOsincommercialenterprisestodrivebusinessstrategythatenhancestheprospectsforacompany’ssurvivalinthefaceofincreasedrisktotheglobalmovementsystemsonwhichitdepends.AnewreportingrelationshipforaCSOtotheChiefOperatingOfficer(COO)orCEOofacorporationwithoutachangeinthevision,skills,strategyformulationandcontroloverresources,missesthepointofcreatingapositiontomanagethenewkindofrisksthatwillaffectthelong-termsuccessoflargecommercialenterprises.Strengtheningbothleadersandorganizationsacrosssectorsisaprerequisiteofamoresecureandresilientsystem.Anessentialcomponentoftheabilitytoimproveleadershipandmanagementoforganizationsineverysectoristheabilitytotrainemployeestoimprovetheirskillsandperformance.
Training–Wehaveestablishedthat,sincepublicandprivatesectoremployeesarebeingaskedtodonewthingsinnewwayspost-9/11,itmakessensetotrainthemtoaddressthesenewrequirements.Intheprivatesector,whenweaskemployeesinanorganizationtolearnalanguage,masteranewcomputersystem,operateacomplexmachine,interpretacomplexpolicyormanageabillion-dollarproject,wetypicallyprovidethemwiththetrainingtheyneedtodoso.
Furthermore,thenewenvironmentalsorequiresorganizationaltransformationtoachievechangeonacomprehensivelevel.Hereagain,trainingiscriticaltosuccess.Withoutwidespreadunderstandingandacceptanceoftheneedtoaddressnewrisks,employeesaremuchmorelikelytoobstructchange.
Bettertrainingisessentialforemployeesinglobalmovementsystemstomakegooddecisionswhenfacedwithanomalies,alarmsordisruptionsinthecourseoftheirwork.Forexample,bettertrainingcouldhaveplayedaroleinavertingtheattacksof9/11,whenairportscreenersfailedtoresolvemetaldetectoralarmstriggeredbythehijackers.54Employeesalsoneedtobeempoweredsotheirjudgment,experienceandlocalknowledgecanplayagreaterroleinthedecisionmakingoftheenterprisesforwhichtheywork.Againinthecaseofthe9/11attacks,anairportworkerwasdeeplysuspiciousofhijackerMohammedAttabutfailedtoactonhisinstinctsanddidnothing.55
IBM Global Business ServicesPage ��
Trainingshouldcoveravarietyofimportantcontributorstosystemsecurity,resilienceandefficiency.Trainingshouldaddressthecostofinterventions–particularlyonesthatstoptheflowoftheglobalmovementsystem,thelegalandprivacypoliciesgoverninginterventions,andriskmanagementasafundamentaldriverofprogramsandoperations.Riskmanagementisawell-developedpracticeinsomemovementsystems.Forexample,customsofficialsinmanyindustrializedcountriesfollowwell-establishedstandardsandwidely-recognized“bestpractices,”suchastheWorldCustomsOrganization(WCO)FrameworkofStandardstoSecureandFacilitateGlobalTrade.56Personnelshouldbetrainedonthesystem’sprinciplesandonthespecificrisksandmitigationprogramaddressedinanyparticularstakeholder’soperations.Moreover,trainingshouldincludeanefforttoimprovethesupervisoryandmanagementskillsofpublicsectoremployees.Thisisespeciallytrueincaseswheredecadesofunder-fundinghavereducedspendingfortraininginthecivilservicetoatrickle.
Astrategicapproachtohumancapitalthatinvolvessignificantlygreatertrainingwillnotonlyimproveindividualemployees’understandingoftheimportantroletheyplayinimprovingperformanceandreducingrisk,itwillalsoempoweremployeestotakeaction.AccordingtoMIT’sYossiSheffi,“Inanemergency,peoplehavetobeempoweredtobypassthenormalstructureofinformation.Unlesstheorganizationhascreatedtherequisitecultureofdistributeddecision-makingpower,there[willbe]numerousbarrierstodeviationsfromthenormalprocess.”57
Ifwewantthesystemtoperformatthehighestandbestlevels,thenweneedtoinvestintrainingforthepeoplewhodothework.Weneedtoteachpeopletothinkoutsideoftheirownorganizationalculturenorms.Yetgovernmentsrelylargelyonon-the-jobtraining,personalinitiativeandtrial-and-errortofillthisgap.Similarly,corporatefocusonsecuritytraininghasnotreachedalevelwheresecurityisviewedasstrategicandwovenintotheveryfabricofacompany’soperations.Securityandresiliencetraininghavenotrisentothesamelevelassafety,auditandethicstraininginmostcompaniesaroundtheworld.Giventherisks,thissimplyisnotsufficient.
Technology tools–Finally,therelationshipbetweenoperatorsandthetechnologiestheyuseshouldbeimproved.Technologiesshouldservetoempowerfront-linepersonnelintheprimaryfunctionsofglobalmovementsystems.Thiscanbeaccomplishedinthreeways:
IBM Global Business ServicesPage ��
1. Unlockandsharethedatathatisvitaltoahavingfullunderstandingofnaturalandman-maderiskinglobalmovementsystems.
2. Takeexistingworkflowsintoaccountwhendesigningandimplementingnewtechnologies.Newtechnologiesshouldenhancetheskill,capacityandjudgmentofpeopletotakeaction;theyshouldnotbeaburdenoradistraction.Tofightterrorism,wemusthelppeopletobeabletodistinguishnormalactivityfromabnormal,tospotlinkagesandcorrelationsthatcanhelpanticipateandpreventdisruptions,andtohelpbeneficialactorsanticipateandinterdictmaliciousactorsbeforetheystrike.Toenablepeopletobetterprepareforandrespondtonaturaldisasters,itmeanssupplyingvitalinformationfromavarietyofsourcesandpresentingtheminausefulmannerunderconditionsofuncertaintyandurgentneed.Inbothcases,co-locatingpeopleinthesystemwhohaveauthoritywiththosewhohavespecificknowledgetomaketimelydecisionsiscritical.Technologyandotherequipmentmustbedesignedtoprovidedataandadditionalinformationincontexttosupportdecisionsonthefrontline.
3. Buildtechnologiesthatservetheneedsofindividualactorsinthesystembyprovidingspecific,timelyandgranularinformationaboutotherindividualsinthesystematthemomentofinteractionbetweenthesystemandfront-lineemployees.
Thesethreestepswillempowertheindividualasthebaselineunitofactioninglobalmovementsystems.
Engage society on a more comprehensive basisTechnologyandtheglobaleconomygiveustheabilitytohaveadifferentkindofdialogwithindividualsaroundtheworldthanwedid50yearsago.Today,weareengagedinanexchangeacrossculturalnorms,customsandbeliefsasmassmediareachesvirtuallyeverycorneroftheworld.Thishasbothpositiveandnegativeconsequences.Policiesshouldincorporateanappreciationfortheintendedandunintendedconsequencesofthisinfluenceandemploytheabilitytoreachpeopledirectlythroughmassmedia.Leveragingasmallpartofthismediumcouldhelpmorepeopleunderstandthebenefitstothemofglobalmovementsystems,theharmthatterroristsinflictuponinnocents,andthewaysinwhichpeoplecanrespondtoeverydaydisruptionsinamoreinformedmanner.Improvedunderstandingcanstrengthenintelligentimmunitytomaliciousactorsandimproveresponsetonaturaldisasters.ThiskindofoutreachishappeningtodaytocombatAIDS,improveenvironmentalpoliciesandhabits,andspreadmicrolendingincountriesaroundtheworld.
IBM Global Business ServicesPage ��
Moreover,creatingacultureofpreparednessimprovestheresilienceofsocietyasawhole.Thismeansthatinformationhastobesharedwiththepublicregardingwhattodointheeventofterroristattacksornaturaldisastersandhowtoresponddependingonthenatureoftheevent.Toomanyofficialsfearthattoomuchinformationwillfrightenthepublicoraidourenemies.Butthemoreinformedandself-reliantwearewhenthenextattackordisasterstrikes,thebetteroffeverynationwillbe.
Stepscanbetakentopromoteadoptionofamorestrategicapproachtohumancapitalaroundtheworld.First,agovernanceprocessisneededtofacilitatecoordinatedactionamongmanystakeholders.WeaddresspracticalrecommendationstoaccomplishthisinChapterVI,“Governance:Acoordinatedapproach.”Second,anewapproachtotechnologyisneeded.Asthescaleandvolumeofproblemsincreasefromnaturalandman-madecauses,peoplemustbeanintegralpartoftheefforttosiftthroughinformation,makeadecisionandact.Peoplecanmakequick“reads”ofsituationsthatmachinescannot.
Today,however,peoplehavetoadapttotheITsystemsthathavebeendeveloped.Inthefuture,ITsystemsmustbetterserveindividualstoleveragetheiruniqueknowledge,skillsandabilitytoadjusttodisruptions,andtostopterrorists’useofglobalmovementsystems.Therefore,technologyneedstoprovidehumanoperatorswithdataandinformationthatenhancedecisionmakingandtosupportratherthansupplanthumanjudgment.Itshouldpromotegreaterdatainteroperabilitybetweengovernments,andownersandoperatorsofglobalmovementsystemswhilealsoprovidingrobusttoolsandservicesforpermissioningandvisualization.
Inaddition,thegovernancesystemswecreateshouldeffectivelyleveragebothpeopleandtechnologywithastrategydesignedtolowerthecostofthesystemthroughharmonization,evenasweraisethelevelofsecurityandresilienceinit–anessentialapproachtoengagingthebusinesscommunityintheefforttoimproveourintelligentimmunity.TheroleoftechnologyincreatingintelligentimmunityisaddressednextinSectionV,“Technologytoenableinformationsharing.”
IBM Global Business ServicesPage ��
V. Technology to enable information sharing
Havingtherightinformationattherighttimeisessentialtomaintainingthesmoothoperationofcriticalglobaleconomicsystemsinthefaceofman-madeornaturaldisruptions.Traditionally,thishasmeantmaximizingknowledgewithinindividualinstitutions.Companiesimprovedtheircoreoperationsbyimprovingvisibilityintotheirownenterprises.Governmentsacquiredandanalyzednationalandhomelandsecurityinformationwithintheconfinesoflawenforcement,intelligenceandmilitaryorganizations.Butthenetworkednatureofriskintoday’sworldmeansthattherightinformationattherighttimecancomefrommanysources,oftenoutsideofthefourwallsofanyoneorganization.Thismakesitimperativethatgovernments,companiesandindividualsmoreeffectivelycollaborateandshareinformationtomanageriskinthe21stcentury.
Policymakers,businessleadersandindividualcitizensincreasinglyrecognizetheimperativeforgreatercollaborationandinformationsharing.Companieshaveincreasinglyinvestedininformationsystemsthatimprovedataautomationandenterprisevisibility.Manycompanieshavedemonstratedsuccessinstrengtheningintegrationwithcorporatesupply-chainpartnersandevenindustrycompetitors.Fortheirpart,governmentshavebeguntoimplementnetworkedstrategies.TheU.S.military’sconceptofnetwork-centricwarfarefirstappearedintheopenliteraturein1998.58Callsfor“network-centrichomelandsecurity”firstemergedin2004.59
Similarlyanetworkedinformationapproachtoglobalmovementsystemswouldenhancetheirintelligentimmunityagainstdisruptions.Thegreatchallenge,however,isthatsuchsystemsembodyauniqueintersectionofpublicandprivateinterests.Globalmovementsystemsarelargelyownedbytheprivatesector,andusersaremostlycompaniesandthegeneralpublic.Atthesametime,thefunctioning,availability,securityandstabilityofthesesystemsareessentialeconomic“publicgoods,”inwhichgovernmentshavesignificanteconomic,nationalsecurityandpublicwelfareinterests.Societyexpectsglobalmovementsystemstobelikewater,electricityandotherutilities:Peopleexpectthemtoworkandtobeavailableondemand.Whenthesesystemsfail,consequencesarerapid,widespreadandsignificant.
IBM Global Business ServicesPage ��
Thepublic/privatechallengeposedbyglobalmovementsystemshasresultedinasituationwherestakeholdersaregenerallyfailingtotakefulladvantageoftechnologyandawealthofinformationthatiscurrentlytrappedlocallyandinsilosofinformationtostrategicallyaddressriskinglobalmovementsystems.Therefore,topromoteintelligentimmunityinglobalmovementsystems,wepresentavisionforunlockingterabytesoftrappedinformationandpromotingdatacollaborationbetweenindividuals,companiesandgovernmentsonalargescale.Achievingthatvisionwillmakeiteasierforindividualstodotheirjobs,forcompaniestoimprovetheirperformanceandforsocietiestomaintaintheglobaleconomyinthefaceofman-madeandnaturaldisruptions.Atthesametime,acomprehensivetechnologyvisionforglobalmovementsystemswillprovideguidancetoimprovedatamanagement,enterpriseawareness,informationsharingandnetworkedcollaborationwhilealsoaddressingconcernsoverprivacy,informationsecurityandtrust.
Thetechnologystrategyforglobalmovementsystemsthatwediscussinthispaperincludesthreemajorcomponents:
Adoption of a “micro-macro” approach that combines both greater information
granularity and greater information federation/aggregation
Building the “connective tissue” that enables greater collaboration both
vertically between individuals and organizations and horizontally among
organizations
Peer production enabled by unlocking information and sharing it more widely,
helping to drive innovation to dramatically improve the performance, security
and resilience of global movement systems.
Inshort:Unlocktrappedinformation,shareitbroadly,andcreatenewknowledgeandinnovation.
Atthe“micro”level,Web2.0(discussedbelow)andmobiletechnologiesallowhighlylocalinformationtobeunlocked.Individualsareempoweredtoself-publishinformationandconnectthatinformationtooneanotherandtoenterpriseslikecompaniesandgovernments.Alsoatthemicrolevel,terabytesofcurrentlytrappedcorporatedatashouldbeunlockedasanecessarysteptobothachieveWeb3.0anddramaticallyimproveenterprisevisibility.
•
•
•
IBM Global Business ServicesPage ��
Atthe“macro”level,collaborationatscalewilloccuronlywhenenterprise-classinformationsharingbecomesas“turn-key”astheWebistodayandwhensecurityandprivacyconcernsareaddressedatthearchitectureanddesignlayers.Thiswillrequireprotocols,toolsandservicesinthefollowingareastobecomeincreasinglystandardized,widelyavailableandcosteffective:
Data harmonization, interoperability and aggregation
Permissioning, anonymization and encryption
Robust data analysis, visualization and modeling.
Asthisoccurs,peerproductionwillbeabletogeneratesignificantinnovationtoimproveperformancesecurityandresiliencebasedongreatlyimprovedawarenesswithinglobalmovementsystems.
Micro-level Global Movement Management technology strategyToaddresstherisksposedbycomplexandinterconnectedmovementsystems,solutionsmustincreasinglyfocusonindividualorhighlylocalthreatsandvulnerabilities.Thismicroapproachrequirestheavailabilityandcollectionofever-moregranular,specificandlocalizedinformationabouttheindividualactors,movements,transactions,handlingandotherpatternsthatoccurwithintheglobalmovementsystem.
Web 2.0: Empowering information from individuals
Web1.0markedtheadventofthepublicInternet,inwhichthemassmarketadoptede-mail,instantmessagingandchataseverydaycommunicationstoolsandinwhichcompaniescreatedamarketingandretailpresencetoserveconsumersviatheInternet.Web2.0referstoasecondgenerationofWeb-basedcommunitiesandhostedservices(e.g.,socialnetworkingsites,wikis,etc.)thatfacilitatecollaborationandsharingbetweenindividualusers.60
Governmentsarebeginningtosensethepotentialofinterconnectedcitizensandinterconnectedemployees.Withingovernmentitself,officialsareincreasinglyleveragingWeb2.0toolstoconnectanalystswithintheintelligencecommunityandtobetterleverageopen-sourceinformation.61TheU.S.DepartmentofHomelandSecurityisresearchingthepossibilityofusingcellphonestodetecthazardousbiological,chemicalandradioactivematerial.62DepartmentofHomelandSecurityofficialsbelieveprivatelyownedcellphones,becauseoftheirubiquity,couldbeoutfittedinproductionwithsensorstomonitorthepresenceof
•
•
•
IBM Global Business ServicesPage ��
hazardousmaterialsonalargescale–atransformationfromsearchtosurveillance–andthatthiscouldbedonewithoutthecostofinstallingstaticandcumbersomedetectors.
Anotherareawherelinkingindividualstogovernmentandcorporatenetworkswouldcreateenormousvalueisinemergencyresponse.Duringthe2005Londonsubwayandbusbombings,camera-phoneuserspostedtotheInternetbothstillandvideoimagesoftheaftermathoftheexplosions.UsersalsorapidlyrespondedbycreatingapageonWikipediathatchanged,morphedandwassometimesmoreup-to-datethanlivenewscasts.63ConsiderthepowerofaYouTube™-likeservicetoallowbothvictimsandofficialsindisasterareastouploadimportantimageryandvideofootagethatcouldaidsituationalawareness,improvecommunicationsandspeedreliefeffortsafterattacksordisasters.
AccordingtoareportcommissionedbytheWhiteHouseafterHurricaneKatrinaintheUnitedStatesin2004,the“Achilles’heel”ofnationalpreparednessistheabilitytoidentifycriticalsuppliesandresourcesbeforeadisasterstrikesandfindinganddeliveringthemquicklyafterward.AfterHurricaneKatrina,thecommercialclassifiedsWebsiteCraigslist™wasthemostwidelyusedmechanismforlistingmissingfamilymembersandpostingandfindinghousing.64Itwasoftenmoreeffectivethansimilargovernment-providedservices.Futuredisastersarealsolikelytorequirespecializedresponseresources,manyofwhichthegovernmentmaynotbeinapositiontosupply.
Toaddresstheproblem,federal,stateandlocalgovernmentscouldidentifycriticalsuppliesandcapabilitiesthattheywillneed–e.g.,vaccines,ventilators,generators,electrictransformers,laboratorycapacity,decontaminationequipment,logistics,transport,warehousing–aheadoftimeandposttheirneedsandrequirementstoanonlinemarketplace.AneBay®-likeonlinemarketmechanismtomatchregionalandnational-leveldisasterresponseneedswithcompaniesthatcanpledgeassistanceaheadoftimeorhelpoutinrealtimecouldhelpsavedollarsandlives.Itwouldallowstate,localandfederalgovernmentstoinventoryavailablecriticalassetsrapidlyandwouldbemuchfasterthanrelyingongovernmentagenciestocreatearesourcedatabaseontheirown.66
IBM Global Business ServicesPage ��
Web 3.0: Unlocking corporate information
TherearedifferingviewsforwhatWeb3.0willcomprise.Inoneleadingvision,theWebwillevolveintoa“SemanticWeb,”65whichactsasaglobaldatabaseandwheresearchhasprogressedtosuchalevelofsophisticationthatitcanfindinformationbasedonplain-languagequeriessuchas,“I’mlookingforawarmplacetovacationandIhaveabudgetof[US]$3,000.Oh,andIhavean11-year-oldchild.”67
SuchavisionoftheWebwillneverbeachievedunlessmoreenterprisedataismadeinteroperableandavailableandsharedwidely.Enterprisedata–includingbothgovernmentandcorporatedata,butespeciallycorporatedata–issoimportantbecause51oftheworld’s100largesteconomiesarecompanies,and40percentofworldtradeoccurswithincompanies.67Butmostcurrentcorporatedata–millionsofterabytesworth–istrapped.Itisestimatedthatbetween80-85percentofallcorporatedataisnotinteroperableandnotreadilysharable.68
Onemajorreasonforthewidespreadlackofinteroperabilityofcorporatedataisthepersistenceoflegacysystemsorlowlevelsofinformationautomation.Thischallengeexistsnotjustwithinsmallercompaniesanddevelopingcountries.Evenlargecompaniesinwell-establishedindustriesmustcontinuetoupgradeandincreasinglyautomateessentialbusinesssystems.Forexample,anIBMstudyofmaritimecargofoundthatina“typical”globaltrade,35documentschangehands,anddatawithinthosedocumentsisre-enteredsome1,393times.Thisrepetitivedatare-entryandre-keyingaccountsfor78.5percentofalldatafromtradedocuments.69
Achievingintelligentimmunityforglobalmovementsystemsrequirescompaniestoincreasinglyautomatebusinessprocessesandhelpensurethatnewtechnologiesaredesignedtoenhance,notcomplicate,theperformanceoffront-lineemployees.ItalsorequirestheincreasingintegrationofphysicalsecuritymeasuresandlogicalsecuritymeasuresforITsystems.Itwouldrecommendagrowingcoordinationbetweenphysicalandlogicalsecurity,andcallforthegrowingintegrationofthefivetraditionalsecurityfunctionsandthefiveemergingsecurityfunctionsdiscussedinSectionIII,“ApplyingaGlobalMovementManagementframework.”70
IBM Global Business ServicesPage �0
Greateraccesstoenterprisedata–e.g.,manifest,provenanceandchain-of-custodydata;trackingdata;travelandimmigrationdata;andrisk-scoringdata–isthecornerstoneofbuildingintelligentimmunityintocriticaleconomicsystems.Itcanhelpdecisionmakerspredict,identifyandpreventdisruptionsbetter,andreactmorequicklyandwithmoreinformedjudgment.Succeedinginthiseffortwillnotonlyhelpreducethelikelihoodofdisruptionsbutcanalsoallowsystemstobemoreresilient.Byallowingmorenuancedreactionstodisruptions,damagecanbeisolated,unintentionalself-inflicteddamagethatstemsfromoverreactingtoeventscanbesignificantlyreduced,andsystemscanrecovermorequickly.
Forexample,ifabombexplodedinashippingcontainer,havingrobustandsearchabledatacouldallowauthoritiestoquicklydeterminethecontainer’scountryoforigin.Withthatinformation,theglobaltradesystemcouldquicklyisolate,interdictandinspectonlythoseshipmentswithcontainersfromthatcountry.OrimagineaterroristdetonatingatankertruckcontainingchlorineinManhattan.Withoutcomprehensivesystemawareness,alikelyreactionwouldbetooverreactandclosealltunnelsandbridgesandinspectvirtuallyeverytankertruck.Instead,iflocalofficialscouldquicklyquerythedatabasesoftruckingcompaniesandchemicalsuppliers,theymightbeabletodeterminethepreciselocationandestimatedarrivaltimeforteninboundchlorinetrucks.Inthatscenario,theycouldtargettheirinterdictionandpreventtheshutdownofallbridgesandtunnels.Suchsystemwideawarenesswouldallowcompaniesandgovernmentstoisolatedisruptions,preventself-inflicteddamageandpreventindividualeventsfromshuttingdownentiresectors,ashappenedwithU.S.aviationafter9/11.
Macro-level Global Movement Management technology strategyAproliferationofmicroleveldatawillnotbebeneficialandcouldcreateanoverloadofinformationunlessdatacanbefederated/aggregatedandanalyzedatamacroleveltoenablepeopletomakesenseofit.Whenaggregatedandproperlyanalyzed,itbecomeseasiertoidentifyregularpatternsortrendsindataagainstwhichirregularactivityorotheroutlierscanbemorereadilyidentified.Betterandmoreinformationcollectionatthemicrolevel,ifaggregated,analyzedandpresentedwellatthemacrolevel(bothwithinandacrossenterprisesandsectors),canprovideanewlevelofstrategicawarenesswithinandacrosscompaniesandgovernments.Inturn,greaterenterpriseknowledgecanimprovetheabilitytodetect,preventandrespondtodisruptions.Atthesametime,selectivelysharing
IBM Global Business ServicesPage �1
proprietaryinformationcancatalyzeinnovationthroughtheopen-sourcedevelopment–or“peerproduction”–ofnewtechniquestoreduceriskandimprovecommerce.
Achievingthismacroapproachwillrequireovercominganumberofsignificantchallenges:technologyitself(e.g.,costofnewinvestments,persistenceoflegacysystems,compatibilityofdifferentsystems),companyconcernsaboutcompetitiveissuesandliability,andissuesoforganizationalcultureandtrust.
First order benefits: Enterprise visibility and risk management Corporateofficialshave,forsometime,recognizedthepromiseofgreaterenterprisevisibilitytoimprovecorebusinessoperationsandreducefraud.However,theadoptionofmanyofthesetechnologieshasoccurredonlysporadicallysincecompanieswillalwaysviewsuchinvestmentswithinaportfolioofoptions.Notonlymustacompanyhavethecapitaltoinvest,butselectedprojectsmustpresentthemostclear-cutreturnoninvestment(ROI)whencomparedtoalternatives.
Inthemid-to-late1990s,forexample,thetechnologyandtelecommunicationsinvestmentboomsawthecreationofanumberofsatellite-basedasset-trackingsystems.Theyhadlimitedsuccessandadoption,however,owingtoacombinationofcost,performanceandROIissues.71Overtime,continuedtechnologychangehasdriventhecostofsuchsystemsdown.Thegreaterriskoffraudandintentionalattackshasalsoincreasedtheappealofsuchsystems.
Enterprisevisibilityandinformationsharinghavebenefitsatmultiplelevels.Individualcompaniescanclearlybenefitfromtherightinvestmentsinsystemsthatimprovevisibilityandinformationsharingwithintheenterprise.AnexampleofthisistheimplementationofRFIDtrackingtechnologieswithinthesupplychainsofbig-boxretailers.Manycompaniesalsofinditbeneficialtoshareinformationwithcompetitorsinthesameindustry.72AnexampleofthisisthePostalandShippingCoordinationCouncil,whichcomprisesanumberofmajorairfreightshippingcompetitors.
Sharinginformationcanalsoprovidemutualbenefitsforcompaniesandgovernments.Recenteffortshavesoughttoincreasegovernment’saccesstocommercialdatafromglobalmovementsystemsandtoimproveinformation
IBM Global Business ServicesPage ��
sharingbothwithinthegovernmentandbetweenthegovernmentandnon-governmentalstakeholdersregardingcriticalmaritime,aviation,immigrationandothermovementsystems.Manyairfreightcompanieshavemadetrackinginformationwidelyavailabletotheircustomersandsomehaveevenincreasinglyopenedtheirinternationaldatabasestogovernmentofficialsforcounterterrorismpurposes.73Largeplayersinmaritimecargoshippingwillincreasinglyautomatetheirdata,andnascentinitiativesareunderwaytoshareshippinginformationmorebroadly.74Airlinesareusingwatchlistdatafromthefederalgovernmenttoscreenpassengers,andemployersarecheckingemployeesagainstwatchlistsforhiringpurposes.
Second order benefits: Innovation from peer productionWhiletheideaofmakingproprietarycorporatedataavailableontheInternetmakesmanyCEOsandcompanygeneralcounselsnervous,themovecanhavesignificantbenefitsthatfaroutweighanycompetitiverisk.Take,forexamplethecaseofGoldcorp.75ThesmallCanadiangold-miningfirmfacedstrikes,ashrinkingmarket,andhighcosts,anditwasfearedthatthe50-year-oldminehadrundry.Unlessthecompanydiscoverednewdepositsonitsexistingproperty,thecompanywouldnotsurvive.Companygeologistssearchedtheremotestpartsofthemineandfoundevidenceofextensivedeposits,butafterseveralyearsofexploration,thecompanycouldnotfindsufficientnewdepositstokeepthecompanyinbusiness.
Desperate,theGoldcorpCEOtookinspirationfromtheopen-sourcedevelopmentofLinux.Againstthelong-heldassumptionthatcompaniesdon’tjustgiveawayproprietarydata,hepublishedonthecompany’sWebsitenearly50yearsworthofallthecompany’ssurvey,geologicandotherrelevantdataonthe55,000-acreproperty.ThecompanyannouncedtheGoldcorpchallengeinMarch2000,offeringUS$500,000inprizemoneytowhoevercouldusethedataandpointthemtopotentialuntappedreserves.76
Withinweeks,Goldcorpreceivedhundredsofsubmissions,notonlyfromgeologists,butfrommathematicians,militaryofficers,graduatestudentsandconsultants,whoappliedcapabilities–mathematicalmodeling,advancedphysics,computersimulationandvisualization–thatexceededwhatwaspracticedwithintheminingindustry.Contestantsidentified110targetsonGoldcorp’sproperty,
IBM Global Business ServicesPage ��
halfofwhichhadnotbeenidentifiedbythecompany’sownanalysis.Morethan80percentofthenewtargetsyieldedsignificantdeposits,amountingtoeightmillionouncesofnewgoldandcuttingyearsoffexplorationtime.77Thewidespreadavailabilityofinformationtechnologiesgiveseveryonethetoolstocollaborateandcreatevalue.Theopenandmasscollaborationbetweenpeopleandfirmstocreatevalueandinnovationiscalledpeerproduction.78Forfirmsandgovernmentsseekingtopromoteintelligentimmunityinglobalmovementsystems,thepropositionissimple:“Therearealwaysmoresmartpeopleoutsideofyourenterpriseboundariesthanthereareinside…[T]rust-basedrelationshipswithexternalcollaborators…[can]createvaluemoreeffectivelythanhierarchicallyorganizedbusinesses.”79Accordingtoproponentsofpeerproduction,thespeedwithwhichacomplexprojectisperfectedisdirectlyproportionaltothenumberofinformedpeopleworkingonit.80
IfWeb3.0weretoincludetheunlockingofcurrentlytrappedcorporatedata,itwouldunlockthepossibilityofusingpeerproductiontorevolutionizethesecurityofglobalmovementsystems.Notonlywouldmasscollaborationhelpidentifyopportunitiestoimproveefficiencyandreducevulnerability,itcouldalsocatalyzeanactivedevelopercommunity,whichwouldcreatenewtoolsandapplicationstohelpenterprisesbetteranalyze,visualizeandmanagetheircomplexsystems.Empoweringabroadcommunitytolinkto,analyzeandpotentiallypublishtocorporateorgovernmentaldatacouldyieldpowerfulandunexpectedresults.Necessary conditions for Global Movement Management’s technology visionThepublicInternetevolvedfromtheAdvancedResearchProjectsAgencyNetwork(ARPANet),whichbeganasaU.S.DepartmentofDefenseprojectin1962.Whileitestablishedandreliedonasetofcommoncommunicationsprotocols,81itremainedanichenetworkuntilaseriesoftoolsforself-publishingandsearch–e.g.,HTML,HTTP,Webbrowsers–becamewidelyavailableinthe1990s.82TheInternet’sgrowthwasalsoenabledbyabstraction.Anelectricaloutletcanbethoughtofas“abstracted”fromapowerplant:Tousethepowerservice,youonlyneedtoknowwheretheoutletonyourwallisandhaveaplugthatfitsthesocket.ThesameconceptexistsontheInternet:Standardizedandeasy-to-usetoolsandprotocolsmakeitpossibleforaveragepeopleto“plugin”andtakeadvantageofcomplexunderlyingsystems.
IBM Global Business ServicesPage ��
AswiththeshiftfromtheoriginalInternettothecommercialWeb,GlobalMovementManagement’smicro-macroapproachtounlockingandsharinginformationmorewidelywillnotbeviablewithoutcost-effectiveandstandardizedtoolsandprotocols.Thesheervolumeofdata,thepersistenceoflegacysystems,andthesensitivenatureofmuchoftheprivateandcorporatedataintheglobalmovementsystemmeanthatWeb3.0willfacegreaterchallengesthanWeb1.0andWeb2.0.Certainconditionswillbeessentialtocatalyzeandenablethesharingofsensitivedatainordertostrengthenglobalmovementsystems.Theseconditionsmustaddressprivacyconcernsattheindividuallevel,competitiveconcernsatthecompanylevelandclassificationconcernsatthegovernmentallevel.Suchconditionsincludethedevelopmentandstandardizationofrobustprotocols,toolsandservicesfor:
Data harmonization and interoperability
Permissioning, security, anonymization and encryption
Data analysis, modeling and visualization, which allow users to readily see trends,
anomalies and meaning in what would otherwise be incomprehensible aggregated data.
Figure7illustratestheGlobalMovementManagement’smicro-macrotechnologystrategytoaddressmodernriskinglobalmovementsystems.Italsoshowstheprotocols,toolsandservicesthatneedtobecomeincreasinglystandardizedtoenableinformationsharingbetweenpublicandprivatestakeholdersonasignificantscale.
Figure 7. Global Movement Management micro-macro technology vision.
Source: IBM Global Business Services.
•
•
•
Public Data
Knowledge
Restricted Data
Analysis/Modeling/Visualization ServicesAnalysis/Modeling/Visualization Services
Individuals/Companies/Governments
Company A
Company B
Company C
Local Govt
State Govt
National Govt
WHO
WTO
Maritime
Data Chain: Information
Value Chain: Money
Supply Chain: People/Goods/Conveyances
Everyday Use/Peer Production/Innovation
Strategic Awareness (Macro)
Permission to Access
Aggregation Layer
Publish/Permission to Publish
Middleware/DataHarmonization Layer
Enterprise Awareness (Micro)
Data Ownership Layer
Data Source Layer
Individuals
Information
IBM Global Business ServicesPage ��
Data harmonization and interoperability
Enterprises,whethertheyarecompanies,governmentagenciesorcountries,areatdifferentstagesoftechnologyadoption.Theyhavedeployedvirtuallyeveryconceivabletypeofsystem:paper-basedsystems,homegrownproprietarysystems,fullyopen-sourcesoftwaresystems,andsystemsoutsourcedtothird-partyvendors.Giventherangeofdeployedtechnologiesandsystems,manyenterprisessufferfromhiddenormissingdata,ordatathatisstoredinahighlyprotectedproprietaryformat,stuckonpaperorthatsimplyisnotrecorded.Toenableadiverserangeofenterprisestoeffectivelyshareinformationatscale,theywillneedwidelyavailableandaffordabletoolsandservicestoharmonizetheirdata,publishitmorebroadlyandmakeitinteroperable.
Attheleast,companiesneedtogettheirownhousesinorderbeforetheirdatacanbeusefultoothers.Forsomecompanies,thiscouldmeanredesigningdatabaseswithbettermetadatataggingthroughtheuseofnewdatastandards(e.g.,XMLorExtensibleBusinessReportingLanguage[XBRL]).Forothercompanies,itcouldmeanstayingwithlegacysystemsbutdeployingmiddlewareorservice-orientedarchitectures(SOAs)totranslateandharmonizetheirdata,makingitmorebroadlycompatiblewithdatafromothersources.Companieswitholderormoremanuallybasedprocesses,andevenpaper-basedrecordkeeping,couldutilizethird-partyprovidersofservicestokeyorscandataintoelectronicformatandaddmoreautomationtotheirsystemsovertime.Thispotentiallywouldenabletoday’sunder-automatedcompaniesaswellasentiremarketsectorstomaketheleaptohavingandbeingabletouseinteroperabledata.
However,greaterautomationwithinenterpriseswillnotsolvethechallengeofdatainteroperability.Norisitpossibletosimplymandatethateveryoneadoptasingledatabaseformat.Onecommonapproachtoharmonizingdataacrossenterprisesistowritesoftwareprogramsthattranslatebetweenindividualdatabases.Whilepracticalwhendealingwithonlyafewdatabases,suchanapproachquicklybecomesimpracticalasthenumberofdatasetsgrows.Forexample,ifeveryhospitalonasharednetworkuseditsowndatabasescheme,thenumberofdataschemesthateachhospitalwouldhavetocoordinatewouldbecomeunmanageablylarge.AsdepictedinFigure8,asthenumberofdatabasesgoesuplinearly,thenumberofpotentialconnections(anytwo)increasesexponentially.83
IBM Global Business ServicesPage ��
Figure 8. The coordination challenge for multiple databases.
Source: IBM Global Business Services.
Another,moreefficientapproachtodatainteroperabilitywouldbetosearchforthecommonelementsthatexistevenbetweenthemostdisparatedatasets.Forexample,withinagiveneconomicsector–suchasbanking,retail,andmedical–thereisalwayssomenaturaloverlapbetweenthedatausedbydifferententerprises.Focusingonthesecommonalitiesandoverlapscanprovidethecoreofasolutionforharmonizingdisparatedatasets.
Inthe1990s,forexample,amajorrealestateandtravelconglomerateneededtofindawaytobettermanagecustomersacrosstherangeofitsproperties,manyofwhichithadrecentlyacquired.Ifsomeonerentedacarfromtheirrentalcardivisionandstayedatoneoftheirhotels,thecompanywantedtobeabletoofferbetterserviceandreducefraud.Anyindividualtraveleronatripcreatedthesameinformation–e.g.,name,address,phonenumber,paymentmethod,traveldates–fortransactionswithhotels,carrentalcompaniesandothertravelproperties.Whiletherewerelogicaloverlapsinthedatawithintheconglomerate’sproperties,eachdivisionhadtheirownseparatetechnologysystems.Bybuildingaseriesoffilterstopullcommondataoutofnon-conformingdatabases,thecompany,forthefirsttime,wasabletorapidlyobtainaunifiedviewofasinglecustomeracrossmultipleproperties.Withaunifiedviewofthecustomer,theywereabletoprovidebettercustomerserviceandbuildamorecohesivetechnologyarchitectureovertime.
Hospital A
Hospital B
Hospital C
Hospital D
Hospital E
Hospital F
Hospital G
Hospital H
IBM Global Business ServicesPage ��
ThisapproachtodataharmonizationisconsistentwithGlobalMovementManagement’scoreprinciples:Whileallcriticalflowshaveuniquecharacteristicsandaretechnicallycomplex,atthemostbasiclevel,allflowsaremorealikethantheyaredifferentandcanbeanalyzedwithinacommonframework.GlobalMovementManagement’sapproachtoharmonizingandcoordinatingdifferentdatabasesissimilar:
Focus on the common elements as the core of the solution for better information
sharing.
Choose solutions that leverage legacy technologies by creating interoperability
among them rather than seeking to replace legacy technologies outright with
new systems.
Take incremental steps toward information sharing instead of “big bang”
approaches to encourage user buy-in, engender user trust, and significantly
reduce disruptions to existing workflows and organizational cultures.
Anothertechniquetomakedatainteroperableisthroughmetadatatagging.Metadataisasmallsetofdatathatdescribesanotherlargersetofdata.84Metadatataggingprovidesanadditionallayerofabstractionthatallowsnewmeaningtobegiventounderlyingdata.Forexample,financialauthoritiesaroundtheworldareincreasinglyrequiringcompaniestostandardizetheirfinancialreportingusingXBRL.85XBRLprovidesautomaticmetadatatagsforunderlyingdata,makinglargevolumesofdatahighlyinteroperableandmakingitmucheasiertoautomatedatasearches,queriesandotheranalyses.86
Permissioning, security, anonymization and encryption
Thewidespreadsharingofcorporatedatatoimprovetheintelligentimmunityofglobalmovementsystemsraisesanumberofdatasensitivityissues:privacyissuesforindividuals,proprietaryorcompetitiveissuesforfirms,andsensitivenationalsecurityorlawenforcementissuesforgovernmentalauthorities.Manyoftheinitiativestoshareinformationbetweengovernmentauthoritiesandtheprivatesector,particularlyintheareaofhomelandsecurity,haveencounteredproblems,inpart,becausethereisalowlevelofconfidenceintheprivacyprotectionsbuiltintosuchprograms.Thereareveryfewbestpracticesorwidelyacceptedstandardsinplaceforprotectingdatawhileitisinstorageortransport.Therearefew,ifany,bestpracticesorcommonlyacceptedstandardstogovernthesharingofprivatesectordatawiththegovernmentforhomelandsecurityandcounterterrorism.Thus,thereisalowlevelofconfidenceinhowgovernment
•
•
•
IBM Global Business ServicesPage ��
officialsusecommercialdataforhomelandsecurityandcounterterrorism,alowlevelofconfidenceinredresssystemsandmeasuresifmistakesaremade,andahighlevelofconcernovertheprotectionofindividualprivacyrightswhenitcomestothesharingofcommercialandgovernmentdata.
Toovercometheseissues,acomprehensiveregimeofidentity,permissioning,security,anonymizationandencryptionneedstobeestablished.Theprotocols,toolsandservicesfortheselectivepublication,accesstoandviewingofdataneedtobestandardized,widelyavailable,reliableandeasytouse.Technologiesandservicesthatallowenterprisestosetuprobustbuteasy-to-usepermissioningandbackedupbystrongidentityandcredentialingtechnologies87wouldsignificantlyaddressmanyoftheconcernsthatcurrentlyimpedeinformationsharing.Dataaccesscouldtakeseveralforms.Itcouldbe:
Mediated bilaterally between two entities that want to use data for sharing or
collaborating
Based on group, industry or sector membership (e.g., “chemical manufacturers”
or “airlines”)
Based on functions (e.g., “financial analyst,” “customs”)
Open, but safe-guarded through aggregation. For instance, cell phone companies
can generate traffic congestion maps based on aggregated data on cell phone
usage. Someone could observe the traffic information without having the ability
to drill down into the phone records of an individual customer.
Open, as in the case of Goldcorp’s methods described earlier.
Controllingwhoisallowedtoaccesswhatdatainwhichenterpriseorinwhichsharedcommunityspacewillbekeytobuildingtrustinthesystem.Someusersmayhaveview-onlyaccesstoonecompany’sdatabase,whileothersmighthavefullread/writeaccesstoarangeofenterprises.Permissioningenablesenterpriseandindividualstosharedataandservices,allinadynamicmanner.Permissionscanbeturnedonandoffasthesituationdemandsoropportunityarises.Thekindofwidespreadinformationsharingacrosscompanies,governmentsandindividualsenvisionedbyGlobalMovementManagementcouldbethoughtofasanopenlyaccessiblenetworkofmanysemi-closednetworks.Tobesure,somedatawillbeopenlyvisibleoravailable,butmuchofitwillrequirepermissionsinordertodrilldownandseemoredetaileddataortoseedataatall.Web3.0forglobalmovementsystemswillcompriseacommoncommunityliketheWeb,butpermissionswillbeneededtoexploremanypartsoftheneighborhood.
•
•
•
•
•
IBM Global Business ServicesPage ��
Additionallayersofsecuritywillalsobeessential.Forexample,basicencryptionofdatashouldbecomestandardpracticeforanysensitivedata,bothwhenitisstoredandwhenitistransported.Encryptionwouldmeanthatifinformationisstolen,lostorobtainedbyunauthorizedusers,itisunreadable.
Aparticulartypeofencryption,anonymization,isofparticularinterest.Anonymizationallowsinformationtoberenderedunreadablebyhumanswhileitcontinuestobereadableandabletobeanalyzedbymachines.88Thisallowsorganizationstoshare,analyzeandcomparesensitiveinformationmoreeasilywhileallowingorganizationstomaintaincustodyoftheirdataandhelpensuresecurity.
Asanexample,saythatpublichealthofficialshaveconcernsaboutanewhighlyinfectiousstrainofacommondisease.Publicofficialsmightwanttoexaminetensofthousandsofhospitalandhealthinsurancerecordstoseeiftheycanidentifypotentialcasesofthediseasethatwentunidentified.Privatedoctorswouldbechallengedtotakethetimetolookthroughthefilesthemselves,buttheywouldalsobereluctanttohandoverpatientrecordstopublicofficialsforanalysis,citingprivacyconcerns.Ifthehealthrecordswereautomatedandelectronicallyavailable,anonymizationtoolscouldconvertthefilesfrom“cleartext”(e.g.,humanreadable)toacodedformwherepatientnamesandotheridentifyinginformationwouldnotbevisible.Thatway,doctorscouldprovidethedatatonationalofficialswithoutworriesthatpatientprivacymightbecompromised.Ifnationalofficialsfoundsymptommatches,onlythenwouldtheybeallowedtoinquireaboutanddecodetheactualpatientinformation,basedonhavingtherightpermissions.
Currentlythereisnowidelyacceptedorstandardizedconceptofoperations(CONOPS)forprivacyprotectionandsharingsensitivedata.ByprovidingaCONOPSforpervasivesecurityandpermissioningaswellascreatingthestandardsandservicestoeasilyenablesecurityandpermissioning,GlobalMovementManagement’stechnologyvisioncouldgofartoaddressmanyoftheprivacyissuesfacedbygovernmentsandcompanieswhentheyaggregateanduseprivatedata.
IBM Global Business ServicesPage �0
GlobalMovementManagement’smicro-macroapproachtotechnologyandinformationsharingcouldhelpmakewidelyavailablethenecessarytoolsandservicesfortherobustpermissioning,encryptionandanonymizationofsensitivedata.Itcouldhelpdrivestandardsthatmakesensitivedatamoreprotectedinstorageandtransport,anditcouldprovidearobustCONOPSforthesharingofsensitivedatabetweenthepublicandprivatesectors.Itcouldalsoincreaseconfidenceinprivacyprotectionsandallayfearsaboutdataandidentitytheft.Itcouldencouragecompaniestomakedatamoresecureasanormalandeverydaybusinesspractice.Datawillbeanonymized,encryptedorpermissionedsothatifitislostorstolen,itisnot“cleartext”datathatcanbeusedormisusedbyanyonewhoendsupwithit.
Tomakeallofthispossible,aCONOPSforgovernmentuseofcommercialdataneedstobuildprivacyprotectionsintothearchitectureofinformationsharing.Permissioning,anonymizationandencryptionneedtobebuiltintocriticallayersandstagesofanyinformationsharingprocessesandrelationships.GlobalMovementManagement’stechnologystrategycouldgofartoincreasetheconfidenceofthemembersoftheprivacypolicycommunityandcitizensconcernedwithprivacyissues.Thestandardizationandwidespreadadoptionoftoolsandservicesforpermissioning,anonymizationandencryptioncouldhelpremoveamajorroadblocktogreatercooperationonsecurityrelatedinformation-sharingeffortsbetweenthepublicandprivatesectors.Oneplacetostartcouldbetoconveneasummitbetweenprivacyadvocates,enterprisesthatsharecommercialandconsumerdatawithgovernments,andgovernmentofficialstobegintoagreeontheperformancerequirementsofacomprehensivepermissioningandprivacyregime.Inaddition,pilotprogramsshouldexperimentwithvarioustechnologiesandidentifyandpromotebestpracticeslearnedfromsuchprograms.SuchinitiativesarediscussedinChapterVI,“Governance:Acoordinatedapproach.”
Data analysis, modeling and visualization
Thereisanenormousdifferencebetweendataandknowledge.Take,forexampleamap,whichprovidesarobustgraphicalinterfacebetweenthemap’suserandacomplexarrayofunderlyingdata.Ifsomeonereplacedthemapwiththehundredsofprintedpagesofalltheunderlyinglongitudinal,latitudinal,topographicandotherdatarepresentedinthemap,itwouldbevirtuallyuselesseventhoughitcontainedallofthedata.Thesameholdstrueforcorporatedata.Ifitisnot
IBM Global Business ServicesPage �1
effectivelyrepresentedwithrobustvisualizationtoolsanduserinterfaces,itquicklylosesitsvalue.89Analyticalandvisualizationtoolsallowuserstoreadilyseetrends,anomaliesandmeaninginwhatwouldotherwisebeincomprehensibledata.Goodgraphicdesigncoupledwithrobustanalyticaltoolsandcompellingvisualizationcanhelpdistillanotherwiseoverwhelmingvolumeoffacts,figuresandideasintheshortesttimewiththeleast“ink”inthesmallestspace.90
IntheGlobalMovementManagementvisionofWeb3.0,enterpriseswillneedtobeabletoaggregatedataandvisualizehowgoodsandinformationmovethroughsystems.Newuserinterfacesandenterprisedashboardswillenabledataanalysisandfasteranomalydetection.Havingreliableaccesstodatareducesfrictioninindustriesandenablesnewbusinessmodelstobecreated.Robustanalyticalandvisualizationtoolswillenhancepeople’sabilitytoforecastandpredictmarkets,informationflowsandanomaliesandwillhelpenablethemtotakeactionwhenalertedtoanomaliesordisruptions.
Datathatismorewidelyavailable,interoperableandbetteraggregatedcanenableowners,operatorsandmanagersofglobalmovementsystemstobuildcomputervisualizationsandcomputer-basedmodelstorepresentandsimulatethecomplexoperationsoftheirphysicalsystemsandbusinessprocesses.Withsuchtools,managersandemployeeswillhavegreatervisibilityandawarenessoftheirenterprise’soperations,whichwillallowthemtoidentifyopportunitiesforimprovementandareasforrisk.
Visualizationtoolswillallowdecisionmakingthatisbetterinformedandmoretimely.Simulationmodelscanallowdecisionmakerstoimproveperformanceandoptimizebusinessprocessesbytestingchanges,newinitiativesandalternativescenarioswithinavirtualenvironmentwithoutincurringthecostofexperimentingwithactualchangesinrealworldsystems.Agent-basedmodelscanhelppredicthowpolicyorprocesschangeswillaffecttheperformanceofcomplexsystemswithmultiplestakeholdersbasedonhowindividualstakeholdersreactandbehaveunderchangedconditions.Finally,simulationandmodelingenvironmentscanbeusedtoproviderobusttrainingandhuman-capitaldevelopmentopportunitieswhileminimizingthecostanddisruptionoftakinglineemployeesoffsiteforclassroomtrainingortabletopexercises.
IBM Global Business ServicesPage ��
How will greater information sharing for global movement systems happen?Dramaticallyimprovedinformationsharingforglobalmovementsystemswillnotoccurwithoutthewideavailabilityandeventualstandardizationofthenecessaryprotocolsandtechnologieswehavediscussed.Yetnosinglecompanyorgovernmentcanensurethatthesetechnologiesaredeveloped,adoptedandstandardized.Technologytoolsandserviceswillneedtobedeveloped,andstandardsandprotocolsneedtobeestablished;thenthetechnologiesneedtobeadoptedincrementallyincompanies,economicsectorsandgovernments.AswiththeevolutionoftheInternetandtheWeb,pocketsofinnovationandadoptionwillhavetodevelop,andsuccesswillresultfromacollectionofinitiatives,innovation,successesandfailureswithindifferentsectors.Sometechnologiesmaybedevelopedbyentrepreneursandadoptedsimplytoimprovebusinessperformance.Technologyadoptionalsocanfindsupportingovernmentrequirementsandpilotprograms.Inaddition,technologyadoptionmightoccurinresponsetoaspecificeventordisruptionwithinanindividualindustry.
Greaterinformationsharingforglobalmovementsystemswillnotcomeaboutastheresultoftheintentionaldesignofacentralauthority.Rather,itwilloccurasthegrowthoftheInternetdid–bytheself-interestedactionsofindividualsandsectors.Itwilloccurastheresultofsuccessfuldistributedpockets,or“inkspots,”ofsuccess,anditwillgrowasthesepocketsareincreasinglylinkedtogether.
Thedevelopmentofsuchtechnologiesdependsonsupportfrominvestorsandcompanies,andtheirimplementationdependsonsupportfromcustomers.Thebroad-basedmarketopportunityrelatedtothisvisionofWeb3.0toimproveglobalmovementsystemsissignificant.
Forexample,whilethemarkethashadlimitedsuccessinthepastwithpromotingmorewidespreadinformationsharingviaassettracking,threethingssuggestthatthenextwaveoftrackingtechnologieswillbemoresuccessful:
Pervasive security concerns after 9/11
The success of big-box retailers that use comprehensive asset tracking
The continued decline in costs for data storage and bandwidth.
Thedesktopsecuritysoftwaremarketcouldlooksmallcomparedtoatoolsandservicesmarkettosupportenterprise-classpermissioning,anonymizationandencryptionofcurrentlytrappedcorporatedata.Indeed,theprivatesectorcould
•
•
•
IBM Global Business ServicesPage ��
createamarketforlarge-scaledatainteroperability,dataaggregationservicesandanalysis,visualization,andmodelingtools.
Inthepast,suchtechnologieswouldlikelyhavebeenbuiltascustomapplicationsforindividualclients.Today,however,enterprisesdonotneedtoreplaceexistingsystemsorinvestincompletelynewsystemssincetechnologyisincreasinglyavailableasmiddlewareandservices(seeFigure9).
Figure 9. Technology as services.
Source: IBM Global Business Services.
Traditionally,criticalenterprisefunctionswereperformedinthe“backoffice”bywhatwerehighlyproprietarytechnologysystemsthatwerenotintended,norreadilycapableof,communicatingwiththesystemsofotherofficesorotherorganizations.Overtime,softwarevendorsbegantorealizethatcertainfunctionsdidnothavetobebuiltfromscratchforeachindividualclient.Thatis,componentsperformingcertainfunctions–e.g.,billing,benefits,payroll–couldbetreatedascommoditycomponentsthatcould,withslightmodifications,bereusedoverandoveragainfordifferentclients.Deployingsuchapplicationswithinaparticularformwouldoftenrequiretheseapplicationstotalktopre-existingdatabases.Middlewarecouldactasa“translatorbox”betweenadatabaseandauser,translatingthesourcedataintoaformthatcanbeunderstoodbyanotherapplicationorbyauser.Companiesandgovernmentshavebeengraduallyupdatingtheirsystemsanddeployingmiddlewaretotransitiongraduallyfromlegacysystems.
Busi
ness
Val
ue
Time
Service OrientedArchitecture
Component BasedArchitecture
Monolithic Architecture
Monolithic Architecture (Tightly Coupled, Application Silos)
Application Siloswith Components(Tightly Coupledand Limited Reuse)
Service Oriented BusinessApplication (LooselyCoupled, BusinessServices as Assets)
IBM Global Business ServicesPage ��
Moreandmoreenterprisesalsoareshiftingfrombuyingexpensivehardwareandsoftwaretothemorecost-effectivepracticeofbuyingtechnologiesason-demandservices.Suchservicesincludestoragecapacity,processingpower,applicationtechnologies,operatingsystems,security,accesscontrolandbackup,onaremoteandoutsourcedbasis.
SOAprovidesacommonwaytoaccessservices.Forexample,SOAisawayofdesigningsystemsthatcanbereconfiguredeasily,arefasttoadapt,canbecost-effectiveandcanleveragepreviousinvestmentsinlegacysystems.Servicesshouldbethoughtofasreusablecomponentsthatrepresentindividualbusinesstasksthat,whenchainedtogether,createasinglebusinessprocess(e.g.,billing,credentialing).Servicesarchitecturesworkbecausetheybuildreusablefunctionsthatcanbedeployedregardlessofexistinglegacyarchitectures.
Final thoughts Collaborationandcooperationbetweenpublicandprivateinterestsarecriticaltoachievingintelligentimmunityinglobalmovementsystemstohelpmakethemmoreresistanttoman-madeandnaturaldisruptions.Tofosterthisambitiousbutcriticallyimportantundertaking,GlobalMovementManagementcallsforastrategicapproachtotechnologythatunlocksmicroinformationthatisownedbyindividualsandtrappedwithincompanies.
TheGlobalMovementManagement’stechnologystrategyalsocallsforamacroapproachthatgivesstakeholdersinglobalmovementsystemstheconfidencetoconnect,collaborateandshareevensensitiveinformationatscale.Thatsharingwillonlyoccurwhenprotocols,toolsandservicesthatprotectsensitiveinformation,buildtrust,andallowrobustanalysisandvisualizationoffederateddatabecomestandardized,cost-effectiveandwidelyavailable.Whenthatoccurs,peerproductioncandriveanewwaveofinnovationtoimprovetheperformance,securityandresilienceofmanyofthecriticalsystemsthatbothsupportandmaintainsocietiesaswellasdrivetheglobaleconomy.
IBM Global Business ServicesPage ��
VI. Governance: A coordinated approach
Today’scomplexwebofglobalmovementsystemslacksacoordinatedgovernancemechanismtoaddressnetworkedrisktoglobalmovementsystems.Governanceisthecollectionofinstitutions,rules,standards,norms,decision-rights,practicesandprocessesthatadminister,coordinateand/ordirectactivitywithinasystemorenterprise.IntermsofIBM’sGlobalMovementManagementinitiative,governanceisthemeansbywhichadiverseandinterdependentcommunityofglobalstakeholderspursuesimprovementstotheperformanceofglobalmovementsystems.
Bridgingthecurrentgovernancegapinglobalmovementsystemsrequiresthatparticipantsintheglobalmovementsystemsembraceamorecomprehensivesetoffactorstounderstandtheactualrisks,costsandbenefitsthataccruetoanorganizationinanetworkedenvironment.Ourresearchshowsthatsimilarchallengeshavebeenmetbeforebyeffectiveorganizationsintheinternationalcommunitythatcanserveasamodelforestablishinganewgovernanceframeworkforintelligentimmunitywhileleveraginganumberofexistinginternationalorganizations.
Establishing a new global movement systems organization to improve coordinationSimilartohowtheNorthAtlanticTreatyOrganization(NATO)wascreatedandexpandedasanalliancebetweencountriestoimprovemilitarycooperationandsecurity,andtheGeneralAgreementonTariffsandTrade(GATT)andtheWorldTradeOrganization(WTO)werecreatedtoadvancetradeliberalization,theinternationalcommunitywouldbenefitfromaneworganizationtoimprovetheperformanceandriskmanagementofglobalmovementsystems.Therefore,weproposethataGlobalMovementManagementOrganization(GMMO)beestablished.AnewGMMOwouldhelptheinternationalcommunitytodevelopnewsystemsofsecurity,trust,organizationalcultureandskills,andtobuildgovernancestructurestoimprovethemanagementofglobalmovementandglobalintegration.
Todaythereare7,350internationalgovernmentalorganizationsand51,509internationalnon-governmentalorganizations.92Theseorganizationscarryoutarangeoffunctionsintheareasofsecurity,theenvironment,theeconomyandhumanwelfare(seeFigure10).93Tohelpvisualizetheexistinggovernancegap,
IBM Global Business ServicesPage ��
noticehowSecurityandTradeareatoppositecornersinthefollowingfigure.Nosingleorganizationhasasitsmissionthegoalofstrengtheningtheglobalmovementsystemtoserveagreatersetofstakeholdersandtheirlegitimateinterestsintradefacilitation,securityandresilience.
Figure 10. Few international governmental and non-governmental organizations address global risk as it is today.
Note: See the Acronyms section for names of the organizations represented in the figure.
Source: Adapted from Koenig-Archibugi, Mathias, “Mapping Global Governance,” Governing Globalization: Power, Authority, and Global Governance, Blackwell Publishing, 2002.
Governanceeffortstoimprovecommerceandbettermanageglobalriskshouldfocusonachievingthreemaingoals:
Promote activities that align security and resilience with commercial imperatives
in global movement systems.
Improve international cooperation and harmonization among public and private
stakeholders to strengthen global movement systems.
Integrate security and resilience with a deliberate effort to connect traditional and
emerging security functions globally and enfranchise Tier 3 economic entities.
•
•
•
SecurityOutside the UN system
GreenpeaceGESAMP
WWFFOE ICSU IUCN
IWC
WMOUNEP
UN specialized agenciesIAEA
UN programs
ISA ITLOS ISO ITTO
Main UNorgans
General AssemblySecretary General
International Court of Justice
SecurityCouncil
ECOSOC
OPCECTBTO
WA
InternationalCriminal Court
GICHDICBL
ICRCIOM
INTERPOL
AIHRW
UNESCO
WHO
UNHCR OHCHR UNICEF UNDCP UNFPA WFP
UNCTADUNDP
IMOICAOIMF
WIPOITU
UPUUNIDO
ILO World Bank Group IFAD FAOI
ICFTU
GFW
OxfamSave the Children
IWHC MSFIOC
OMTICANN
WTOCCC ICCIFPMA
IASB BCBSIAIS IOSCO FATF
ICS IATA CMI INTELSAT
ICCA
Environment
Human Welfare Trade
IBM Global Business ServicesPage ��
Morespecifically,theGMMOandsimilareffortsbyotherexistingorganizationswouldcontributetoasetofmeasurablegoalsnotcurrentlyaddressedbythearrayofentitiesshowninFigure10.Governanceforglobalmovementsystemsalsoappliesexistingpracticesinnewways.Forexample,systemperformancewouldbeimprovedthroughabalancedsetofmeasurestoenableaccountabilityandtoreportperformancemoreeffectively.StrategicobjectivesofaninternationalGlobalMovementManagementgovernanceregimecouldinclude:
Increasing the efficiency of the global trade and travel system by X percent in five years
Increasing the quality of anomaly detection by X percent in five years
Improving global chokepoint resilience
Decreasing the global risk of man-made events by X percent to help lower
insurance premiums and other associated costs.
Totalqualitymanagementsuggests“thatwhichismeasuredalsoimproves.”Thesameprincipleappliesintheareaofgovernanceandsystemperformanceinintelligentimmunity.Whatismeasured,however,mattersasmuchasthatsomethingismeasuredatall.Forexample,whileawiderangeofsecurityeffortsandprogramshavebeenimplementedsince9/11,performancecanbedifficulttodefine.Thechallengeofmanagingandmakinguseofinformationisanareathatholdspromiseandwouldbenefitfromamoreconstructivegovernanceframeworktomeasurehowthisisaccomplished.Incaseswheresecurityinitiativeshaveclearcommercialbenefits,measurementscanofteninvolvetraditionalbusinessmetricslikeoperationalefficiencyorrevenueorprofitincreasesthatresultfromthemeasurestaken.Inothercases,investmentsandchangeswillhavea“costavoidance”benefitthatmaybedifficulttomeasureandshouldthereforebetreateddifferently.AsMIT’sYossiSheffiexplains,“Costsavoideddonotshowuponanyfinancialstatement,orinanyincentivesystem,andcostsincurred[forsecurityoutlays]arevisible…Howdoyouputavalueonavoidingaproblemthatyoudon’thavebecauseyouspentmoneytoavoidit?”94
TheGMMOcouldworkwithotherinternationalorganizations,donorgovernmentsandcompaniestoaddressthe“digitaldivide”betweentheglobalmovementsystemsofTier1andTier3countriesaspartofsupportingtheproposalsfordramaticallyimprovedinformationsharingsetforthinSectionV.Beyondprovidingindividualswithcomputers,aninternationalgovernanceorganizationcouldfacilitateandsupporttheprovisionoftechnologytoTier3companiesandgovernmentssotheycanbetterautomatetransactionsand
•
•
•
•
IBM Global Business ServicesPage ��
informationtomorefullyparticipateinglobalcommercialflows.ThiscouldbemodeledoneffortscurrentlyunderwaybytheUnitedNationsFoundationhealthdatasystemsprogram,whichisworkinginpartnershipwithamajorcellphoneproviderandmobilenetworkoperatortousehandheld,opensourcesoftwaretodigitizedevelopingcountries’publichealthinformation.95
TheGMMOalsocouldconsiderprovidingfee-basedservicestobothTier1andTier3countries.Forexample,smallercompaniesandthecustomsorganizationsofdevelopingcountriescouldpaytheorganizationamodestfeetomigrateinformationfromtheirnon-automatedorpoorlyautomatedsystemsintoaninteroperableandshareableform.ProvidingsuchaservicewouldallowTier3playerstobecomemoreequalparticipantsinthedata-sharingactivitiesofTier1companiesandcountries.96TheGMMOmightalsoprovidefee-basedanalysisandstorageofdata,processingcapacity,orvisualizationtoolsandservicesforgovernmentsandcompaniesofallsizes.TheendresultwouldbethatTier1participantsareabletointeractmoreeffectivelywithTier2and3participantstomutualbenefit.
Governance models
Asurveyofpopulartypesofgovernanceorganizationsthathavemanagedsimilarlychallengingnetworksrevealsfourprimarygovernancemodels(seeFigure11).Theseoptionsmaybeusedincombinationwithothersorusedatdifferentstagesofthedevelopmentofagovernancefunctionforimprovingtheperformanceofglobalmovementsystems.
Figure 11. Four primary governance models for global movement systems.
Source: IBM Global Business Services.
Technology Architecture
Strategic Human Capital
Governance
• Dominant participant(s) act based on best practice that delivers both efficiencies and security/resilience to mandate or incentivize compliance by others in the network
• Legitimate authority extends rules to participants in the network with a degree of accountability.
• Equally distributed authority, shared risks and advantages, ceding of some sovereignty. This approach typically emerges in relatively nascent relationships and networks without clear or decisive advantages among any single or few participants.
• Legitimacy based strongly on accountability and decentralized decision making.
• Third party entity – usually concerned first with a public good – comprised of participant representatives with weighted or consensus-based decision-making.
• Legitimacy is established early, but functioning governance mechanisms evolve slowly with inconsistent membership across the network.
• Collaborative environment of participants that include both public and private sector and multiple international organizations. Shared interest of public good and private sector benefits typically stimulate this approach.
• Legitimacy established and confirmed through self selected participation and distributed authorities
Prime Mover
Bottom-Up
NGO/IGO/IO
Hybrid
IBM Global Business ServicesPage ��
Adual-trackapproachtobridgingthegovernancegapinvolvesbothleveragingexistingorganizationsandcreatingnewoneswherenecessary.Wediscussoptionsforleveragingexistingorganizationslaterinthissection.AsforcreatinganewgovernanceregimeforGlobalMovementManagement,webelievethatsuchanentitycanbemodeledafterkeyelementsintwoexistingentities:theInternetCorporationforAssignedNamesandNumbers(ICANN)andthePortStateControlframework.
ICANN
ICANNprovidesgovernancefortheInternet.Likethegovernancechallengeposedbyglobalmovementsystems,theestablishmentofICANNrepresentedaprocessbywhichabroadcommunityofpublicandprivatestakeholdersworkedtogethertodesignalastinggovernanceframework.ICANNhasbeenflexibleenoughtoevolvewiththecommercial,societalandlegalchallengesandyetdurableenoughtobevaluableattheinternationallevelwheredifferentculturesandlegalsystemsrequireasimpleandconsistentmeansofinteroperatingwithoutimposingunwantedchangestoexistingcustomsandvalues.
AstheauthorityresponsibleforassigningnamesandcoordinatesasuniqueidentifiersontheInternet,includingdomainnamesandIPaddresses,ICANNwasessentialtotheInternet’ssuccess.Todayitismanagedbyaninternationalboardofdirectorsdrawnfromarangeoftechnical,business,academicandnon-commercialcommunities.Thenon-proprietaryand“open”natureoftheInternetprotocolsencouragesvendorinteroperability,andthelackofcentralcontrolallowsthenetworktogroworganically.BecausetheInternetisadistributednetworkofvoluntarilyinterconnectednetworks,itsgovernancemechanismsarenon-invasive,distributedandlargelyguidedbymarket-drivenstandardsandprotocols.
ICANNisaU.S.-sanctioned,private-sector-ledbodycreatedin1998tomanageanumberofkeyaspectsoftherapidlygrowingInternet.InternetgovernancehadoriginallybeenmanagedbytheU.S.militaryandNationalScienceFoundation,withinputfromarangeofpublicandprivatestakeholders.TheWorldWideWebexperiencedexplosivegrowthinthelate1990s,makingtheInternetarevolutionarynewmass-marketcommunicationsmediumandcommercialengine.Withthisunexpectedandsharpgrowthinuseandpurpose,itbecameclearthatmanagingthissystemwithatop-downmandatefromtheU.S.governmentwouldnolongersuffice.
IBM Global Business ServicesPage �0
ByacknowledgingthattheInternetwasbecoming“aninternationalmediumforcommerce,educationandcommunication”andthatthe“traditionalmeansoforganizingitstechnicalfunctionsneed[ed]toevolveaswell,”agovernancemodelwasproposed.97Byissuingaframeworkdocumentandtaskinganexecutivebranchagency(theU.S.DepartmentofCommerce)withfacilitatingpubliccommentandstakeholderinput,ICANNbegantoemerge.98Recognizingtheneedforanewgovernanceregime,theDepartmentofCommerceinvitedtheInternet’swiderangeofstakeholderstodevelopanacceptablegovernancestructurefromscratch.Thefirstofthe“Internetconstitutionalconventions,”whichwereorganizedbytheInternationalForumontheWhitePaper(IFWP),washeldin1998inReston,Virginia.SimilarmeetingsfollowedaroundtheglobetocontributetothedesignofanewInternetgovernancebody.Thisapproachwastakenbecause“theInternet’sstructurewassodistributed,andtheorganizationsthatbuiltitweresodiverseandsoinformal,however,thatnosinglegroup,noteventheU.S.government,possessedthelegitimacyandauthoritytopullittogetheronitsown.”99
Inthisway,ICANNrepresentsaprecedent.TheU.S.governmentdelegatedto,yetstillultimatelycontrolled,aquasi-privategovernanceregimeoveracriticalsystemwithmyriaddisparatestakeholders.100
Port State Control framework
ThePortStateControlframeworkistheresultofcollaborationamongseveralcountriesandtheinternationalprivatesectortosetandupholdstandardsforthesafetyandsecurityofglobalshipping.ThegovernancemodeldevelopedforPortStateControlprovidesausefulexampleofmanagingprivatedatainahighlycompetitiveenvironmentthatconcernsseveralpublicsectorinterests.Inadditiontocodifyingsafetystandards,thePortStateControlgovernanceframeworkdistributesresponsibilityformanagingprotocolsandprocessesthroughauthoritiesappliedacrossthemaritimedomain.
In1978,anumberofmaritimeauthoritiesinWesternEuropesignedontotheHagueMemorandumfortheenforcementofshipboardlivingandworkingconditions.101AmassiveoilspillinMarch1978offthecoastofFranceoccurredjustastheMemorandumwastogointoeffect.Internationalpoliticalpressuredemandingthatregulationsalsoapplytothesafetyofshippingquicklyfollowed.
IBM Global Business ServicesPage �1
TheParisMemorandumofUnderstanding(MOU)onPortStateControlwastheresult.ThenewMOUcreatedagovernanceframeworktoenablemembercountriesandtheprivatelyownedshipsflyingtheirflagtogoverncompliancewitharangeofagreed-uponinternationalstatutesaimedatsecurity,safetyandtradefacilitationinglobalmaritimetrade.TheMOUfunctionsonthebasisofseveraloperationalandadministrativeprinciplesthatalignmemberstates’regulationsandacceptedprotocolswithcommonpractices.
TheMOUwasadoptedinJanuary1982by14Europeancountries,andwentintoeffectonJuly1,1982.102Today,theParisMOUregionincludestheEuropeancoastalstatesandthecoastalstatesoftheNorthAtlanticbasinfromNorthAmericatoEurope.103PortStateControliscarriedoutbyaPortStateControlOfficer(PSCO).ThePSCOisatrainedindividual,authorizedtoconductinspectionsunderthemaritimeauthorityofthePortStateandinaccordancewiththeParisMOU.AllPSCOsarecredentialedbytheirmaritimeauthorities.ThroughtheSAFEFramework,theWCOestablishedasimilarframeworkforglobalsupplychainsecuritystandardsandbestpractices.SimilartotheParisMOU,theSAFEFrameworkisnotgovernedinatop-downfashion,aseachcountryisfreetoadoptitsownstandardsandpolicies.However,theSAFEFramework–again,liketheParisMOU–doesestablishabroadsetofstandardsandmechanisms,suchasthecollectionofadvanceinformationandpre-shippingscreening,bywhichgovernmentshaveagreedtoworktogethertoavoidimposinginconsistentrequirementsonglobalbusinesses.
Commercialshipsareselecteddailyforinspectionthroughouttheregion.Tofacilitateselection,acentralcomputerdatabaseisconsultedbyPSCOsforinformationaboutshipsandforthereportsofpreviousinspectionswithintheParisMOUregion.Thedatabase,calledSIRENAC,receivesdatafromeachinspectionreportwhetherornotviolationsarefound.TheSIRENACdatabase,whichacceptsdatafromshippersabouttheircrew,cargoandstructuralintegrity,sharesthatinformationwithpermissionedmembersofthegovernanceframework,whoareresponsibletotheusersofthemaritimetradesystems.AGlobalMovementManagementgovernancemodelwouldbenefitfromtheexampleofhowtheParisMOUestablishedacomprehensiveframeworkofglobalsupplychainsecuritystandardsandbestpractices,coveringbothgovernment-to-governmentarrangementsaswellasgovernment-to-businesspartnerships.This
IBM Global Business ServicesPage ��
frameworkservedtoliftstandardsforsupplychainsecurityandharmonizerulesforinternationaltrade.
Setting the foundation for a GMMOCertainindustriesandsectorsoftheglobaleconomylendthemselvestoamorerapidadoptionofthehumancapital,technologyandgovernanceapproachesoutlinedforGlobalMovementManagement.Asnotedearlier,thesemaybeginassector-specificdistributedpocketsor“inkspots”ofsuccessorregionalinitiativesthatevolveandeventuallyconnectacrosssectorsandgeographies.Thesamegovernanceprinciplesdescribedhereapplytobothsmall-scaleversionsofGlobalMovementManagementand,ultimately,toaglobalversion.AsinthecaseofgoverningtheInternetviaICANNandglobalshippingsafetystandardsandinformationsharingwiththeParisMOU,acombinationofpublicandprivatesectorleadershipisrequiredtosetthisgovernanceprocessinmotion.Also,importantly,trustisacriticalfactorateverystage.
TheU.S.governmentcouldassumealeadershiproleinthisprocessasitdidwiththematuringoftheInternet.Atthattime,theClintonAdministrationissuedaproposalaspartoftheimplementationofits“FrameworkforGlobalElectronicCommerce.”104Referredtoasthe“GreenPaper,”itwasfirstpublishedasadraftframeworkavailableforpubliccomment.TheGreenPaperproposedthecreationofanew,privatesectornot-for-profitcorporationthatcametobeICANNwithanexpertandgloballyrepresentativeBoardofDirectors.Similarly,fortheprocessofestablishingthenecessaryconditionsforthehumancapital,technologyandgovernancerequirementsforglobalmovementsystems,theU.S.governmentshouldissueadraftframeworkandinvitestakeholdersandthepublictocontributetothewayforward.
ThedraftframeworkforInternetgovernanceviaICANNdescribedthebasicgovernancecharacteristicsconsiderednecessaryforthechallenge.EachwouldbeasuitabletopicforthefirststepsinestablishingaGMMO.Infact,incraftinganewGreenPaperformanagingglobalmovementsystems,thefollowingtopicsfromtheoriginalGreenPaperwouldserveasausefulfoundation:
The Need for Change – Explain the impetus behind establishing a more
effective system.
•
IBM Global Business ServicesPage ��
The Future Role of the U.S. Government – Explicitly state the limited and
temporary role that this would be.
The Principles – Update the principles of the original Internet – stability,
competition, private, bottom-up coordination, representation – to reflect the
principles we discuss later in this section: trusted and representative, enabling,
limited, expert, incremental, self-sufficient, decentralized, inclusive, incentives-
driven, metrics-oriented and adaptive.
The Coordinated Functions and The Competitive Functions – Describe the daily
operations of the governance structures, including the Board of Directors.
The Transition – Stakeholders would partner with the public sector and assume
governance responsibility to be placed in the private sector.
The Process – Invite consideration and comment by the entire stakeholder
community of interest to manage the process by which a GMMO should evolve.105
Structure
ThePresidentcouldappointachairpersonwithresponsibilityforcoordinatinganewGreenPaperforGlobalMovementManagement.ThepapercouldbedraftedjointlybyaWhiteHousetaskforcecomprisingrepresentativesfromtheDepartmentofCommerce,DepartmentofTreasuryandDepartmentofHomelandSecurity.SimilartothewayinwhichthefirstGreenPaperemerged,thistaskforcewouldproceedinconsultationwiththepublic.InadditiontotraditionalpublicnoticevenuesliketheFederalRegisterforsolicitingpublicopinion,fourexpertgroupscouldrepresentmainconstituenciesoncentralissuestoinformthedevelopmentofagovernanceorganizationandthedraftingofthisnewGreenPaper.Thesewouldincludethreeadvisorygroupsandacouncilasfollows:
A Private Sector Advisory Group composed of industry leadership from a number
of sectors and trade associations representing an appropriate cross-section of
the global economy, not only the United States. This group should include
participation from large and small stakeholders that, combined, represent a
community of interest that uses a range of business processes from the paper-
based to the highly automated to cover the span of potential participants.106
An International Partnership Advisory Group representing existing non-
governmental organizations with relevant interests and competencies, such as
the WCO, the International Maritime Organization and the International
Monetary Fund.
•
•
•
•
•
•
•
IBM Global Business ServicesPage ��
A Financial Advisory Group with representation from the central banks of Tier 1
through Tier 3 countries in addition to regional development banks.
A Privacy Protection and Information Assurance Council to advise on privacy
protection standards, a system for adapting to different legal systems and how
to address new privacy concerns as they emerge. The Ombudsman would
eventually serve as an independent watchdog entity for the operation of the new
governance organization.
Thesesamegroupscouldevolvetoformanimportantpartoftheorganizationitself.BasedonthecharacteristicswedescribedandtherelevantmodelsofICANNandtheParisMOU,theGMMOcouldbestructuredasshowninFigure12.
Figure 12. Proposed GMMO structure.
Source: IBM Global Business Services.
Inadditiontotheadvisorygroupsandcouncildescribedabove,theGMMOcouldservethestakeholdercommunitythroughthreesub-organizationsmodeledonthestructureofICANN.Forthepurposesofglobalmovementsystems,thesesub-organizationscouldinclude:
Global Movement Systems Development and Support Organization to support
efforts to improve information sharing betweeen stakeholders in global
movement systems. The services could include automation, interoperability,
anonymization, encryption and analysis, etc. As part of the Support function,
•
•
•
GMMOBoard of Directors
Privacy Protectionand Information
Assurance Council
Privacy Protectionand Information
Assurance Council
InternationalPartnerships
Advisory Group
Private SectorAdvisory Group
Financial SystemsAdvisory Group
OmbudsmanPresident/CEO
GMMO Staff
Global Movement SystemsDevelopment and Support
Organization
Strategic Human CapitalOrganization Standards Organization
IBM Global Business ServicesPage ��
this organization would also train users, owners and operators of the global
movement systems, where appropriate.
Strategic Human Capital Organization to identify and support the emerging
techniques for managing in a networked environment. Those techniques
may include improved collaboration, latitude to reach across and outside
organizational boundaries, investment in organizational transformation, new
and more flexible structures, relevant technology enhancements, and improved
training for managerial and supervisory skills.
Standards Organization to advise the Board of Governors, the CEO and others
on the standards to guide global movement system activities of the Development
and Support and the Strategic Human Capital Organizations. Standards could
be technical, legal or workforce oriented. Much of the work of the Standards
Organization would be at the direction of the three Advisory Groups, where
appropriate, and the Privacy Protection and Information Assurance Council.
Key characteristics
EstablishingaGMMOrequiresgovernanceprocedurestoadministerit,humancapitalinvestmentstocultivateandleadit,andtechnologytosupportit.RegardlessoftheeventualorganizationalformatofaGMMO,itshouldembodyseveralkeycharacteristics.AGlobalMovementManagementgovernanceregimeshouldbe:
Trusted and representative – The organization must be trusted by the full range
of participants, from developed (Tier 1) to nascent (Tier 3) economies, markets
or individual participants. The operations of the organization must be open to
public review and monitoring to correct problems when they arise and to help
ensure that the daily operational decisions and protocols reflect the ideals and
approach expressed in the original intent. Participants must be comfortable
sharing proprietary and sensitive information, confident that the information is
protected. Finally, the organization and its management or leadership must be
accountable to the stakeholder community.
Enabling – Nascent participants disadvantaged by low-tech, non-interoperable
or simply small-scale infrastructure and resources also must be accommodated
in a way that enables those participants to contribute to and benefit from the
GMMO to the same extent that Tier 1 members do.
Limited – GMMO participants agree to a level of collaboration that results in
mutual benefit among competitors, clients and partners by sharing information
critical to the flow of global trade and travel. While a governance mechanism
•
•
•
•
•
IBM Global Business ServicesPage ��
is required to manage this process, the participants are considered sovereign
members in the same way as the United Nations and other multinational
organizations consider their members to be self-selecting and driven by
competitive advantage, increased security, heightened economic performance, or
all three.
Expert – A governance mechanism needs to have the knowledge, skills and
abilities to expertly serve the global trade and travel stakeholder communities by
consulting subject matter experts from those communities. Helping to ensure
the expected gains – in whatever form – requires the ability to add value in a
complex environment of corporations, countries and other collaborators.
Incremental – Membership and/or scope of responsibilities may begin on a small
scale so the governance structure can develop optimally. However, incremental
growth should be undertaken through a deliberate and measured approach to
better promote a level of collaboration that results in mutual benefit.
Self-sufficient – This organization must have the resources to be self-sufficient
over time, if not at the start. This can be accomplished through a number of
means depending on the way in which the structure is initiated. (See “Dual-
track GMMO approach” below.)
Decentralized – Not only is it impractical in today’s information age and global
economy to do otherwise, but by decentralizing the governing structures
across the globe, the entire enterprise gains from a wider range of expertise
and knowledge. There is a reason why ICANN uses numerous advisory groups
around the world. Better intelligence and more accurate decisions translate into
legitimacy and power in the marketplace and policymaking communities.
Inclusive – To the extent that the governance structure will include Tier 3
countries and companies, it would provide funding from member countries
in proportion to their interest in the system and their ability to pay, similar to
the World Bank’s financial structure. The justification for this is that as more
participants are able to contribute information and relevant infrastructure, the
adoption of standards and norms will be facilitated. Thus, the overall benefits to
the participants increase.107
Incentives-driven – Participants would have an incentive to improve their
facilities, processes and business practices because these investments would
result in increased efficiency, harmonization among trading partners and greater
system resilience to manage risk more successfully.108
•
•
•
•
•
•
IBM Global Business ServicesPage ��
Metrics-oriented – A set of incentives or regulations must first align with
a defined evolutionary process for members to adopt. Tier 1 countries and
corporations would need an agreed-upon roadmap for more comprehensive
improvements, whereas aspirants in Tier 3 should have a standard and
transparent set of benchmarks for relative parity that would enable participation,
as described above.109
Adaptive – This organization also must be adaptive to continually evolve with
the needs of the stakeholder community and the challenges posed by a dynamic
environment. Consistent with the characteristic that such an organization should
be trusted, it would maintain a capability to be monitored for progress and
efficacy. This capability would include a reform and reorganization function to
help ensure its adaptability as needed.
Dual-track GMMO approachAsmentionedearlier,bridgingthegovernancegapinvolvesadual-trackapproach:1)creatingneworganizationswherenecessary,and2)leveragingexistingorganizations.WealsobelievethatagovernanceframeworkforGlobalMovementManagementwouldgainmomentumonadistributedbasiswherecommercialincentivesorgovernmenteffortsfavoraction.Severaldifferentapproachescouldbetakenforinitiatingthisprocess,eachofwhichhasoccurredinoneformoranotherintheinternationalsystem.
Creating new organizations
Oneapproachweproposeforestablishingthegovernanceframeworkneededforglobalmovementsystemsincludescreatingneworganizations.Aneworganization,liketheGMMO,maybeinitiatedinanumberofways.TheseincludeConsensusoftheLeaders,CellDivision,VentureModel,andFoundationorDonorModel:
Consensus of the Leaders – The policy apparatus of a significant portion of
influential non-governmental organizations and national governments could
be engaged to define and create the structure. The Financial Action Task
Force (FATF) began this way. The FATF was established in 1989 by the G7
group of industrialized nations to generate political will and collaboration in
support of legislative and regulatory efforts. These effots were necessary for
the protection of public and private sector interests in combating international
money laundering, both as a public good and as a business function on the part
of the worldwide banking industry. As an inter-governmental entity, the FATF
•
•
•
IBM Global Business ServicesPage ��
has established almost 50 recommendations that include procedures, standards
and protocols for anti-money-laundering initiatives around the world. Today, 34
countries and their banks participate in FATF.
Cell Division – In certain domains, a dominant governance structure already
exists. For example, the WCO reconciles widely diverse practices in global trade
relationships by determining standards for everything from ship classifications
to the form and type of information an exporter must submit to participate in
the global economy. The charter, decision-making mechanisms and financial
framework of the WCO could simply be replicated to create a similar structure
to provide the foundation for the GMMO.
Venture Model – A private sector or a non-profit investor could establish a global
movement management network as a service for a fee. The rules of participation
would include adherence to a set of bylaws and ownership by the stockholders in
a blind trust such that initial investors help establish it, but the operation would
be undertaken by a third party. In this scenario, the fee for service would likely
be minimal, but the scale could become significant as the value proposition of
increased efficiencies and more robust resilience appeal to a growing community
of participants/customers. This model would resemble a virtual utility whereby
its investors would create ownership in a public good. Charging fees would
require approval of a board in an oversight capacity similar to how most public
utilities are governed.
Foundation or Donor Model – This is similar to the way the World Bank was
formed. All stakeholders would donate funds to a foundation that would achieve
critical mass and then deliver a significant bottom line. In this case, the
bottom line would be the evolving Global Movement Management network. It is
conceivable that this process would take longer, favor the bigger players, at least
initially, and adopt a cumbersome management mechanism.
ThefoundingoftheParisMOUrepresentsaConsensusoftheLeaders,butitalsoshowsthepotentialforaCellDivisionevolutionbecauseitisscaleabletoothersectorsofglobaltradeandtravel.Duetotheglobalanddistributednatureofwhatisbeingproposed,thisnewgovernanceorganizationforglobalmovementsystemscouldbedevelopedregionallyfirst.ThepathtakenbythosewhoestablishedICANNwouldapplywellinNorthAmericaasameansfordesigningagovernanceregimebasedonthekeycharacteristicswedescribedearlier.AsimilareffortcouldbeundertakenbytheEuropeanUnion,whileitscounterpartsinAsia,AfricaandtheMiddleEastwouldberesponsiblefortheirownefforts.
•
•
•
IBM Global Business ServicesPage ��
Becausetheseeffortswoulduse,asablueprint,thesamesetofprinciplesandcorecharacteristics,similartothoseidentifiedhere,theresultwouldbenetworkedandcompatiblecoverageofglobalmovementsystems.
Inwhatcouldbecalledan“inkspots”process,certainsectorsorstakeholdergroupscouldsupportthefoundationofaGlobalMovementManagementframeworkwhereitisdirectlybeneficialevenatanearlystage.Bystartinginthisway,bestpracticesemergeonabilateralorotherwiselimitedbasis.110Ascountriesandindustrieswithinflowsparticipate,the“inkspots”modelhasthepotentialtoexpandinawaythatisinteroperablewithothersectorsandflowsifconsistentstandardsareapplied.Eventually,thisprocesswouldachievetheglobalscopenecessaryforthefullbenefitsofGlobalMovementManagementtoberealized.However,systemefficienciesandenhancedsecurityandresiliencefactorscanbeimprovedforparticipantsevenonasmallscale.
Leverage existing organizations
Theotherhalfofthedual-trackapproachweproposeforcreatingaGMMOincludesleveragingrelevantexistinggovernanceregimesandencouragingotherinternationalorganizationstoadoptthepromotionofintelligentimmunityinglobalmovementsystemsasahighprioritymissionoftheirown.Doingsowillhelppromoteadoptionofamorestrategicapproachtotechnologyandhumancapitalaroundtheworldtoenhancethesecurity,efficiencyandresiliencyofglobalmovementsystems.Therefore,weproposethefollowing:
The World Census and Statistics Organization could empower people around
the globe by providing information about the performance of global movement
systems. Metrics to measure the efficiency, security and resilience of the system
should be developed and implemented widely. More informed users of the
system and, in the case of democratic countries worldwide, better informed
taxpayers, can hold their governments accountable for performance results. New
organizations chartered for this purpose, such as IBM’s Managing for Progress
initiative,111 have already garnered substantial international attention, prototyped
initial technology and attracted participants from a number of leading
institutions worldwide.
The Group of Eight Most Industrialized Countries (G8) could introduce policy
proposals to inform their citizens of the things they can do to enhance security
and resilience of global movement systems as part of emergency management
and public service notices already in existence. These could include a simple
•
•
IBM Global Business ServicesPage �0
“Report Suspicious Activities” hotline modeled after the statewide programs in
place in New York and New Jersey.
The International Standards Organization could incorporate more of a strategic
human capital approach into their ISO 9000 standard as part of the overall
effort to harmonize standards for business processes and technology.113 The
training standard should include the use of simulation training and gaming
technologies to create virtual environments where front-line inspectors and law
enforcement personnel can get much needed practice dealing with malicious
actors, and can learn to work with each other in a more decentralized and
coordinated fashion.
The International Federation of Red Cross and Red Crescent Societies and their
national member societies could create a basic training course for people around
the world regarding the role that individuals can play in improving overall security
and resiliency. These organizations could also provide knowledge and training on
how to prepare for and respond to natural disasters and other high-consequence
disruptions. Such a course could complement existing widespread public education
programs such as CPR and EMT courses. It would stimulate a higher level of
knowledge and preparedness in society starting at the level of individual citizens
and would be appropriate for both developed and developing countries.
Forexample,thecoursescouldincluderequirementsforbasicfood,shelter,clothing,communicationandmedicinetoserveafamilyfortheperiodoftimeitislikelytotakeemergencymanagementsystemstokickin.Otherprivatesectortrainingcompanies,collegesanduniversitiescouldfollowsuitasdemandgrows,providingcourseopportunitiesonafee-for-servicebasisusingpublichealthcurriculaandemerginghomelandsecurityprogramsforcontent.Aprogramforelementaryandsecondaryeducationcouldprovideanage-appropriatebaselineforunderstandingelementaryresponsibilitiesofcitizenshipandpersonalresponsibilityinanemergency.Educationandoutreachbytrustedpublicinformationoutlets,includingtheRedCross,stateandlocalauthorities,andmediaoutletsshouldspeedacceptance.
Financialincentivesforadherencetothenewglobalstandardsshouldbeincreasedasfollows:
The World Bank, Asian Development Bank and the Inter-American
Development Bank could launch initiatives to improve security that provide
investment money in developing countries contingent on the adoption of
improved security practices. Such initiatives could be modeled on the U.S.
•
•
•
IBM Global Business ServicesPage �1
Millennium Challenge Corporation. The Millennium Challenge Corporation
criteria could also be extended to include more emphasis on trade facilitation,
security and resilience in global movement systems.
The European Union and NAFTA could apply portions of existing tariffs to
fund a “road user charge” to more directly tie activity to benefit for local
infrastructure. Signatories to the system could then decide whether to designate
a portion of these funds for investment in infrastructure, technology and human
capital in direct proportion to use by the members states.
The leaders of leading insurance companies could seek to adopt the ISO 9000
standards and related Red Cross/Red Crescent certifications as a means to
group risk and price accordingly. The presumed reduction in risk for early
adopters of these standards would create a financial incentive for others to take
the course and gain certification. This insurance discounting process would
be comparable to what we have in the United States for driver education and
associated reduction in the cost of auto insurance.
The WCO could create a forum for the 50 largest companies in the world to
harmonize directly with their corporate counterparts on a business-to-business
basis with WCO and government review. Participants could work toward bilateral
innovations to help lower their costs and then request approval by relevant
customs organizations. Participants would naturally start at the highest value
end of the set of possible system improvements. The WCO could then share
these promising practices among the other participants and use the case studies
as a basis to propose systemwide reforms. This process, if successful, could be
expanded to include other global movement systems over time.
The U.S. National Institute of Standards and Technology (NIST) could
consider modifying the Malcolm Baldrige National Quality Award’s113 Criteria for
Performance Excellence114 to incentivize leading firms and organizations in all
sectors to optimize commerce, security and resilience. This would encourage
the adoption of security and resilience as critical new attributes of quality in the
manufacturing, transportation and financial services industries. The resulting
value to corporate performance, enhanced brand value for competing firms and
sharing of promising practices would further create incentives for adoption of
new standards.
•
•
•
•
IBM Global Business ServicesPage ��
The WCO, WTO and Interpol could cooperate in creating a global incident
database of disruptions to global movement systems, including incident analyses
and after-action reports. This effort could be augmented with methods for
assessing or grading strengths and weaknesses of global movement systems
that could lead to a clearinghouse function for peer-validated best practices in
enhancing the security, efficiency and resilience of global movement systems as
a basic public good. Access to some of the output of this effort would have to be
limited to verified and properly permissioned level officials. The functionality
and services provided by the Memorial Institute for the Prevention of Terrorism,
which was created as a resource for first responders and homeland security and
counterterrorism practitioners, would represent a small-scale model.115
Universal system for scoring riskIfnotundertakenbyanexistingorganization,anadditionaltaskoftheGMMOwouldbetoleadthedevelopmentofauniversalsystemforscoringrisk.SuchasystemwouldbeakintotheuniversalcreditscoresprovidedforcompaniesbyS&PandMoody’sandtosovereigncreditriskassessmentsthatlargebanksprovideforcountries.AnotherexampleistheRiskPreparednessIndexthataccountingfirmsusetoassesscybersecurityatfinancialinstitutions.116TheGMMOcouldspearheadthecreationofacomprehensiverisk-scoringsystemandmethodologythatcouldbeapplieduniversallytocompanies,countries,economicsectorsandindividualmovementsystems.
•
IBM Global Business ServicesPage ��
VII. Moving forward
WebelievethattheholisticGlobalMovementManagementstrategypresentedinthiswhitepapercanbeanessentialcomponenttosuccessfullyaddressingtheasymmetricandhighlynetworkednatureofriskinthemovementsystemsthatmaketoday’sglobaleconomywork.Weforeseeanewrelationshipemergingbetweenthepublicandprivatesectorsastheyincreasinglyrecognizetheircommoninterestsasstakeholdersintheglobalmovementsystem.Privatecompaniesandindividuals,governmentsandnon-governmentalorganizationscanworkinconcerttoimprovethehealthofcriticalglobalmovementsystemstohelpmakethemmoreresistanttoharmordisruption–anapproachwecallintelligentimmunity.Toaccomplishthis,werecommendthatpolicymakers,managersandemployeesincorporatetheconceptofintelligentimmunityintotheircorestrategiesforhumancapital,technologyandgovernanceandintohowtheyconducttheirbusinesseseveryday.Thiswillhelpprotectandimproveglobalmovementsystemsand,therefore,helpmaketheglobaleconomymoresecureandresilient.
Webelievethatthefirststeptopromotingintelligentimmunityinglobalmovementsystemsisachievingwidespreadunderstandingofthebenefitsandrisksofeconomicandsecurityinterdependencethatexistbetweenindividualcompanies,sectorsandcountries.Sinceindividualmovementsystemsandindividualeconomicsectorsaroundtheworldareinextricablylinked,agreaterrecognitionoftherisksandresponsibilitiesthataccompanymutualinterdependencewillpromotegreatercooperationamongstakeholders.Thebusinessjustificationforaligningactivitiesacrosssectorswillgrowstronger,andstakeholderswillseebenefitstobettercoordinationandcooperationrangingfromimprovementstothebottomlinetobrandstrengtheningandreputation-buildingintheareaofsocialresponsibility.
Wealsobelievethatnewbusinessanalysis,accounting,capitalbudgetingandfinancialreportingtoolswillemergetomeasurethebenefitsofgreatersecurityandresiliencewithinandamongsystems.Forexample,thecreationofauniversallyrecognizedRisk-PreparednessIndexwouldprovideabenchmarkagainstwhichownersandoperatorsofcriticalglobalmovementsystemscouldbeassessed.Thiswouldallowkeyaspectsofintelligentimmunityinglobalmovementsystemstobepricedintothemarket,forexample,throughtheriskpremiumschargedtocompaniesbyinsuranceproviders.ThiswouldhelpbusinessleadersandsecuritymanagerstomovebeyondsimpletraditionalROIcalculationsandbetterquantifyandcapturethebusinesscase
IBM Global Business ServicesPage ��
forinvestmentsthatincreasesecurity,promoteresilienceandreducesupplychainvulnerability.
Weanticipatetheneedforamorestrategicapproachtopeopleandtrainingtopromoteintelligentimmunityintheglobalmovementsystem.Traditionalapproachestoriskmanagementandhumancapitalarelargelybasedonexception-basedmanagementcontrols.Incontrast,anapproachtoriskmanagementinglobalmovementsystemsbasedonintelligentimmunitywillrelytoamuchgreaterdegreeonempowermentandtrust.Amorestrategicapproachtohumancapitalwillrequirecompaniesandgovernmentstoinvestmoreinemployeetraining,tobetterarmfront-lineemployeeswiththerightinformationattherighttime,andtoempowerthemwiththeconfidenceintheirownauthoritytomakedecisionsbasedontheirowninformedjudgmentsandlocalknowledge.Inaddition,amorestrategicapproachtohumancapitalwillallowcompaniesandgovernmentstodiscovermoreinnovativewaystoimproveefficiency,securityandresilience.Thisseachangeintheapproachtoriskmanagementandhumancapitalcanhelpmaketraditionalbureaucraticandhierarchicalorganizationalcultureswithingovernmentandmanycompaniesmoreflexible,dynamicandinnovativeinthefaceofmodernrisks.
Tobetterempowerindividualsandtosupportintelligentimmunityoverall,weenvisionatechnologystrategyforglobalmovementsystemsthatincludesthreemajorcomponents:
Adoption of a micro-macro approach that combines both greater information
granularity and greater information federation/aggregation
Building the “connective tissue” that can help give stakeholders in global movement
systems the confidence to connect, collaborate and share even sensitive information
at scale
Peer production that results from unlocking information and sharing it more widely,
helping to drive innovation and dramatically improving the performance, security
and resilience of global movement systems.
Webelievethatadoptingapeerproductionstrategywillyieldseveralbenefits.Itcanhelpaddresssignificantissuesoftrustandprivacythatcurrentlyimpedeinformationsharing.ItcanplayakeyroleintheevolutionofWeb3.0.Itcanhelpdrivethekindofrobustenterpriseawarenessandcollaborationamongthepublicandprivatesectorsneededtoaddress21stcenturyrisk.Finally,itcanopenthedoortosignificantcommercialopportunitiesfortheentrepreneurs,investorsandcompaniesthatprovidethesolutionstomakethistechnologyvisionwork.
•
•
•
IBM Global Business ServicesPage ��
Finally,weproposeanewapproachtogovernancethattakeslessonsfromprovenapproachesandexistingsuccessfulorganizationalmodelsintheinternationalsystemwhilecombiningtheminanewwaytobetteraddressthetypesofrisksthatconfronttheworldinthe21stcentury.GlobalMovementManagement’sapproachtogovernancewilladvancetheeffortsofexistingnon-governmentalorganizationstostrengthentheglobalmovementsystem.Italsowillserveasabasisforcreatinganewinternationalorganization,theGMMO,tohelpfillthegovernancegapthatexiststoday.
TheGMMOwillenablegovernmentsandcompaniesfromaroundtheglobetoworktogethertoachievetheircommoninterestinimprovingtheperformance,securityandresilienceoftheglobalmovementsystem.TheGMMOwillprovideavenueforthepublicandprivatesectorstodiscusscriticalpublicpolicyissuesbeyondtheconfinesofnationaltaxandregulatorypolicy.Inaddition,theGMMOcanprovideaforumforcooperationbetweenbusinesscompetitorsandbetweeninterdependenteconomicsectorsthatcurrentlymaylacksufficientcoordination.Finally,theGMMOcanpavethewayforbettersynchronizationofpolicies,businesspracticesandtechnologystandardstohelpguideefforts.
OneofthemostimportantgoalsoftheGMMOwillbetoprovidemechanismsforTier3countriestobetterintegratethemselvesintocooperativeeffortstostrengthenglobalmovementsystems.Suchmechanismswillincludedataautomationandintegrationservicesaswellasinitiativestosecureinvestmentsbyinternationalaidanddevelopmentorganizations.
Muchisatstakeintheglobalmovementsystem.Itisnotjustthetrillionsofdollarsinglobaltradeortheeconomicwelfareofbillionsofpeople,buttheveryfabricofsocietyitself–itsvalues,cherishedidealsanduniquecharacter.Theprospectandadvantagesofbeingabletoharmonizeglobalmovementsystemsarenotonlyencouragingandarealopportunityforinnovationbut,wethink,criticallynecessarytostrengthencommerce,securityandresilienceinthefaceofglobalizationandtechnologychange.
TheGlobalMovementManagementframeworkweproposeinthispaperasacomprehensiveapproachtoriskmanagementcanhelpimprovepublicpolicy,facilitateinternationalandpublic-privatecooperation,guideinvestmentdecisions,createcommercialopportunities,andpromotebestpracticestoaddressasymmetricthreatsandrespondtobothnaturalandmanmadedisruptions.Thechallengeisimmense,theopportunityexpansive,andthetimeforbusinessleaders,governmentofficialsandtheinternationalcommunitytomoveforwardisnow.
IBM Global Business ServicesPage ��
About the authors
W. Scott GouldVice President, Public Sector Strategy and Growth
IBM Global Business Services
Dr.ScottGoulddirectsstrategyformulationfortheHomelandSecurity,IntelligenceandFederalCivilianlineofbusinessinIBMGlobalBusinessServices.Previously,hewasCEOofTheO’GaraCompany,whereheprovidedstrategicadvisoryandinvestmentservicesinthehomelandsecuritymarket.ANavalIntelligencereservist,Capt.GouldwasrecalledtoactivedutyforOperationNobleEagleandEnduringFreedom,whereheservedasDeputytotheDirector,NavalCriminalInvestigativeService(NCIS).HehasservedastheCFOandAssistantSecretaryforAdministrationattheU.S.DepartmentofCommerceandasDeputyAssistantSecretaryforFinanceandManagementattheU.S.DepartmentoftheTreasury.
Asa1993-1994WhiteHouseFellow,ScottservedintheExport-ImportBankoftheUnitedStatesandintheOfficeoftheWhiteHouseChiefofStaff.HeisafellowoftheNationalAcademyofPublicAdministrationandaformermemberoftheNationalSecurityAgency(NSA)TechnicalAdvisoryGroup.HehasparticipatedasapanelmemberonhomelandsecurityissuesfortheCouncilonForeignRelationsandtheCenterforStrategicandInternationalStudies;healsohasservedasaguestlectureratHarvardUniversity.ScottisaformermemberoftheMalcolmBaldrigeNationalQualityAwardBoardofOverseers.Healsoisco-authorofthepreviouswhitepaper,“GlobalMovementManagement:SecuringtheGlobalEconomy,”co-authorofthebook“FromVisiontoReality:AligningBusinessandGovernmentInterestsinMaritimeDomainAwarenessandGlobalMovementManagement”andco-authorofaforthcomingbookfromtheBrookingsInstitutionentitled“ThePeopleFactor.”ScottholdsanA.B.degreefromCornellUniversityandM.B.A.andEd.D.degreesfromtheUniversityofRochester.
IBM Global Business ServicesPage ��
Daniel B. Prieto Vice President, IBM Global Business Services
Senior Fellow, IBM Global Leadership Initiative
DanielPrietodirectstheGlobalMovementManagementinitiativefortheHomelandSecurity,IntelligenceandFederalCivilianpracticeinIBMGlobalBusinessServices.HeisProjectDirectorfortheCouncilonForeignRelations(CFR)IndependentTaskForceonCivilLibertiesandNationalSecurity,SeniorAdvisortotheCommissionontheNationalGuardandReserve,adjunctSeniorFellowattheReformInstituteandattheGeorgeWashingtonUniversity,andamemberoftheMarkleFoundationTaskForceonNationalSecurityintheInformationAge.DanhasservedasResearchDirectoroftheHomelandSecurityPartnershipInitiativeandbeenaFellowatHarvardUniversity’sKennedySchoolofGovernment,wherehealsoservedasagraduate-levellecturer.HehasbeenaFellowattheCFRandhasservedontheprofessionalstaffoftheHomelandSecurityCommitteeintheU.S.HouseofRepresentatives.AsDirectorofCorporateDevelopmentforAmericaOnlineandasaninvestmentbankerwithJPMorgan,heservedasanadvisoronoverUS$125billionintransactionsinthetechnology,media,andaerospaceanddefensesectors.Heisco-authorof“NeglectedDefense:MobilizingthePrivateSectortoSupportHomelandSecurity”andcontributingauthorto“ThreatsatOurThreshold:HomelandDefenseandHomelandSecurityattheTurnoftheCentury,”“TheForgottenHomeland”and“SeedsofDisaster,RootsofResponse:HowPrivateActionCanReducePublicVulnerability.”HehastestifiedbeforetheU.S.Senate,andhiscommentaryandanalysishaveappearedwidely,includinginThe New
Republic, The Washington Post, Chicago Tribune, Bulletin of the Atomic Scientists,
Wall Street Journal, TIME Magazine, USA TodayandThe Atlantic MonthlyaswellasonCNN,FOX,BBCandNationalPublicRadio.DanholdsaB.A.fromWesleyanUniversityanaM.A.fromtheJohnsHopkinsUniversitySchoolofAdvancedInternationalStudies(SAIS).
IBM Global Business ServicesPage ��
Jonah J. CzerwinskiManaging Consultant, IBM Global Business Services
Senior Fellow, IBM Global Leadership Initiative
JonahCzerwinskiisresponsiblefordevelopingpolicyguidancefortheGlobalMovementManagementcampaignandforconsultingintheHomelandSecurity,Intelligence,andFederalCivilianpracticeinIBMGlobalBusinessServices.HeisalsoaSeniorAdvisorfortheCenterfortheStudyofthePresidencyanda2007SeniorFellowattheHomelandSecurityPolicyInstituteofGeorgeWashingtonUniversity.From2003-2006,hewasSeniorResearchAssociateandDirectorofHomelandSecurityProjectsattheCenterfortheStudyofthePresidency(CSP).JonahservedontheCouncilonForeignRelationsStudyGrouponStrategiesforDefenseAgainstNuclearTerrorismin2006.From2001-2004,hedirectedtheCenter’sHomelandSecurityRoundtableandledaCenterprojectonstrengtheningthetransatlanticrelationshipthroughNATO,whichpublished“MaximizingNATOintheWaronTerror”inMay2005.In2005,hewasSeniorFellowattheHomelandSecurityPolicyInstituteofGeorgeWashingtonUniversityandin2004wasnamedaManfredWörnerFellow.JonahhastestifiedbeforeCongressonthebudgetandstrategyoftheDepartmentofHomelandSecurity.HismediaappearancesincludeinterviewsonCNNandCNN-International,andhehasbeeninterviewedbyTheNewYorkTimes,WallStreetJournal,TheNationalJournal,LosAngelesTimes,CongressionalQuarterly,NationalDefenseandothernewsmedia.Healsowritesforthehomelandsecurityblogwww.HLSwatch.com.JonahholdsanA.B.degreefromSalveReginaUniversityandisamemberoftheclassof2009attheDardenSchoolofBusiness,UniversityofVirginia.
IBM Global Business ServicesPage 100
Acronyms
ARPANet AdvancedResearchProjectsAgencyNetworkBCBS BaselCommitteeonBankingSupervisionC3I2 Command,Control,CommunicationsandInformationIntegrationCBP U.S.CustomsandBorderProtectionCCC CustomsCooperationCouncilCEO ChiefExecutiveOfficerCONOPS ConceptofOperationsCOO ChiefOperatingOfficerCSI ContainerSecurityInitiativeCSO ChiefSecurityOfficerCTBTO ComprehensiveNuclear-Test-BanTreatyOrganizationC-TPAT Customs-TradePartnershipAgainstTerrorismDHS DepartmentofHomelandSecurityECOSOC EconomicandSocialCounciloftheUnitedNationsEDI ElectronicDataInterchangeFAO FoodandAgricultureOrganizationFAST FreeandSecureTradeFATF FinancialActionTaskForce(AgainstMoneyLaundering)FOE FriendsoftheEarthG8 GroupofEightMostIndustrializedCountriesGATT GeneralAgreementonTariffsandTradeGDP GrossDomesticProductGESAMP JointGroupofExpertsontheScientificAspectsof MarineEnvironmentalProtectionGFW GlobalFundforWomenGICHD GenevaInternationalCentreforHumanitarianDe-miningGMM GlobalMovementManagementGMMO GlobalMovementManagementOrganizationHRW HumanRightsWatchIAEA InternationalAtomicEnergyAgencyIAIS InternationalAssociationofInsuranceSupervisorsIASB InternationalAccountingStandardsBoardIATA InternationalAirTransportAssociationICAO InternationalCivilAviationOrganizationICANN InternetCorporationforAssignedNamesandNumbersICBL InternationalCampaigntoBanLandmines
IBM Global Business ServicesPage 101
ICC InternationalChamberofCommerceICCA InternationalCouncilofChemicalAssociationsICFTU InternationalConfederationofFreeTradeUnionsICRC InternationalCommitteeoftheRedCrossICS InternationalChamberofShippingICSU InternationalCouncilforScienceIFAD InternationalFundforAgriculturalDevelopmentIFPMA InternationalFederationofPharmaceutical Manufacturers&AssociationsIFWP InternationalForumontheWhitePaperIGO IntergovernmentalOrganizationILO InternationalLaborOrganizationIMF InternationalMonetaryFundIMO InternationalMaritimeOrganizationIO InternationalOrganizationIOC InternationalOlympicCommitteeIOM InternationalOrganizationforMigrationIOSCO InternationalOrganizationofSecuritiesCommissionsISA InternationalSeabedAuthorityISO InternationalOrganizationforStandardizationISPS InternationalShipandPortFacilitySecurityCodeITLOS InternationalTribunalfortheLawoftheSeaITTO InternationalTropicalTimberOrganizationITU InternationalTelecommunicationUnionIUCN WorldConservationUnionIWC InternationalWhalingCommissionIWHC InternationalWomen’sHealthCoalitionMOU MemorandumofUnderstandingMSF MédecinsSansFrontières(DoctorswithoutBorders)NATO NorthAtlanticTreatyOrganizationNCIS NavalCriminalInvestigativeServiceNIST NationalInstituteofStandardsandTechnology
IBM Global Business ServicesPage 10�
NSA NationalSecurityAgencyOECD OrganisationforEconomicCo-operationandDevelopmentOHCHR OfficeoftheHighCommissionerforHumanRightsOMT OperationsManagementTeamOPCW OrganizationfortheProhibitionofChemicalWeaponsOS&D Overages,ShortagesandDamagesPNR PassengerNameRecordPOE Point-of-Entry/Point-of-ExitPSCO PortStateControlOfficerRPI RiskPreparednessIndexSAFEFramework WCOFrameworkofStandardstoSecureandFacilitate GlobalTradeSAFEPortAct SecurityandAccountabilityForEvery(SAFE)PortActSOA Service-OrientedArchitectureSRO-WA Sub-RegionalOfficeforWestAfricaTEU Twenty-footEquivalentUnitsUNDCP UnitedNationsInternationalDrugControlProgramUNEP UnitedNationsEnvironmentProgramUNESCO UnitedNationsEducational,ScientificandCultural OrganizationUNFPA UnitedNationsPopulationFundUNHCR UnitedNationsHighCommissionerforRefugeesUNICEF UnitedNationsInternationalEmergencyChildren’sFundUNIDO UnitedNationsIndustrialDevelopmentOrganizationUPU UniversalPostalUnionUS-VISIT UnitedStatesVisitorandImmigrantStatusIndicator TechnologyWCO WorldCustomsOrganizationWFP WorldFoodProgramWHO WorldHealthOrganizationWIPO WorldIntellectualPropertyOrganizationWMD WeaponsofMassDestructionWMO WorldMeteorologicalOrganizationWTO WorldTradeOrganizationWWF WorldWildlifeFederationXBRL ExtensibleBusinessReportingLanguageXML ExtensibleMarkupLanguage
IBM Global Business ServicesPage 10�
Glossary of key terms
Architecture–Aplan,depictionordescriptionofthemannerinwhichasystemisdesignedandconstructed,includingidentificationofcomponents,depictionoffunctionsanddescriptionofrelationshipsbetweencomponents.
Enterprise knowledge management–Makingefficientuseofhumanandinstitutionalknowledgewithinanorganizationoracrossmultipleorganizationsthatcomprisealogicalenterpriseorsystem(processes,relationshipsandtechnology).Theidentification,coordination/integrationandpresentationofinformationfromdocuments,reportsandothersourcesinawaythatfacilitatestheabilitytosearchandanalyzeinformationformeaningfulrelationshipstoimprovedecisionmaking.
Governance–Theuseofinstitutions,rules,standards,norms,practices,processesandcollaborationtoadminister,control,coordinateanddirectactivitywithinasystemorenterprise.Governanceincludessettingexpectations,grantingauthority,andverifyingcomplianceandperformance.Governanceincludesvirtuallyallnormativeaspectsofthesystemandthemechanismsusedtocommunicate,effectandoverseethoseaspects.Governancecancomefromgovernmentsintheformofregulationorpolicy,fromnon-governmentalorganizationsintheformofstandardsorbestpractices,fromacrossindustryintheformofself-regulationorestablishedbest-practices,orfromwithincompaniesintheformofbusinessrules,companypolicyoroperationalpractices.
Information sharing–Therangeofactivitiesthatimprovetheabilityofmultiplepartiestoexchangedata,contentandotherinformationinawaythatincreasesknowledge,improvesdecisionmakingandenhancesenterprise/systemperformance.
Resilience–Theabilitytorecoverquicklyfrom,ortoresistbeingaffectedby,someshockordisruption;thequalityorstateofbeingflexible.Otheruseful,discipline-specificdefinitionsinclude:
Networking – The ability of the network to provide and maintain an acceptable
level of service in the face of various faults and challenges to normal operation.
•
IBM Global Business ServicesPage 10�
Engineering – A measurement of resistance to disturbance and rate of return to
steady-state equilibrium following a perturbation. This definition assumes that
system behavior remains within a stable domain that contains the steady state
and concentrates on stability near an equilibrium steady state. This definition
focuses on efficiency, control, constancy and predictability – all critical attributes
for fail-safe design and optimal performance.
Ecological – The magnitude of disturbance that can be absorbed before the
system changes its structure by changing the variables and processes that
control behavior. This definition emphasizes conditions far from any steady
states, where instabilities can induce a “quantum” move into another regime
of behavior (i.e., to another stability domain). This definition focuses on
persistence, adaptability, variability and unpredictability.
Risk–Theprobabilityofharmfulconsequencesresultingfrominteractionsbetweenthreatsandvulnerableassets.Conventionally,riskisexpressedbytherelationRisk=LikelihoodxSeverity.Morespecifically,inthecaseofintentionaldisruption:
Risk=PA*(1-PE)*C
Where:PA is the likelihood of adversary attack (threat)
PE is security system effectiveness
(1 – PE) is adversary success (vulnerability)
C is magnitude of loss due to the attack (consequence).
Security–Theestablishmentandmaintenanceofmeasuresdesignedto:1)identifyandreduceorpreventthreatstotheintegrityandwell-beingofobjects(i.e.,people,goods,conveyances)andsystems,2)reducethevulnerabilityofobjects(i.e.,people,goods,conveyances)andsystemstoactivitiesthatwouldadverselyaffecttheirintegrity,performanceorwell-being,and3)limitormitigatetheconsequencesofadverseactivitiesorevents.
Trade and travel facilitation–Thesimplificationandharmonizationofinternationaltradeandtravelproceduresandtheinformationflowsassociatedwiththemneededtoexpeditethemovement,releaseandclearanceofobjects(i.e.,people,goods,conveyances)intransit.
•
•
•
•
•
•
IBM Global Business ServicesPage 10�
Appendix A: Global Movement Management Analysis of the Maritime Cargo Sector
Toillustrateasamplecomponentsystemanalysisforbuildingintelligentimmunityintomaritimecargoflows,weapplythefivecategoriesdiscussedinSectionIII,whichare:1)fivekeyobjectsofvalue,2)fivequestions,3)fivechainsofmovement,4)fivetraditionalsecurityfunctions,and5)fiveemergingsecurityfunctions.Theseelementsareaddressedbelow.(Alsoseethesidebar,“GlobalMovementManagementthemaritimecargosector”inSectionIII,“ApplyingaGlobalMovementManagementframework.”)Five key objects of valueTheobjectcanbecategorizedascargo,withinformationandconveyancesinsupportingroles.
Five questionsWhat is the object?–Theobjectisamaritimeshippingcontainer.Itscontentsarelistedonthebilloflading;however,theyarenotverifieduntiltheendofthesupplychain,eitherwhenthegoodsareinspectedbyacustomsofficerorthecontainerisopenedbytheimporter.
Where is the object?–Knowledgeoftheobject’slocationisnotinrealtime.Thisinformationisrecordedatcontrolpointsandtransmittedtootherplayersinthesupplychain.Inbetween,therearerelativelyfewmeasuresinplacetokeepanobjectfrombeingdiverted.
When did the object leave/When is it scheduled to arrive?–Customerstypicallyknowwhenanobjectshipsandwhenitisexpectedtoarrive.Becausetheobjectisnotbeingtrackedinrealtimeandbecausedatarecordedatcontrolpointsisfrequentlypaper-based,knowledgeofwhereashipmentisatanygiventimeisextremelylimited,andtimelyupdatesregardingdelaysaredifficulttoobtain.
How is the object being conveyed?–Theobjectislikelybeingtransportedbytruckortrainoverlandandbyshipatsea.Theshiptheobjecttravelsonislikelytobeknown;however,informationaboutthetrucksanddriversislikelytobelimitedtooperatorsatthechokepointsthatreceivedordispatchedthetruck.
IBM Global Business ServicesPage 10�
Is the object secure?–Figure13revealsanotabletrendinrankingtherelativerisktothecontainerorcargofromexport(left)toimport(right).Thesecurityofmaritimecargoisdirectlyrelatedtoitsvisibility,and,generally,thelevelofshipmentvisibilityissignificantlylowerthecloseritistoitspointoforigin.Thisistruebecausesuchalargenumberofplayersareinvolvedinmanufacturing,packaging,gathering,collecting,consolidating,packingandtransportinggoodsbeforetheyevergetplacedonaboatforshipment.Addingtotheriskaretheoverallconditionsinthecountryoforigin,whichwill,obviously,varywidely.Differentexportcountrieswillallexhibitvastdifferences,forexample,inmanufacturingandpackagingqualitycontrolsandsecurityprocedures;qualityofrecordkeeping;levelsofcorruptionandcrime;qualityoflawenforcement;technologyinfrastructure;andpolitical,geographic,andsocialconditions.
Iftheriskoftampering,fraudorinsertionofcontrabandintoshipmentsisgenerallyhigherclosertoitspointoforigin,riskisalsohigher,asageneralrule,whenanobjectisatrest.“Dwelltime”isadisadvantagefromthestandpointofallparticipantsinthesupplychain.Commercialinterestslosevaluabletime,andpublicsectorauthoritiesconsiderthisapeakpointofvulnerabilityforthecargooritscontainer.AChineseCustomsofficialinformedIBMthat8-10percentofallcargobeingexportedfromChinaislostordamagedfromthecontainer-stuffingsitetobeingloadingonavessel.Thisisastaggeringfigure,consideringthatChineseexportsaccountedfornearly40percentofglobaltotalexportsbyvolumein2005.
Five chains of movementSupply chain–Thoughnotwointernationalmaritimecargoshipmentsareeverexactlythesame,Figure13depictsthekeyaspectsofa“typical”shipment.Timeintransitisrepresentedalongthetopaxisindays.Theverticalaxisidentifieseveryindividualparticipantinthecargosupplychain,suchastheexporter,customs,andshippingandtruckingcompanies.Horizontalbluearrowsdenotethephysicalflowofcargo,andverticalredlinesindicateflowsofdataamongstakeholders.Atahighlevelofsummary,andmovingfromlefttorightthroughFigure13,theactivityinthefirstthirdofthepicturerepresentstheexportprocess;themiddlethirdrepresentsthecargointransitatsea;andthelastthirdshowstheimportprocessatthereceivingcountry.
IBM Global Business ServicesPage 10�
Each
Ver
tica
l Lin
e Id
enti
fies
An
Exc
han
ge
Of I
nfo
rmat
ion
Purchase OrderLetter of Credit
Purchase OrderLetter of Credit
Booking Request / Confirm
Commercial Invoice/Packaging List/Dangerous Goods Declaration
Shippers Letters ofInstruction (SLI) Empty Container Report
Empty Release
AEO / CTPAT Certification / Authorization
Letter of Credit Req/Confirm
Schedule Pickup Request Confirmation
Dock Receipt
Report Declaration
Delivery Confirm
Trucker Invoice
Accept Export Declaration
Create Rail Billing Number
BookingNotification
Pre-CarriageW/O 32 Req /
ConfirmRail Invoice
Load Authorization (AMS Dec/24-Hour Rule + Future 10+2)Customs - Customs
Communication: load/NoLoad Rick Mitigation
Master Bill of Lading InstructionsGate-out Rail
(TIR)
Gate-in OceanTerminal (TIR)
Trucker Invoice96-Hr Notice
of ArrivalDistribute Issue HouseBill of Lading
Distribrute Master Bill of Lading
Send Master B/L Prealert
Forward House Bill of Lading
Send House B/L PrealertContainer Arrival Notification
Lading Manifest Report
Terminal Invoice
Port Opertational Planning
Ris
k A
sses
men
t
Customs EntryDeclaration
Destination House B/L Present
Re-Distribute Bill of Lading
Surrender Original House B/L
Berth Scheduling
Cew Declaration
Request Instruction
Surrender Master B/L
Vessel Ops Plan-(Bay Plan, Vessel Manifest, Load Plan)
Customs Release
CommunicateCustoms Release
Vessel DischargeManifest
Contain Availibility Status Request / Confirmation
Gate Activity Report
Gate-Out (TIR)Evidence of Delivery of Goods
On-Cariage W/OCreate/Confirm
Delivery Confirmation
Customs Declaration Payment
Delivery ReceiptTrucker Invoice
Payment / LoC Settelment Based on INCO terms and Payment Terms
Return Empty Container To Yard
Exp
ort S
tuffi
ng(2
hou
rs)
Truc
k fro
m
Exp
orte
r to
Rai
l R
amp
(1 d
ay)
Rai
l Ram
pto
Rai
l Ram
p(4
day
s)O
n H
old
atP
OL
(5 d
ays)
Oce
an T
rans
port
(21
days
)O
n H
old
atP
OD
(5 d
ays)
Doo
r Del
iver
y(2
day
s)Im
port
Shi
ppin
g(2
hou
rs)
Pre Carriage Work Order #1
Phy
sica
l & In
form
atio
nC
ontro
l Poi
nt #
1P
hysi
cal &
Info
rmat
ion
Con
trol P
oint
#2
Info
rmat
ion
Con
trol P
oint
#3
Discharge Report
Delivery App Req/Confirm
-30
to 0
12
3
4
5
67
8
9
10
11
12 - -
- - - -
- - - -
- - - -
- -31
32
3
3
3
4
3
5
3
637
3
839
Exporter ExportBank
Frt Fwd Customs Truck 1 Rail Truck 2 P.O.L.Ocean Carrier P.O.D. Customs
DHSFrt Fwd Customs
BrokerTruck 3 Import
BankImporter
Country of ImportOceanCountry of Export
Days
inTr
ansi
t-3
0 to
01
2
3 4
5
6
7
8
9
10
11
12
----
----
----
----
----
31
3
2
3
3
3
4
3
5
3
6
37
38
3
9
Figu
re 1
3. G
loba
l Mov
emen
t Man
agem
ent a
nalys
is of
a ge
nera
lized
inter
natio
nal m
ariti
me c
argo
supp
ly ch
ain.
Sour
ce: I
BM G
loba
l Bus
ines
s Ser
vices
.
IBM Global Business ServicesPage 10�
Theveryfirststageofthisflow,atleft,occurspriortothemovementofactualcargoandmaytake30daysormoretocompletethelegal,tradeandfinancialdocumentationrequiredbeforethephysicalmovementoftheinternationalmaritimetradecanbegintotakeplace.Tradedocumentsandphysicaleventtransactionsareplottedsequentiallyfromlefttoright.Inareaswhereseveralactivitiesareplottedacrossthesameshorttimeperiod,Figure13indicatesthattheshipmentiswaitingforcustodytransferorisinaholdingpatternwhiletheactivitiesdepictedtakeplace.
Figure13showsareasofrisk,areasofexistingpolicyfocusandopportunityareastoimproveoperationseitherthroughchangesinbusinesspractices,changesinpolicy,improvedtechnology,improvedinformationsharingorsomecombinationthereof.
Theoverlaidcoloredboxesandovalsindicatepointsofvulnerabilityaswellaspointsofopportunitywhereperformanceandsecuritycouldbeimproved.Boxesindicateareaswhereefficiencyandsecurityoftradedataareofconcern.Theverticalredboxattheleftencompassesanarearepresentingahighlevelofinformationsecurityvulnerabilityowingtothewiderangeofactorsinvolvedandalowlevelofdataautomationandinteroperability.Theareawithintheorangeboxexperiencesamediumlevelofinformationsecurityvulnerabilityandsupply-chaininefficiencyowingtoinadequatedataautomationandinteroperability.Astimepasses,overallriskdecreasesfromapeakperiodassignifiedbythefadingredovalssurroundingthecargoanditsconveyance.ThesepointsareaddressedinfurtherdetailintheInformationChaindiscussionbelow.
Value Chain–Thegoodsaremorevaluablewhentheyarriveattheimportcountrythanbeforetheyleavetheexportcountry.Becausethegoodsinquestionarefinishedproducts,however,theirvalueisrelativelystableacrossthechain.
Information Chain–TheareaattheleftofFigure13,fromDay-30to0,andwithintheverticalredboxdepictsthecreationandexchangeofinformationaboutashipmentthatoccursbeforethemovementofphysicalgoodsactuallybegins.Thesetransactionsinvolvemultiplestakeholders,dozensofdocumentsandhundredsofindividualdataelements.Thedocumentsoriginatinginthisperiodoftimebeforephysicalshipmentrepresent60-70percentofalldataexchangedinanyend-to-endtradeflow.
IBM Global Business ServicesPage 10�
Despitemoderntechnologies,muchofthevastamountsofinformationexchangedduringthispre-shipmentperiodoccursacrossinefficient,non-interoperablelegacysystems,electronicdatainterchange(EDI)systems,e-mails,faxes,phonecallsandevenhard-copypaperdocuments,whicharehandedofffromonepartytothenext.Aseachsequentialdocumentiscreated,redundantdatafromupstreamsourcesisre-keyedalongwithnewshipmentdata.Thepointsinthesupplychainhighlightedbytheorangeboxincludedataanddocumentexchanges,whichbeginwhenthemaritimeshippingcontainerreachestheexportportofloadandendwhentheshipmenthasarrivedattheportofdestinationontheimportside.Thesetransactionsincludeexchangeofbillsoflading,export/importcustomsdeclarationsandcustomsentry.Thedataanddocumentsexchangedatthesepointsintheshipmentcycleare,again,largelyinefficientandcharacterizedbydataredundanciesandmanualprocesses.Thehighvolumesofdatacontainedinthesedocumentsandtherelativeimportanceoftheinformationmakeaccurateandeffectivecommunicationanddataexchangeofutmostimportancetotraders.
Despitetheimperativeforaccurateandtimelydata,anIBMstudyofindustrycommonpracticesindicatedthatina“typical”globaltrade,35documentschangehands.But,duetoantiquatedandpoorlycoordinatedandconnectedsystems,andasnotedinSectionsIIIandV,thedatawithinthose35documentsneedstobemanuallyre-enteredindisparatetechnologyandotherrecordkeepingsystemsapproximately1,393times.Thisrepetitivedatare-entryandre-keyingaccountsfor78.5percentofalldatafromtradedocuments.
Thelackofvisibilityintodownstreamdataandtransactionsmakescriticaltradedocumentsandassociatedsupplychainstakeholderssusceptibletoalteration,inaccuracyorlossofinformation.Shipmentdelays,latefees,stockoutsandincreasedcostsforrushedshipmentsaretypicalrisksinthemodernmaritimeshippingindustry.Theserisksaremadeworsebythelargelypaper-basedandmanualprocessesformanaginginformationinthemaritimecargosector.Suchriskscanbereduceddramaticallywithenhancedcommunications,increasedelectronicdataanddocumentexchange,andgreaterautomationofbusinessprocesses.
Metadata Chain–Informationaboutinternationalcontainermovementsiscategorizedandcompiledatonlythehighestlevel.Shipmentsaremeasured
IBM Global Business ServicesPage 110
inTwenty-footEquivalentUnits(TEUs),meaningthatastandardforty-footcontainerwouldbelistedastwoTEUs.Informationaboutthecontentsofthecontainer,itsoriginanddestinationwouldalsoberecorded.
Policy Chain–SinceSeptember11,2001,aseriesofnewgovernmentpoliciesandpublicsector-privatesectorinitiativestoenhancesecurityandsupplychainefficiencieshavebeenimplemented.Theseinclude:
The Customs-Trade Partnership Against Terrorism (C-TPAT)
The 24-Hour Rule
The Maritime Transportation Security Act
The International Ship and Port Facility Security Code
The Container Security Initiative.
AmoredetailedlistinganddescriptionoftheseprogramscanbefoundinAppendixB,“Additionaldetailonmaritimesecurityprograms.”
Oftheseefforts,themostsuccessfulhasbeensecuringthephysicalport,asopposedtothecontainerortheoverallsupplychain.TheMaritimeTransportationSecurityAct(MTSA)hassucceededinbringingUSportsuptoabaselevelofcompliancewithgenerallyacceptedphysicalsecuritymeasures.TheInternationalShipandPortFacilitySecurity(ISPS)codehashadasimilarthoughlessereffectinternationally.However,mostmegaportsaroundtheworldhaveagreedtomeethigherstandardscodifiedinthevoluntarybutmorestringentPartBofthecode.Forsecurityofthesupplychain,theC-TPATprogramisgenerallyrecognizedastherightmodelbuthasbeenhamperedbylimitedoversightandthefailuretoprovideagenuine“greenlane”preferenceforcompaniesthatarepartoftheprogram.
Five traditional security functionsFacility Security–TheISPScodeandtheMTSAhavebeeneffectiveinstrumentsforpromotingfacilitysecuritybothintheUSandoverseas.Securityrisksarelowerafterinlandtransportwhencontainersareattheportandonvessels.Containeryardsintheportaretypicallywelllitandunderahighdegreeofsurveillance.Additionally,containersstacked10-15boxeshighprovideinherentprotection.
ThethreatofterrorismandWMDsisreducedtoadegreeafterthecontainerexitstheportofdischarge,asmeasureshavebeentakensince9/11onthepartof
•
•
•
•
•
IBM Global Business ServicesPage 111
ports,federalgovernments,andstateandlocallawenforcementofficialstotarget,scan,inspect,andidentifythreats.Butterroristswillhavesucceededifadirtybomb,forexample,isnotdetecteduntilacontainerreachesaEuropeanUnionorU.S.seaport.Proactivemeasuresmustbetakeninriskmanagementandriskassessment,enforcement,andresiliencyinordertobestprepareforandrespondtomaritimesecuritythreats.
Conveyance Security–Afteracontainerisstuffedattheexportsite,itistypicallycarriedbyatruckingcompanytoarailheadordirectlytotheport,forloadingontoanoceanvessel.Itisatpointsthroughoutthisinlandtransport–truckstops,railyards,openroadorrailtrack–thatacontainerismostsusceptibletoexceptionalevents.Truckerscanbedelayedbymechanicalproblems;trainsrunoffschedule;railyardshavelittleornosecurity;deviantsplaninfiltrationsattruckstopsandrestareas.Modernmaritimecontainersarelockedandequippedwithauniquelynumbereddoorseal;however,demonstrationsshowthatskilledcriminalsorterroristscanopencontainerdoorsinfewerthantenseconds,withouteverbreakingthecontainer’ssealorvisuallycompromisingtheintegrityofthecontaineritself.Whileusuallysaferandmorevisiblethanoverseasinlandtraderoutes,transportcorridorswithintheEuropeanUnionandUnitedStatesarestillsusceptibletopilferageanddamage.Ontheoceanvesselitself,spaceoptimizationmeasuresallowforstackingtensofcontainersincargobaysandondeck,makingitdifficultforevenskilledpiratestogainaccesstocargoonvesselsatseaorberthedatthewharf.
Credentialing, Identity Verification, Provenance–Forportfacilities,initiativesareunderwaytohelpensurethatworkerspassbackgroundchecksandthattheiridentitiesareverifieduponentrytotheportandsecureareas.Forcontainers,verificationofcontentsdoesnottakeplaceuntiltheyareunloadedforinspectionorattheirfinaldestination,representingaweaknessinthesecurityregime.
Screening and Inspection–Screeningandinspectionfunctionsaretypicallyconductedattheportofentrybyimportcountrycustomsofficials.TheContainerSecurityInitiative(CSI)isanefforttomovethesefunctionstotheportofembarkation;howeverthesuccessofthisprogramhasbeenuneven.SecureFreightisaU.S.governmentinitiativetoconfirmdataaboutthecontentsofshippingcontainersthroughanetworkofscreening,scanningandinformation-sharingprocessesincoordinationwithforeignports.
IBM Global Business ServicesPage 11�
Interdiction and Enforcement–Intheeventthatacontainerintransitisthoughttocontainanuclearweaponorotherdevice,responsibilityforinterdictingthevesselcarryingthecontainerwouldfalltotheCoastGuard.However,oncethevesselisstoppedfromlandingataU.S.port,thereisnoclearplanforwheretheshipwouldbebroughtinforthecontainertobeoffloadedandinspectedawayfrompopulationcenters.Proposalsforconstructinganoffshoreplatformtostopandinspectshipswithcargoweretabledasbeingcost-prohibitive.Theproblemofinterdictionisoneofthedriversforsecuringshipmentspriortoembarkation.
Five emerging security functionsEnterprise-wide Training–Generally,enterprisewidetrainingislackinginthemaritimecontainertrade.Responsibilityforsecurityrestsalmostexclusivelywithdedicatedsecuritypersonnel,andsecurityisconsideredacostandadelayfactor,ratherthanavalueproducer.
Tracking–Realtimeornear-realtimetrackingofcontainersisinitsinfancy.Mostdatacollectedatcontrolpointsinthesupplychainisnotdisseminatedtothewidernetworkinrealtime.
Risk Analysis –RiskanalysisofcontainertrafficisperformedbyU.S.CustomsusingtheirAutomatedTargetingSystem(ATS).ATShasnotbeenshowntobeeffectiveinseveralstudiesconductedbytheGovernmentAccountabilityOffice(GAO)duetothefactthatthedatabeinganalyzedisofpoorquality.Shippingcompaniesgenerallydonotmakeriskdeterminationsforthecontainerstheycarry.
Enterprise Awareness and C3I2 –Becausedataisnotaggregatedanddigitizedinrealtime,useofthisinformationforbothEnterpriseAwarenessandCommandandControlfunctionsishighlylimited.BothsecurityandefficiencycouldbeincreasedbycreatingEnterpriseAwarenessandarobusttechnologyplatformforC3I2functions.
Resilience and Response–Whilemanysecuritymeasureshavebeentaken,themaritimecargosystemisnotassecureorresilientasitcouldbe.Afteranattack,policymakerswill,forsometime,likelyhaveaseverelylimitedabilitytoassurethepublicthatthesystemissafe.Thismayforcepolicymakerstotakeextrememeasuresofopeningandinspectingvirtuallyeverycontainer,fundamentallycripplingtheperformanceofthesupplychainanddramaticallyincreasingthecostandreducingtheavailabilityoftransport.
IBM Global Business ServicesPage 11�
Appendix B: Additional detail on maritime security programs
Thetermsbelowareapplicabletomaritimesecurityprograms:
C-TPAT (Customs-Trade Partnership Against Terrorism)–Jointgovernment-businessinitiativetobuildcooperativerelationshipsthatstrengthenoverallsupplychainandbordersecurity.
Container Security Initiative (CSI) –AU.S.Customsprogramcreatedin2002toimplementscreeningoftargetedcontainersatoverseasportsbeforetheyarriveintheUnitedStates.
The 24 Hour Rule–RequiresthatU.S.Customsmustreceivecargoinformationfromcarriers24hoursbeforecargointendedfortheUnitedStatesisloadedonashipataforeignport.ThisnewruletookeffectonDecember2,2002.
The Advanced Trade Data Initiative (ATDI)–AsupplychainmanagementsystemsecurityprogramdesignedtoworkwithC-TPAT.TheATDIisacomponentoftheU.S.CustomsandBorderProtection’s(CBP’s)effortto“pushtheborderout.”TheATDIprogramworkshand-in-handwiththeprivatesectortoobtaininformationonU.S.importsasfarupstreamaspossible.Theinformationisthenusedtovalidateandtrackcontainershipmentsthroughoutthesupplychainprocess.Theinformationisusedtotargetcontainersasfarupstreamaspossible,minimizingfrictionduringtheshippingprocessandreducingtheriskofdelaysinclearingbordersduetosecurityconcerns.
The Maritime Transportation Security Act (MTSA)–Landmarklegislationthatsignificantlyreducedvulnerabilitiestothenation’smaritimetransportationsystem.ThislawistheAmericanequivalentoftheInternationalShipandPortFacilitySecurity(ISPS)codeandwasfullyimplementedonJuly1,2004.MTSAdirectedtheDepartmentofTransportationandDepartmentofHomelandSecuritytoidentifyvesselsandfacilitiesthatposeahighriskofbeinginvolvedinatransportationsecurityincidentinadditiontomakingvulnerabilityassessmentsofU.S.portfacilitiesandvessels.ThebillalsorequiredthatprivatesectorownersandoperatorsofvesselsandfacilitiessubmitasecurityplantotheDepartmentofHomelandSecurityandtheDepartmentofTransportation.
IBM Global Business ServicesPage 11�
SAFE Port Act (The Security and Accountability For Every Port Act)–FocusesonenhancingportsecurityandwassignedintolawbyPresidentBushonOctober13,2006.
Smart and Secure Trade Lanes Initiative (SST)–Industry-drivenincooperationwithgovernmentagenciessupplychainsecurityinitiativethatconsistsofimprovedsecurebusinesspractices,advancedtechnologiesandsupplychainsecurityauthoritiesinaglobalend-to-endinformationnetworkacrossmultipleglobaltradelanes.
Framework of Standards to Secure and Facilitate Global Trade (SAFE Framework)–StrategydevelopedbytheWorldCustomsOrganizationtosecurethemovementofglobaltradeinawaythatdoesnotimpede,butratherfacilitates,themovementofglobalcargo.
Transportation Workers Identification Card (TWIC) –AjointeffortbetweentheTransportationSecurityAdministrationandtheU.S.CoastGuardtocreateastandardbiometricIDforallportworkersandtruckdriverscarryingcargotoandfromU.S.ports.Theprogramisintheinitialstagesofimplementationandmaylaterbeexpandedoutsidetheportdomain.
IBM Global Business ServicesPage 11�
Appendix C: Direct and indirect benefits of security investments Investmentsmadeinintelligentimmunityforglobalmovementsystemswillhavebothdirectandindirectbenefits.ThesebenefitsarehighlightedinFigure14.
Figure 14. Direct and indirect benefits of investments made in security for global movement systems.
Securityinvestment Directbenefits Indirectbenefits
Physicalsecurity Controlled access keeps out unauthorized personnelProtection of intellectual property, capital equipment and personnel Protection of product integrity
•
•
•
Customer recognition of the firm’s safe and secure environment as an expertise, increasing customer loyaltyFewer thefts and overages, shortages and damages (OS&D) by virtue of having a more secure facilityReduced equipment damage and operating costs (therefore, potentially lower insurance rates)Fewer safety incidents and catastrophes
•
•
•
•
Personnelsecurity Thorough background check eliminates malicious actors from hiring pool Periodic follow-up checks for employees in sensitive positions
•
•
Customer loyalty, increased sales revenues, higher market shareEmployee commitment and belief in company’s concern for employees
•
•
Transportationandconveyancesecurity
Reduces theft lossesReduces adulteration of productReduces chance of cargo vessel misuse (weapon delivery system)Protects conveyance equipment, vessels
•••
•
Cost avoidance of non-product-related costs (indirect costs)Crime and vandalism rates fallFewer disruptions to the supply chain, more cost savings compared with avoided lossesLess capital required for inventoryReduced transportation cycle time
•
••
••
Assetvisibilityandtracking
Provides positive location status, preventing unauthorized departure from official and expected pathTime-definite and controlled chain of custody
•
•
Lower theft and lossesFaster recallsFewer delayed shipmentsBetter planning, enabling lower working capital needed for inventoryLess OS&DProtection of brand name
••••
••
Buildingorganizationalinfrastructureawarenessandcapabilities
Builds awareness of security concernsRole of security in daily operations and virtually every assignment
••
Increases problem prevention through recognition by employeesEarly intervention, reducing impact of a disruptionImproves the ability to respond with early awareness
•
••
Collaborationamongsupplychainparties
Improved coordination along supply chain increases security
• Platform for broader alignmentEnables creation of a more secure supply chain network for common problem-solving, resource sharingCommunication among supply chain partners, potentially reducing coordination costs
••
•
IBM Global Business ServicesPage 11�
Securityinvestment Directbenefits Indirectbenefits
Supplierselectionandinvestment
Facilitates coordination of multi-company security activities (initiatives, sting operations, incident investigations)Security breaches easier to spot with standard systemsHigher levels of security with common proceduresSystem-level and supplier security improvement
•
•
•
•
Improves the efficiency of ship, train, truck, terminal operations; cuts international shipping times Platform for collaboration within an industry leading to standards that raise level of performance Process discipline enables compliance (quality, safety, process), higher performanceCommon processes reduce confusion, raise predictability, improve staff backupReduces non-security losses
•
•
•
•
•
Voluntarysecuritycompliance
European Union’s Authorized Economic Operator program helps ensure a base level of supply chain security assessment Customs specialists working in specialized security programs may observe risk of security breach before breach can occurC-TPAT membership provides member companies with information about industry “best practices” in supply chain securitySweden’s StairSec program leads to higher inspection rates of uncertified cargo, increasing likelihood of early warning and prevention
•
•
•
•
Establishes a “mandatory” fundamental standard across industry for supply chain security via a “voluntary” programPlatform for collaboration and alignment within an industry that leads to industry standards, raising overall level of performance in quality, service, and costC-TPAT supply chain specialist assists firm as the U.S. Customs and Border Protection’s (CBP’s) liaison for validation, security issues, procedural updates, communication and trainingFaster border throughput times from fewer inspections and “green lane” flow, which may raise service levels, enabling lower working capital Process discipline enables compliance (quality, safety, process), higher levels of process performance
•
•
•
•
•
Proactiveinvestments Technology provides increased ability to track, monitor and observe material flows, preventing unauthorized departure from official and expected path
• Ability to customize the application to the benefit of the firm Increases process efficiency through technologyVisibility investments give realtime awareness of supply chain delays, location and status
•
••
TQM More consistent security procedure executionApplication of Six Sigma may lead to disciplined loss reduction effortsLower lossesHigher-performance employees emphasize securityProcess design standardizes security processesDesign supply chain with fewer handoffs, keeping product moving
•
•
••
•
•
Discipline increases, enabling compliance (quality, safety, process)Reduction in safety stock, lead-time variance, and lower OS&DBetter process knowledge and management from additional data, greater visibility to discern bottlenecks and congestion
•
•
•
Source: Adapted from Rice, James B. and Philip W. Spayd, “Investing in Supply Chain Security: Collateral Benefits,” IBM Center for the Business of Government, May 2005.
IBM Global Business ServicesPage 11�
Endnotes1A public good is defined as a society-wide good such as national defense and environmental sustainability that is normally provided by governments by way of taxation since no market forces exist to provide public goods. Additionally, it costs little or nothing for an extra individual to enjoy a public good while the costs of withholding that good or depriving any individual of it are high.2“The World Fact Book �00�,” section on United States of America, Central Intelligence Agency (CIA), �00�. https://www.cia.gov/library/publications/the-world-factbook/print/us.html. “The Debt to the Penny and Who Holds It,” U.S. Department of the Treasury, September �0, �00�, http://www.treasurydirect.gov/NP/BPDLogin?application=np3Poole, William. “Chinese Growth: A Source of U.S. Export Opportunities.” Federal Reserve Bank of St. Louis, �1 July, �00�. http://stlouisfed.org/news/speeches/�00�/0�_�1_0�.htm4Rai, Saritha. “India’s Outsourcing Industry Is Facing a Labor Shortage.” New York Times, February 1�, �00�. http://www.nytimes.com/�00�/0�/1�/business/worldbusiness/1�cnd-INDIA.html?ex=1������000&en=�f01�f�c�f���f��&ei=�0��&partner=rssn5“Latin Business Index �00�.” Latin Business Chronicle. October �00�. http://www.latinbusinesschronicle.com6“The New Titans.” The Economist. September 1�, �00�. http://www.economist.com/surveys/displaystory.cfm?story_id=�������7This is known as dynamic instability, a key component of chaos theory, which was discovered by physicist Henri Poincare in the early �0th century. 8See, for example, Gleick, James. “Faster: The Acceleration of Just About Everything.” Pantheon, 1���.9Piasecki, Bruce. “World Inc.” SourceBooks Inc, �00�.10Robb, John. “Brave New War: The Next Stage of Terrorism and the End of Globalization.” Wiley. �00�, p. ��.11In the United States, for example, the �/11 attacks disrupted trade flows across the Canadian and Mexican borders, which soon resulted in the shutdown of much of Ford Motor Company’s manufacturing, as parts shortages halted the company’s near-just-in-time deliveries. 12Moniz, Dave and Tom Squitieri. “After grim Rumsfeld memo, White House supports him.” USA Today. October ��, �00�. http://www.usatoday.com/news/washington/�00�-10-��-defense-memo-usat_x.htm13For additional definition and discussion of Metcalfe’s law, see Network World. http://www.networkworld.com/details/��1.html14Singhal, Vinod. “Supply Chain Glitches and Shareholder Value Destruction.” Global Purchasing and Supply Chain Strategies. May �00�. http://www.touchbriefings.com/pdf/���/0�.pdf15“Hackers.” PBS Frontline. �001. http://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/notable.html. See also Robb, John. “Brave New War.” Wiley, �00�.16See Wikipedia. http://en.wikipedia.org/wiki/ILOVEYOU17See entry for Barings Bank on Wikipedia. http://en.wikipedia.org/wiki/Barings_Bank18Lowenstein, Roger. “When Genius Failed.” Random House, �001, pp. 1��.19Lowenstein, Roger. “When Genius Failed.” Random House, �001, pp. �1�.20Robb, John. “Brave New War.” John Wiley and Sons. �00�. p. ��.21Ibid. 22Sheffi, Yossi. “The Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage.” MIT Press. �00�. This reference applies to the entire paragraph.23Ibid. This reference applies to this whole paragraph.24See http://en.wikipedia.org/wiki/�00�_Italy_blackout25This is known as dynamic instability, a key component of chaos theory, which was discovered by physicist Henri Poincare in the early �0th century. 26The electric grid provides a powerful example of cascading effects. A sustained and widespread power outage would affect a range of other sectors, including transportation systems, wastewater treatment, and food and water supplies. Disruptions in these sectors would then spill over into other sectors. See the sidebar, “Seven types of risks to global movement systems.” 27See, for example, Sheffi, Yossi. “The Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage.” MIT Press. �00�. pp. 1��-1��. Also see Flynn, Steven. “America the Vulnerable: How our Government is Failing to Protect Us from Terrorism.” Harper Collins. �00�.
IBM Global Business ServicesPage 11�
28Kohlmann, Evan F. “The Real Online Terrorist Threat.” Foreign Affairs, September/October �00�.http://www.foreignaffairs.org/�00�0�01faessay���10/evan-f-kohlmann/the-real-online-terrorist-threat.html29Interview by Daniel B. Prieto, Vice President of IBM Global Business Services, with a senior Egyptian counterterrorism official. 30Huda al Saleh. “Saudi Arabia: Internet Most Popular Terrorist Recruitment Method.” Asharq Al-Awsat. � May, �00�. http://www.asharqalawsat.com/english/news.asp?section=1&id=����31It is worth noting, however, that in most instances, terrorists have not entered the United States illegally but have entered the system legally, thereby working within the U.S. immigration system to enter the United States.32Snacken, Rene, Alan P. Kendal, Lars R. Haaheim, and John M. Wood. “The Next Influenza Pandemic: Lessons from Hong Kong, 1���.” Emerging Infectious Diseases.Vol. �. No. �. March/April, 1���. http://www.cdc.gov/ncidod/eid/vol�no�/snacken.htm. Also see Bach, David L. “Human Migration May Launch the Next Influenza Pandemic: Aircraft travel may prove to be the leading cause for transmitting the first influenza pandemic of the �1st Century.” Unpublished paper presented at the symposium Preparing for a Local Crisis within a Global Pandemic. Public Entity Risk Institute. �00�. http://www.riskinstitute.org/NR/rdonlyres/D���AAFE-AF��-����-BA�C-�1B�FC����F�/0/Human_Migration.pdf33“TB patient moved up flight after warning to stay.” MSNBC from the Associated Press. June �, �00�. http://www.msnbc.msn.com/id/1�0����1/34MacLeod, Calum. “China admits tainted food link.” USA TODAY. April ��, �00�. http://www.usatoday.com/money/industries/�00�-0�-��-pet-food-china_N.htm35See http://en.wikipedia.org/wiki/11_March_�00�_Madrid_train_bombings; http://en.wikipedia.org/wiki/�_July_�00�_London_bombings; http://en.wikipedia.org/wiki/11_July_�00�_Mumbai_train_bombings.36For more on the Bhopal disaster see http://en.wikipedia.org/wiki/Bhopal_Disaster. For more on chlorine attacks in Iraq, see Kratovac, Katarina. “Iraq chlorine attacks raise new concerns.” USA Today. February ��, �00�. http://www.usatoday.com/news/world/iraq/�00�-0�-��-chlorine-iraq_x.htm37Bergen, Peter. “Al Qaeda’s New Tactics.” New York Times. 1� November, �00�.http://select.nytimes.com/search/restricted/article?res=FB0D1�F��C��0C���DDDA�0���DA�0����38Priest, Dana. “Iraq New Terror Breeding Ground.” The Washington Post. 1� January, �00�. http://www.washingtonpost.com/wp-dyn/articles/A���0-�00�Jan1�.html39Gilbert, Paul H., PE, NAE Chairman of the Panel on Energy Facilities, Cities, and Fixed Infrastructure, Committee on Science and Technology for Countering Terrorism, National Research Council, The National Academies, and Director Emeritus of Parsons Brinckerhoff, Inc. Testimony before a Joint Hearing on “Implications of Power Blackouts for the Nation’s Cybersecurity and Critical Infrastructure Protection: The Electrical Grid, Critical Interdependencies, Vulnerabilities and Readiness.” House Select Committee on Homeland Security, September �00�.40See, for example, Sheffi, Yossi. “The Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage.” MIT Press. �00�. pp. 1��-1��. Also see Flynn, Steven. “America the Vulnerable: How our Government is Failing to Protect Us from Terrorism.” Harper Collins. �00�.41From a speech given by Admiral James Loy, the former U.S. Deputy Secretary for Homeland Security and Commandant of the U.S. Coast Guard, at the Naval Institute Conference on Port Security. Baltimore, Maryland. Feb/Mar �00�. 42Gould, W. Scott and Christian Beckner. “Global Movement Management: Securing the Global Economy.” IBM Business Consulting Services. �00�.43For further explanations of hawala financing see, for example, testimony by Patrick Jost for a hearing entitled “Hawala and Underground Terrorist Financing Mechanisms” before the Senate Committee on Banking, Housing, and Urban Affairs, Wednesday, November 1�, �001. http://banking.senate.gov/01_11hrg/111�01/jost.htm44Gould, W. Scott and Christian Beckner. “Global Movement Management: Securing the Global Economy.” IBM Business Consulting Services, �00�.45We slightly refined the original six security and resilience business functions (Risk Management, Credentialing, Inspections, Tracking, Enforcement/Interdiction and Command/Control/Integration) in IBM’s previous Global Movement Management paper and added four new functions: Facility Security, Conveyance Security, Enterprisewide Security Training, and Resilience Engineering & Response Planning. We renamed some functions and divided the ten functions into the five traditional security functions and five emerging security functions discussed.46Woods, David, et al. “Resilience Engineering: Concepts and Precepts.” Ashgate, September �00�. 47“Container Security Initiative.” GlobalSecurity.org. http://www.globalsecurity.org/security/ops/csi.htm
IBM Global Business ServicesPage 11�
48“U.S. v. World Maritime Container Traffic and Gross Domestic Product: 1���-�00�.” Bureau of Transportation Statistics. http://www.bts.gov/publications/americas_container_ports/html/table_01.html49See http://www.unescap.org/ttdw/Publications/TFS_pubs/pub_����/pub_����_fulltext.pdf50Unpublished internal IBM study by Glenn, Thomas, Senior Managing Consultant. IBM Global Business Services. Global Supply-Chain Management Solutions. 51Jensen, Michael C. and Meckling, William H. “Theory of the Firm: Managerial Behavior, Agency Costs and Ownership Structure.” Jensen, Michael C. “A Theory of the Firm: Governance, Residual Claims and Organizational Forms.” Harvard University Press. Dec. �000 also see Journal of Financial Economics. 1���. http://ssrn.com/abstract=��0��52Nadler, David A. “Champions of Change: How CEOs and Their Companies Are Mastering the Skills of Radical Change.” Jossey-Bass. 1���. Also see Kotter, John. “Leading Change: Why Transformational Efforts Fail.” Harvard Business Review. March, 1���. pp. �1–��. http://harvardbusinessonline.hbsp.harvard.edu/hbsp/hbr/articles/article.jsp?ml_action=get-article&articleID=���0�&ml_page=1&ml_subscriber=true53Denison, Daniel R. “Corporate Culture and Organizational Effectiveness,” Wiley. 1��0. Schein, Edgar H. “Organizational Culture and Leadership.” Jossey-Bass. 1���.54“�-11 Commission Report.” National Commission on the Terrorist Attacks on the United States, �0 September, �00�. http://www.�-11commission.gov/report/�11Report_Ch1.htm. “Nawaf al Hazmi set off the alarms for both the first and second metal detectors and was then hand-wanded before being passed. In addition… video footage indicates that he was carrying an unidentified item in his back pocket, clipped to its rim. When the local civil aviation security office of the Federal Aviation Administration (FAA) later investigated these security screening operations, the screeners recalled nothing out of the ordinary…We asked a screening expert to review the videotape of the hand-wanding, and he found the quality of the screener’s work to have been ‘marginal at best’. The screener should have ‘resolved’ what set off the alarm; and in the case of both Moqed and Hazmi, it was clear that he did not.” 55Hench, David. “Ticket Agent Haunted by Brush with �/11 Hijackers.” Portland (ME) Press Herald, � March, �00�. http://www.atca.org/singlenews.asp?item_ID=����&comm=0. “Michael Tuohey, a U.S. Airways ticket agent checked in �/11 hijackers Mohammed Atta and Abdul Aziz Alomari for their flight from Portland International Jetport. Tuohey held himself at least partly responsible as he was suspicious of them but ignored his instincts and did nothing. The Portland police chief whose detectives interviewed Tuohey after the attack, said he would have been surprised if anyone in Tuohey’s position had taken action. ’At that point in time, the United States of America was not under attack…You can’t beat yourself up… What was he going to report, and who was he going to report it to?’” 56The Framework of Standards to Secure and Facilitate Global Trade is a global initiative aimed at securing and facilitating the global trading system on a multilateral basis and making this regulatory structure more uniform. Adopted in June �00�, The framework, commonly called the SAFE Framework, established a comprehensive framework of global supply chain security standards and best practices, covering both government-to-government arrangements as well as government-to-business partnerships, in order to lift standards for supply chain security worldwide and to harmonize the “rules-of-the-road” of the global economy. 57Sheffi, Yossi. “The Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage.” MIT Press. �00�. p. 1��.58Cebrowski, Arthur and John Garstka. “Network-Centric Warfare: Its Origin and Future.” Proceedings. January 1���. http://www.oft.osd.mil/initiatives/ncw/docs/NCW_Origins_and_Future.doc59“America At Risk: Closing The Security Gap.” Report By The Democratic Members of the Select Committee on Homeland Security. U.S. House of Representatives. March �00�. 60A wiki is a “medium which can be edited by anyone with access to it, and provides an easy method for linking from one page to another. Wikis are typically collaborative websites, though there are now also single-user offline implementations.” See http://en.wikipedia.org/wiki/Wiki61See, for example, Thompson, Clive. “Open Source Spying.” New York Times Magazine. December �, �00�. http://www.nytimes.com/�00�/1�/0�/magazine/0�intelligence.html. Also see Shrader, Katherine. “Over �,�00 intelligence professionals tapping into ‘Intellipedia’.” Associated Press from USA Today. November �, �00�. http://www.usatoday.com/tech/news/techinnovations/�00�-11-0�-intellipedia_x.htm62Margetta, Rob. “DHS Wants Cell Phones to Detect Chemical, Radioactive Material.” Congressional Quarterly, � June, �00�. http://public.cq.com/docs/hs/hsnews110-00000������1.html 63Noguchi, Yuki. “Camera Phones Lend Immediacy to Images of Disaster.” Washington Post. � July, �00�. http://www.washingtonpost.com/wp-dyn/content/article/�00�/0�/0�/AR�00�0�0�01���.html 64See Wilson, Michael. “Loved Ones Turn to Web for Searches in Flood Zone.” New York Times. 1 September, �00�.
IBM Global Business ServicesPage 1�0
http://www.nytimes.com/�00�/0�/01/national/nationalspecial/01postings.html?ex=1�������00&en=b�1d�b�����cc���&ei=�0�0&partner=rssuserland&emc=rss. Also see Wikipedia, “Katrina Disaster Relief.” http://en.wikipedia.org/wiki/Hurricane_Katrina_disaster_relief 65Prieto, Daniel B. “On Harnessing Technology: Why eBay® Matters for Homeland Security.” San Francisco Chronicle. �� June, �00�. http://sfgate.com/cgi-bin/article.cgi?f=/c/a/�00�/0�/��/EDGDOILN�C1.DTL&hw=ebay+disaster+relief&sn=001&sc=1000. Also see Prieto, Daniel B. “Off-the-Shelf Security.” Bulletin of the Atomic Scientists. May-June �00�. http://thebulletin.metapress.com/content/m���x����00g��1m/66The Semantic Web was first proposed by Tim Berners-Lee in 1���: “The Semantic Web is a web of data, in some ways like a global database.” http://www.w�.org/DesignIssues/Semantic.html. Also see Dumbill, Edd. “The Semantic Web: A Primer,” XML.com, 1 November, �000. http://www.xml.com/pub/a/�000/11/01/semanticweb/index.html. 67Markoff, John. “Entrepreneurs See a Web Guided by Common Sense.” New York Times. 1� November, �00�. http://www.nytimes.com/�00�/11/1�/business/1�web.html?ex=11������00&en=cc���1��fd����e�&ei=�0�068“…the Holy Grail for developers of the semantic Web is to build a system that can give a reasonable and complete response to a simple question like: ‘I’m looking for a warm place to vacation and I have a budget of [US]$�,000. Oh, and I have an 11-year-old child.’”69Piasecki, Bruce. “World Inc.” SourceBooks Inc, �00�.70According to the U.S. National Academy of Science, �0 percent of business is conducted on unstructured data, �� percent of all data stored is unstructured, and there is a �0 percent annual growth rate for unstructured data. Also see White, Colin. “Consolidating, Accessing and Analyzing Unstructured Data.” Business Intelligence Network. 1� December, �00�. According to White, �0 percent of business is conducted on unstructured information (Gartner Group), and �� percent of all data stored is held in an unstructured format (Butler Group). http://www.b-eye-network.com/view/�0��. Also see Connor, Deni. “Start-up to index e-mail, other unstructured content.” Network World. 1 August, �00�. “The Enterprise Strategy Group estimates that as much as �0% of the data on the network is unstructured and Gartner says this will increase from nearly � million terabytes today to as much as 1�.� million terabytes in �00�.” 71Unpublished internal IBM study, Glenn, Thomas, Senior Managing Consultant. IBM Global Business Services. Global Supply-Chain Management Solutions. 72For a discussion of physical and logical security, see Mehdizadeh, Yahya. “Convergence of Logical and Physical Security,” SANS Institute, October �00�. http://www.sans.org/reading_room/whitepapers/authentication/1�0�.php73Wullems, Chris, Alessandro Pozzobon and Oscar Pozzobon. “Secure Tracking for Critical Applications.” GeoIntelligence, 1 August, �00�. http://www.geospatial-solutions.com/geospatialsolutions/content/printContentPopup.jsp?id=���11�74Sheffi, Yossi. The Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage, MIT Press, �00�. p. 1��. For example, Intel and other high technology companies joined together in 1��� to create the Technology Asset Protection Association. The Critical Materials Council monitors the global supply chain for semiconductors and potential disruptions ranging from material shortages to political disruptions. Data sharing among casinos gives participating casinos access to a facial recognition database that helps them identify cheats and card counters. Collaboration between spirits distillers showed common losses for all of them on one delivery route, a pattern that would not have been identified without mutual cooperation. Industry association efforts include the Retail Industry Leaders Association (RILA), the Toy Industry Association, and the Postal and Shipping Coordination Council, which comprises competitors UPS, FedEx and DHL.75Block, Robert. “U.S. Finds Ally in Terrorism Fight in FedEx: Since September 11, Firms Cooperate More Often with Officials, Raising Privacy Concerns.” Wall Street Journal Europe. May �0, �00�. p. A�.76The Q��.com service is used primarily by shippers to share data with other companies and the government within a permission-based system to gain better visibility into parts of their supply chain. Participants who share their information also find more efficient treatment from the security officials in port who access the same data to confirm risk targeting. It is a start, and this model may incentivize the first movers by rewarding them with an advantage..77This excellent example is drawn from Tapscott, Don and Anthony D. Williams, “Wikinomics,” Portfolio. �00�. pp. �-10. The example is also discussed in detail in Friedman, Thomas, “The World Is Flat: A Brief History of the �1st Century.” Farrar, Straus and Giroux, expanded and updated edition. �00�.78Ibid.79Ibid.80The term was first coined by Yale Law professor Yochai Benkler in Benkler, Yochai, “Coase’s Penguin, or Linux and the Nature of the Firm,” Yale Law Journal. Vol. 11�, �00�-�00�. For an exhaustive treatment of the subject, see
IBM Global Business ServicesPage 1�1
Benkler, Yochai. “The Wealth of Networks: How Social Production Transforms Markets and Freedom,” Yale University Press. �00�. The benefits of peer production are well established in the software world. Under the traditional model, source code is guarded by a core group of developers. Under a model where anyone can participate (e.g., a “bazaar model”), source code is released on the Internet for anyone to work with and modify.81Tapscott, Don and Anthony D. Williams. “Wikinomics.” Portfolio, �00�, p. ��.82Poe, Marshall. “The Hive.” The Atlantic Monthly, September �00�. http://www.theatlantic.com/doc/�00�0�/wikipedia/�83The ARPANet used a protocol named Network Control Program (NCP). NCP was the predecessor of TCP/IP, where IP (Internet Protocol) defines the packets that transport data between nodes, while TCP (Transmission Control Protocol), UDP (User Datagram Protocol) and ICMP (Internet Control Message Protocol) establish the protocols by which data is transmitted.84The Internet only took off after HTML allowed the ready conversion of text to Web pages, HTTP enabled easy Web publishing and retrieval, and Web browsers allowed users to easily display, access and search information across many Web sites. Over the course of the public Internet’s first decade, it successfully accommodated the majority of previously existing public computer networks. Within 1� years of the first Web page, the Internet is now a “network of networks” comprising millions of smaller domestic, academic, business and government networks. As of 10 June, �00�, 1.1� billion people use the Internet (see Internet World Stats at http://www.internetworldstats.com/stats.htm). 85The greatest number of connections possible in a network with N nodes is N (N-1)/� – also called Reed’s Law.86For instance, a card catalog entry for a book in a library is described by only a few simple data elements (title, author, classification, etc.) in a fixed format. What happens when someone wants to use new “tags” or “labels” to describe a book which do not conform to the original classification system? Metadata tagging allows a new taxonomy and new labels to be layered onto existing classification systems. In the library book example, a travel book might have the Dewey-decimal data of title, author, travel and publication date. With metadata tagging, a user could layer on other descriptive elements that have meaning for that user: “books with a red cover,” “books my mother likes,” “books I recommend to my friends.” By being able to retain formal data labels while allowing for the creation of additional, e.g., “informal”, descriptive labels, previously “trapped” or incompatible data can become shareable and interoperable because it would no longer be bound by its original and less flexible taxonomy, data label or meaning. 87The U.S. Securities and Exchange Commission (SEC), the U.K.’s Financial Services Administration and the Chinese Securities Regulation Commission are adopting XBRL for financial data reporting, and stock exchanges in Frankfurt, Madrid, Melbourne, Seoul, Shanghai, Tokyo and Toronto are all implementing XBRL. It is expected that the SEC will eventually require public companies filings in XBRL. XBRL operates like a “bar code” for financial statements. It tags items in financial statements so data items are easily retrievable and more readily understandable. If, for example, you apply the tag for revenue to the revenue line of an income statement, a tool that can read XBRL would identify the item as revenue, how it is defined, what currency it is in, what period it covers and for what company. This allows users of financial statement information to electronically retrieve data in a matter of seconds and to do it at scale much more efficiently. In the recent past, junior analysts on Wall Street would have to laboriously comb through printed reports and manually reenter that data into spreadsheets to perform analyses. Now, when data is defined in context in an XBRL document, only a simple query is needed to ask a system to find all financial data for a given company or a range of companies. For example, a user could simply ask for operating profit numbers for software companies with revenue over US$100 million. 88See http://www.xbrl.org: “Computers can treat XBRL data ‘intelligently’: they can recognize the information in a XBRL document, select it, analyze it, store it, exchange it with other computers and present it automatically in a variety of ways for users. Companies can use XBRL to save costs and streamline their processes for collecting and reporting financial information. Consumers of financial data, including investors, analysts, financial institutions and regulators, can receive, find, compare and analyze data much more rapidly and efficiently if it is in XBRL format. Data can be transformed into XBRL by suitable mapping tools or it can be generated in XBRL by appropriate software.”89Technologies that back up identity services include the Department of Defense Common Access Card system and biometrics.90For easy-to-understand explanations, see Jonas, Jeff. “To Anonymize or Not to Anonymize, That is the Question.” http://jeffjonas.typepad.com/jeff_jonas/�00�/0�/to_anonymize_or.html. Also see Dempsey, James X. and Paul Rosenzweig. “Technologies that Can Protect Privacy as Information is Shared to Combat Terrorism.” Legal Memorandum Number 11, Heritage Foundation. �� May. �00�. http://www.heritage.org/RESEARCH/homelanddefense/lm11.cfm 91As another example, see http://www.smartmoney.com/marketmap which shows a highly-effective realtime visual
IBM Global Business ServicesPage 1��
summary of the minute-by-minute movements of hundreds of individual stocks and dozens of economic sectors in one efficient picture. 92For a classic text on the importance of information display and effective visualization, see Tufte, Edward R., “The Visual Display of Quantitative Information.” Graphics Press. February 1���. This book focuses on the display of numerical information. Also see Tufte, Edward R. “Visual Explanations: Images and Quantities, Evidence and Narrative,” Graphics Press. February 1���. This book centers on dynamic data, i.e., information that changes over time. 93“Yearbook of International Organizations.” Union of International Associations, �00�. http://www.uia.be/yearbook 94Axelrod, Robert and Keohane, Robert. “Achieving Cooperation under Anarchy: Strategies and Institutions,” Cooperation Under Anarchy. Princeton University Press. 1���. Martin, Lisa. “Interest, Power and Multilateralism,” International Organization. Fall 1���.95Sheffi, Yossi. “The Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage.” MIT Press. �00�. p. 1��.96The United Nations Foundation is working with a major cell phone provider and mobile network operator to address healthcare challenges in Africa by collaborating with the WHO and national health ministries to build digital health data systems. These systems are powered by data gathered by on-the-ground health professionals equipped with personal digital assistants (PDAs) and flexible epidemiological surveillance software. The partnership launched a major program in June �00� to fund training, software and mobile computing devices for the full complement of health data officers in Burkina Faso, Kenya and Zambia to support the fight against measles, through the non-governmental organization DataDyne. WHO and local ministries believe that the new systems will result in a more effective and efficient measles control effort. Following a three-country rollout, the program will create new digital health systems in over �0 other measles-affected countries in Africa, while working to make technology tools available to health workers fighting other diseases, such as malaria, and to integrate additional applications, such as health mapping. For additional information on the United Nations Foundation program see: http://www.unfoundation.org/vodafone/health_data_systems.asp, http://www.unfoundation.org/files/pdf/�00�/EpiSurveyor_Polio_Kenya.pdf, and http://www.youtube.com/watch?v=g�SsENpkbXg97Tier � in the context of Global Movement Management refers to a global economic grouping of nations with economies smaller than G� or second-tier economies of developed and larger developing economies. In terms of private sector entities, this would include small- to medium-sized enterprises as opposed to multinational corporations.98“A Proposal to Improve the Technical Management of Internet Names and Addresses.” United States Department of Commerce. �0 January 1���. http://www.ntia.doc.gov/ntiahome/domainname/dnsdrft.htm.99The Clinton Administration issued “A Proposal to Improve the Technical Management of Internet Names and Addresses” as part of the implementation of its “Framework for Global Electronic Commerce.” Referred to as the “Green Paper,” it was first published in the Federal Register on �0 February 1��� to provide an opportunity for public comment. The Green Paper proposed the creation of a new, private sector not-for-profit corporation to be managed by an expert and globally representative Board of Directors. 99Mueller, Milton. “Ruling the Root: Internet Governance and the Taming of Cyberspace.” MIT Press. �00�, p. �.100ICANN today is a not-for-profit corporation headquartered in Marina Del Ray, California, and managed by a professional staff with oversight from a Board of Directors representing numerous Internet technical and policy stakeholders. ICANN also receives input from an at-large “advisory” committee composed of interested parties from the international community, and it holds public meetings around the world to encourage international input into Internet governance decisions.101International Labor Organization Convention Number 1��. http://www.admiraltylawguide.com/conven/minstandards1���.html.102See http://www.parismou.org/ParisMOU/Organisation/About+Us/History/default.aspx.103The current member states of the Paris MOU region include Belgium, Canada, Croatia, Cyprus, Denmark, Estonia, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Latvia, Lithuania, Malta, Netherlands, Norway, Poland, Portugal, Russian Federation, Slovenia, Spain, Sweden and the United Kingdom.104“Framework for Global Electronic Commerce.” The White House. 1 July 1���. http://www.technology.gov/digeconomy/framewrk.htm.105“A Proposal to Improve the Technical Management of Internet Names and Addresses.” United States Department of Commerce. �0 January 1���. http://www.ntia.doc.gov/ntiahome/domainname/dnsdrft.htm106IBM formed a coalition of private sector representatives as part of the research that shaped this paper. The Global Movement Management Coalition is a group of companies and non-governmental organizations focused on
IBM Global Business ServicesPage 1��
improving the security and resilience of the global economic systems. The Coalition was created in �00� to assert private sector leadership in addressing this challenge and to organize the expertise of a range of stakeholders in the system. This Coalition could be charged with forming the private sector advisory group.107Models for this type of cooperation exist at the international and multinational levels. A grant- or loan-making mechanism may work similar to the U.S. Defense Security Cooperation Agency (DSCA) that enables countries with a shared interest in security to build more effective and interoperable defense capabilities through training, capacity building and materiel sales or grants. Similarly, when the G� established the Counterterrorism Action Group (CTAG), it established a multinational organization charged with focusing on connecting mutual interests and shared strengths while “building political will, [and] coordinating capacity building assistance where necessary.” Adopting a process similar to the DSCA at the global level should focus more broadly on the improvement of capacities and competencies that relate to trade, security and resilience within the Global Movement Management context. A Global Movement Systems Development and Support Organization could be responsible for issuing loans and assistance to Tier � or Tier � countries to target investments that improve their security, resiliency and trade facilitation over time, thereby developing nascent players to contribute to and expand the playing field for other participants. A combination of WCO assessments and other political risk measures used today by the quasi-government Overseas Private Investment Corporation and the Export-Import Bank would help ensure that funding is closely tied to global economic market standards (e.g., transparency, rule of law, anti-corruption).108Other incentives would include greater facilitation by customs and duties officials capable of verifying contents and information provided, therefore improving targeting of those malicious actors who represent a threat. Greater harmonization delivers other untapped efficiencies in the areas of data exchange, work flow and communications in general. Finally, one could anticipate potentially lower insurance rates as risk is determined with greater veracity. Effective measures to reduce exposure to risk or mitigate its consequences also can help lower insurance rates.109To measure progress, the organization would use a “managing for progress” set of outcome-oriented metrics and Web-based reporting systems to track a range of enhancements in security, resilience and trade facilitation. In addition to the inherent benefit of improved infrastructure and accessibility, a type of Baldrige Quality Award process may be useful to identify best practices and to evaluate annual competition for quality in terms of security, resilience and facilitation.110Examples today would include the Q��.com service used primarily by shippers to share data with other companies and the government in a permission-based system to gain better visibility into parts of their supply chain. Participants who share their information also find more efficient treatment from the security officials in port who access the same data to confirm risk targeting. It is a start, and this model may incentivize the first movers by rewarding them with an advantage. 111For details, see “Innovation: the challenge of the �1st Century.” IBM, June �00�. http://www-���.ibm.com/services/us/index.wss/offering/gbs/a10��1��112ISO �000 is a group of standards focused on quality management systems that is maintained by the International Standards Organization.113“The Malcolm Baldrige National Quality Award was created by Public Law 100-10�, signed into law on August �0, 1���. The Award Program, responsive to the purposes of Public Law 100-10�, led to the creation of a new public-private partnership. Principal support for the program comes from the Foundation for the Malcolm Baldrige National Quality Award, established in 1���.” From the National Institute of Standards and Technology’s (NIST’s) Web site. http://www.quality.nist.gov/Improvement_Act.htm114“The Baldrige Criteria for Performance Excellence provide a systems perspective for understanding performance management. They reflect validated, leading-edge management practices against which an organization can measure itself. With their acceptance nationally and internationally as the model for performance excellence, the Criteria represent a common language for communication among organizations for sharing best practices. The Criteria are also the basis for the Malcolm Baldrige National Quality Award process.” From the National Institute of Standards and Technology’s (NIST’s) Web site. http://www.quality.nist.gov/Business_Criteria.htm.115See www.MIPT.org.116The Risk Preparedness Index was developed jointly by accounting firms PricewaterhouseCoopers, Ernst & Young LLP, Deloitte & Touche LLP, KPMG International and AIG International Inc. in �00� as part of the Global Security Consortium. See “Big four accounting firms join in cyber-risk effort: They’re creating an index to gauge firms’ preparedness.” Computerworld. March ��, �00�.
©CopyrightIBMCorporation2007
IBMGlobalServicesRoute100Somers,NY10589U.S.A.
ProducedintheUnitedStatesofAmerica10-07AllRightsReserved
IBMandtheIBMlogoaretrademarksor registeredtrademarksofInternationalBusiness MachinesCorporationintheUnitedStates, othercountries,orboth.
Othercompany,productandservicenames maybetrademarksorservicemarksofothers.
ReferencesinthispublicationtoIBMproducts orservicesdonotimplythatIBMintendsto makethemavailableinallcountriesinwhich IBMoperates.
MicrosoftandOutlookaretrademarksof MicrosoftCorporationintheUnitedStates, othercountries,orboth.
GBW03002-USEN-00
To request additional copies of this paper, please visit:
ibm.com/gbs/government
top related