National Academies Press: OpenBook

Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274 (2003)

Chapter: A Information Management Systems in the International Liner Shipping Industry

« Previous: 3 Planning a Full Study
Page 47
Suggested Citation:"A Information Management Systems in the International Liner Shipping Industry." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×

APPENDIX A
INFORMATION MANAGEMENT SYSTEMS IN THE INTERNATIONAL LINER SHIPPING INDUSTRY

A detailed description of information systems in one sector of the freight transportation industry is provided in this appendix. It is included for illustrative purposes only and is not intended to suggest that the information systems of the liner shipping industry are particularly vulnerable to cyberattacks or are more lacking in protection against such attacks than the information systems in other transportation sectors.

In general, liner shipping companies manage their information and business processes with an array of technologies, including mainframe computer systems, electronic data interchange (EDI), Web tools connected to mainframe systems, customer relationship management software, fax, and e-mail. Individual lines’ information management or communication systems vary. They include mainframe computer systems that allow worldwide access to a common central database and information management processes, as well as regional databases.

International liner shipping is not a concentrated industry. For example, the market share for the major lines serving the U.S. trade (imports and exports combined) for the first 8 months of 2002 is shown in Table A-1.

Each liner shipping company owns and operates its own information systems, which are in different locations. This reduces the potential for cyberterrorists to target all liner shipping companies’ information systems at the same time in one coordinated attack. Furthermore, because shipping is a global business, a company’s computer systems generally have backup and redundant capacity and operational centers in order to facilitate 24 × 7 business operations.

These features of the industry suggest that a cyberattack directed against an individual liner company’s information systems is unlikely to disrupt the ocean transportation system as such.

Page 48
Suggested Citation:"A Information Management Systems in the International Liner Shipping Industry." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×

TABLE A-1 Market Share of Major Lines Serving U.S. Trade (January–August 2002)

Line

Market Share (%)

Maersk-Sealand

13.1

Evergreen

7.1

APL

6.7

Hanjin

6.0

Cosco

5.1

P&O Nedlloyd

4.4

OOCL

4.1

Hyundai

4.0

K-Line

3.8

NYK Line

3.7

MSC

3.7

Yang Ming

3.7

Hapag Lloyd

3.5

MOL

2.5

Source: Journal of Commerce, Dec. 9–15, 2002, pp. 28–34 (from the top 50 lines serving the U.S. trade).

On the other hand, a more significant disruption and greater economic damage to the U.S. freight transportation system could result if a centralized government information management system used by all U.S.-bound carriers, importers, brokers, and so forth were to be targeted [e.g., the Bureau of Customs and Border Protection’s (Customs’) Automated Manifest System (AMS)].1

Another example of a centralized government information management system is the Coast Guard’s National Vessel Movement Center, which receives notices of arrival (NOAs) from all vessels originating from outside the United States 96 hours prior to arrival at the first U.S. port of call. The information in the NOAs is used for U.S. government agencies’ monitoring of vessel movements. Similarly, Customs’ Advanced Passenger Information System (APIS) receives and screens information on persons coming to the United States, and effective later this year it will receive electronic crew manifests from vessels 96 hours prior to arrival in a U.S. port. Both Customs and the Immigration and Naturalization Service use the

Page 49
Suggested Citation:"A Information Management Systems in the International Liner Shipping Industry." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×

information in APIS to screen visitors to the United States; it is expected that eventually the Coast Guard will also use APIS for its prescreening purposes.

BUSINESS DATA SYSTEMS

The heart of a liner company’s information and communication processes is usually a legacy mainframe computer system that provides the critical “behind the scenes” processing and storage of data for various aspects of the business. By linking Web-based technologies to its mainframe computer, an ocean carrier can create a near real-time information-sharing system that is accessible by all its geographically diverse offices. Thus, for example, information could be input using a Web tool, put into a large relational database, and fed into the company mainframe—giving the various specialty business functions in offices across the globe (sales, customer service, operations, etc.) access to common data sets, standard report formats, and activity records.

The databases thus made available typically would include financial databases, such as those for invoicing, billing, and trade lane pricing; terminal operations databases, which are key to vessel management; container yard inventories; and customer support data used in taking bookings, creating bills of lading, tracing cargo, changing “trip plans” (from, say, rail to truck), and distributing, diverting, or consolidating cargo.

There are, of course, different levels of security for, and access to, such centralized mainframe systems. That is also the case with liner companies’ public websites, which typically combine (a) a “general site” that can be accessed by anyone using the Internet and (b) a “business transaction site” that requires would-be users (mainly customers) to provide identification and be cleared for specific levels of access. A general site might include general background information about the line, company news, descriptions of available services, a company history, hiring information, contact information for offices worldwide, and links to other sites. The business transaction site requires customer registration and would provide specific access for activities such as making bookings, submitting bills of lading, tracking shipments, creating customer reports, and viewing accounts. The business transaction feature will typically involve “special privileges” (customized access) depending on the nature of the customer’s business and available carrier services.

In addition to public Internet sites, many global carriers have company intranet systems for internal communications. However, because liner companies often have overseas offices in countries with communications infrastructure of variable

Page 50
Suggested Citation:"A Information Management Systems in the International Liner Shipping Industry." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×

quality, Internet connections may be less than reliable at some locations. In those cases, intracompany communications may depend more on e-mail. In general, however, Web-based systems are preferred.

CENTRAL DISPATCH/REDIRECTION

In liner shipping, vessels operate on fixed schedules in specific trade lanes—and, except in the case of serious unforeseen circumstances, those schedules are revised as part of a broader company planning process. So the most common dispatching/ redirection activities in the industry are those for containers and chassis.

When a container or group of containers is booked with a carrier, arrangements are made as to the size and type of containers needed, the container pickup date (from the company’s container yard), and which vessel is scheduled to carry the containers. This can be done by the shipper either by (a) directly contacting the line’s booking agent or (b) inputting the required information (origin, destination, port of loading, commodity description, shipper’s name, type of container, etc.) using the appropriate business transaction section of the line’s website.

Under either approach, that information goes into the company’s mainframe system and becomes available to, for example, the equipment dispatcher, who must determine whether the container yard has the necessary inventory and make arrangements to have the containers available for use; and the marine terminal and vessel operators, who ensure that appropriate preparations are made and that needed equipment (e.g., reefer plugs for refrigerated containers) is available.

The ocean carrier takes control of the cargo either (a) at the terminal gate, in cases where the shipper handles the drayage of the container (known as “merchant haulage”) from its facility to the port of loading; or (b) at the customer’s premises, called a “store door” move, when the ocean carrier provides for the trucking service (known as “carrier haulage”) using a “house” trucking firm that operates under an agreement with the ocean carrier. Carrier haulage is common in the United States and Europe but limited in Asia and Latin America, where merchant haulage is more common.

In the port of departure, the terminal operator will typically have access, via the line’s mainframe system, to reports on arriving containers and the booking information needed to arrange loading by stevedores and plan the arrangement (“stowage”) of containers in the vessel. That information would include, in addition to the identity of the vessel against which the cargo was booked (and therefore the sailing date), details about the type of cargo, special storage requirements, and destination port.

Page 51
Suggested Citation:"A Information Management Systems in the International Liner Shipping Industry." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×

Once the vessel has completed its voyage and arrived at the destination port, the terminal operations staff at that port typically will be working from another report containing the relevant information for off-loading the containers and handing them off for the next leg of their journey. If the next leg is by truck, the move could again be merchant haulage or carrier haulage. If a rail move is involved (say for cargo arriving at the Port of New York and New Jersey and scheduled for a rail move to Chicago), the terminal operator will contact the rail partner by EDI with details about which containers need to be moved and when. For example, if 10 boxes need to be moved by rail to Chicago, the terminal operator will know that its rail partner has five trains running to Chicago in the next 3 days and will inform the rail planning staff which of the 10 boxes have the highest priority (i.e., need to go on the earliest of the trains), or which may require special handling (e.g., hazmat cargo).

INFORMATION FLOW AMONG COLLABORATORS

Because multiline alliances and other vessel-sharing arrangements are such a central part of liner shipping today, a given vessel operating in the U.S. trade may be carrying the cargo of different container lines. Consequently, a significant amount of information must be exchanged among alliance members. Most of this information exchange is handled via EDI, which in turn requires that each alliance partner’s information system be programmed to accept data from the other alliance partners’ systems.

Carriers’ dealings with house truckers are generally handled via EDI or Web tools, if available (and bigger lines generally require such capabilities from their house truckers). Otherwise, trucking arrangements are handled by fax or e-mail. Arrangements for freight movement by rail are also generally made via EDI.

INFORMATION FLOW BETWEEN CARRIERS AND GOVERNMENTS

Customs’ AMS represents a vital link in the flow of information about imported goods. With Customs’ recent promulgation of the so-called “24-hour rule,” which requires that advance cargo (CF 1302) declarations be submitted 24 hours before loading of U.S.-destined cargoes in foreign ports, AMS—in combination with Customs’ Automated Targeting System (ATS)—is becoming the preeminent centralized government data management system for security prescreening of import cargoes to the United States.

Page 52
Suggested Citation:"A Information Management Systems in the International Liner Shipping Industry." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×

Many shipping lines provide cargo manifest information electronically via AMS.2 In addition, a number of ocean carriers and most shippers are participating in Customs’ Automated Export System for the electronic submission of export cargo information; other ocean carriers provide that information today in paper (fax) form.3

Inbound cargo manifest data are sent to Customs’ AMS through one of two data formats: (a) ANSI X12 or (b) CAMIR (Customs Automated Interface Requirements). Each ocean carrier is limited to using only one of those two systems, with ANSI X12 being predominant. Each ocean carrier is also limited to a single source with an electronic interface with AMS. So, for example, ABC Line’s Rotterdam office first will provide cargo manifest information for containers scheduled to be loaded in Rotterdam for a voyage to the United States internally to the ABC Line’s designated single point of contact with AMS (perhaps an office in New Jersey) to be forwarded to AMS. Thus, all cargo manifest information for cargo to be loaded at any port in Asia, Latin America, Europe, onto a vessel bound for, or calling at, a U.S. port must first go to each shipping line’s single AMS contact entity.

When the line’s central source for inbound manifest information contacts AMS, a return receipt is automatically generated confirming the number of bills of lading that were received and accepted and the number of bills of lading that were received and rejected because of incomplete data. The lines then know that further information is required on the rejected bills of lading.

Security prescreening checks are done by using AMS and ATS. An assessment of risk factors results in point scores that allow Customs to determine whether a container should be subject to a so-called security “hold” pending further investigation at the foreign port and whether the container should be physically inspected. Containers for which no hold messages have been communicated by Customs can be loaded, but not until 24 hours after submission of the advance cargo manifest information.

Ocean carriers also produce inbound cargo manifests to foreign governments. However, such manifests are usually paper reports, not electronic filings. Some foreign jurisdictions also request filing of export cargo manifests.

2

The 24-hour rule does not formally require that the CF 1302 cargo declarations be submitted electronically via AMS, but electronic submission is strongly encouraged.

3

It should be noted that Section 343 of the recently enacted Trade Act of 2002 (P.L. 107-210) requires, for all modes, that “not later than 1 year after the date of the enactment of this Act, the Secretary [of the Treasury] shall promulgate regulations providing for the transmission to the Customs Service, through an electronic data interchange system, of information pertaining to cargo destined for importation into the United States or exportation from the United States, prior to such importation or exportation” (emphasis added).

Page 53
Suggested Citation:"A Information Management Systems in the International Liner Shipping Industry." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×

It is expected that more foreign jurisdictions will require electronic submission of cargo manifest information in the future. There are already indications that governments that have signed Container Security Initiative agreements with Customs for prescreening of containerized shipments bound for the United States may be in the process of implementing electronic (export) cargo manifest requirements. Also, the World Customs Organization is developing an international Customs Data Model that assumes the electronic submission of data elements to—and exchange of data elements between—exporting and importing Customs administrations.

INFORMATION FLOW BETWEEN CARRIERS AND CUSTOMERS

Estimates in the trade press suggest that about 75 percent of shipper transactions with ocean carriers are handled by telephone or fax, 20 percent through individual carriers’ websites, and 5 percent via the three Web-based portals (GT Nexus, Inttra, and CargoSmart) that provide access to multiple carriers at one site. The portal systems are designed to allow customers (usually larger shippers) easy access to multiple carriers when they make rate requests or book cargo.

In business transactions between ocean carriers and their customers, user registration and assignment of passwords is a common security measure, but actual encryption of data tends to be limited to situations in which the parties are passing data related to title to goods, as, for example, with remote printing of bills of lading.

Carriers communicate with customers, whether cargo owners, consolidators, or logistics management companies, in a similar fashion. As mentioned in an earlier section (“Central Dispatch/Redirection”), ocean carriers typically have “business transaction” functions as part of their public websites. When customers use the business transaction portion of a carrier’s site, the information input into the system typically goes through an EDI transformation and is forwarded to the (global or regional) mainframe system.

Some companies in the liner shipping industry are moving to customer relationship management (CRM) software, which allows them to more flexibly manage customer transactions through a simpler interlinking of all the company’s individual business systems. For example, CRM software can, by allowing all the separate systems to “talk to each other,” permit a line’s sales representatives, customer service representatives, and various operational staff to access a given customer’s complete transactions history and account information. When a sales

Page 54
Suggested Citation:"A Information Management Systems in the International Liner Shipping Industry." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×

representative signs a service contract, for example, the detailed information (e.g., the number of containers to be moved in each trade lane) would go into the CRM system in a way that facilitates the creation of sales management reports; allows customer service representatives access to the sales representative’s detailed notes on the contract discussions; and indicates to system users factors such as the relevant vessel booking, loading date, and when the trucker is to be contacted. CRM also facilitates contract management activities and simplifies contract compliance reviews.

When customers want to check on the status of particular cargo movements, they can contact the line’s customer service department or use the line’s website. On the website, in a secure section, the customer can track the cargo’s position by using coded information from the relevant bill of lading.

Page 47
Suggested Citation:"A Information Management Systems in the International Liner Shipping Industry." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×
Page 47
Page 48
Suggested Citation:"A Information Management Systems in the International Liner Shipping Industry." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×
Page 48
Page 49
Suggested Citation:"A Information Management Systems in the International Liner Shipping Industry." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×
Page 49
Page 50
Suggested Citation:"A Information Management Systems in the International Liner Shipping Industry." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×
Page 50
Page 51
Suggested Citation:"A Information Management Systems in the International Liner Shipping Industry." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×
Page 51
Page 52
Suggested Citation:"A Information Management Systems in the International Liner Shipping Industry." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×
Page 52
Page 53
Suggested Citation:"A Information Management Systems in the International Liner Shipping Industry." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×
Page 53
Page 54
Suggested Citation:"A Information Management Systems in the International Liner Shipping Industry." Transportation Research Board and National Research Council. 2003. Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274. Washington, DC: The National Academies Press. doi: 10.17226/10730.
×
Page 54
Next: B Security Initiatives and Programs with Cybersecurity Relevance »
Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274 Get This Book
×
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

TRB Special Report 274 - Cybersecurity of Freight Information Systems: A Scoping Study reviews trends in the use of information technology in the freight transportation industry and assesses potential vulnerabilities to a cyberattack. Special Report 274 Summary

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!