Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 69
APPENDIX D U.S. BUREAU OF CUSTOMS AND BORDER PROTECTION USE OF INFORMATION TECHNOLOGY1 The U.S. Bureau of Customs and Border Protection (Customs) has developed an extensive array of information systems that support the collection, processing, and analysis of data on goods, people, and conveyances entering and exiting the United States. These systems were developed over the past three decades with the involvement of many government agencies and the international business and transportation communities. The following statistics are intended to provide a brief picture of the magnitude of two of these systems: • The Automated Commercial System (ACS) currently processes more than 99 percent of the $1.8 trillion in imports and exports in all modes of trans- portation. • The ACS database has 4 terabytes of electronic storage and 6.2 billion records accessed 578 million times daily. • The Treasury Enforcement Communications System (TECS) currently processes more than 475 million travelers entering the United States by air, land, and sea. • The TECS database has 3 terabytes of DASD and a database of 5.3 billion records accessed 766 million times daily. 1The material in this appendix is based on government-supplied information not independently verified by the committee. 69

OCR for page 69
70 CYBERSECURITY OF FREIGHT INFORMATION SYSTEMS: A SCOPING STUDY • ACS and TECS support or have interfaces with more than 100 U.S. gov- ernment agencies and foreign countries, nearly all international trans- portation carriers, and thousands of international businesses and service providers. In August 2001, Customs embarked on a Modernization Program, a 15-year initiative to modernize and integrate its information technology infrastructure to support the government’s oversight of import and export trade compliance, border enforcement, and international passenger processing. Modernization will enable Customs and all participating government agencies to collect, ana- lyze, collaborate on, and disseminate the right international trade and traveler information to internal and outside users in advance or in real time—to the right people, at the right time, and in the right place. Furthermore, the pro- gram will enable border-related government agencies and the international trade and travel private sector to transform the way they do business by imple- menting new processes that support future trade growth and changing business requirements. BASELINE DESCRIPTION OF EXISTING SYSTEMS Today, Customs has information systems in place at the 300 U.S. ports of entry to process all inbound and outbound cargo and passengers. Although these sys- tems are antiquated, they still provide the platform for air and sea carriers to transmit cargo and passenger manifests in advance of arrival and enable importers to file their entries electronically. Customs interfaces with virtually every entity in the international supply chain process—importers, exporters, carriers, and a multitude of intermediaries and service providers. Currently, Customs uses multiple systems that process international trade and travel and support a multitude of agencies and commercial businesses. The following are examples: • ACS tracks and monitors all imports of goods entering the United States. • The Automated Broker Interface is the central government system for the filing of commercial declarations on imported cargo. • The Automated Manifest System is a multimodular international cargo inventory control and release notification system for sea, air, and rail carriers.

OCR for page 69
U.S. BUREAU OF CUSTOMS AND BORDER PROTECTION USE OF INFORMATION TECHNOLOGY 71 • The Automated Export System is the central point through which export shipment data required by multiple agencies is filed electronically for all methods of transportation. • The Advance Targeting System assembles and screens commercial, trans- portation, and passenger data to identify high-risk imported cargo and arriv- ing international passengers. • TECS is a megadatabase of law enforcement information shared by the Federal Bureau of Investigation, the Immigration and Naturalization Service, and Customs. It is used to screen all persons entering the United States. • The Interagency Border Information System meets the data-sharing, ana- lytical, and processing needs of a multiagency (State, Treasury, Justice, Agriculture) border effort for international passengers and conveyances. • The Advance Passenger Information System receives and analyzes biograph- ical data on international air passengers before their arrival in the United States. It covers about 85 percent of the 67 million passengers arriving. The communications backbone is the Treasury Communications System Wide Area Network (Frame Relay) with multiple levels of protection and multiple remote access methods and controls. CURRENT AND PLANNED DEVELOPMENTS The Customs Modernization Program will integrate all Customs information systems that encompass imports and exports, conveyance and shipment track- ing, passenger enforcement, investigative and intelligence support, human resources, and financial management. The first components currently under development are the Automated Commercial Environment (ACE) and the International Trade Data System (ITDS) programs, which focus on cargo import and export operations. ACE and ITDS form a coordinated system that provides a “single window” allowing the international business community to interact with Customs and all government agencies on import/export requirements. ACE will lay the technology foundation for all Modernization programs and deliver enhanced “cradle-to-grave” support of the cargo control and enforce-

OCR for page 69
72 CYBERSECURITY OF FREIGHT INFORMATION SYSTEMS: A SCOPING STUDY ment process. All related functions in field operations and enforcement will be supported from a single common user interface, a single window for officers to perform their work. ACE will process both imports and exports and will be linked seamlessly to enforcement, revenue management, and mission support systems to enable integrated field operations and nationwide collaborative team- ing among officers. Delivery of ACE functions will begin in the field in January 2004 and will continue in phases extending through April 2006. The following are the major business functions of ACE that directly link to the freight transportation sector: • Portal—a universal, secure Internet “window” for all authorized system users (Customs, other government agencies, and the international transportation community) to transmit, analyze, and collaborate on supply chain data. Projected for spring 2003. • Account Management—provides a single comprehensive, nationwide account- based picture of all reported activity and relationships for an importer, an exporter, an international carrier, or a logistics/service provider. Projected beginning spring 2003 through 2005. • e-Release—provides for advance receipt of transportation data via transpon- ders/electronic seal transmissions resulting in inspection or release infor- mation at the earliest point in the supply chain. Projected for truck transportation in 2004 and all other modes beginning in 2005. • Multimodal Manifest—provides for advance transportation data at the earli- est point in the supply chain. Projected for truck transportation in 2004 and all other modes beginning in 2005; will track cargo across modes in 2007. • Cargo and Conveyance Tracking—provides for tracking shipments (includ- ing in-bond) and conveyances, and provides release or status of shipment subject to government agency control. ITDS supports 101 agencies with information and actual operational inter- action on shipments, crew, and conveyances crossing the border. As stated by the ITDS multiagency Board of Directors: ITDS is a federal government information technology (IT) initiative to imple- ment a secure, integrated, government-wide system for the electronic collection,

OCR for page 69
E xterna l l E xterna S ys te m S ys te m EAI L a yer E xtern al S yste m In te rfa ce B ro w ss er Legacy/ B ro w er M o d e rn E n terp ris e M odern RDBM S P o rtal S ervlet P ervasive P erva s ive Ad ap ters C o mm p u ting C o p uting L e g ac y Lega c y DBM S XML Firewall, Intrusion Detection Ap p lic atio n Firewall, Intrusion Detection, Virus H TM LL H TM In te g ra tio n L o g ic B u sin e ss L o g ic S ec u rity/S ystem s M an ag em en t C lie n t W eb & E AI Tier Ap p lic atio n D ata Tie r In te rfa ce T ie r Tier FIGURE D-1 ACE architecture: conceptual view.

OCR for page 69
74 CYBERSECURITY OF FREIGHT INFORMATION SYSTEMS: A SCOPING STUDY use and dissemination of international trade and transportation data . . . The ITDS Board of Directors has oversight responsibility and serves as a forum for harmonization of requirements and dispute resolution among federal agencies. The Board insures that ITDS goals and functionality are integrated with the needs of the public, the participating agencies and Customs modernization plans. CUSTOMS INFORMATION TECHNOLOGY SYSTEMS SECURITY Customs’ new Enterprise Architecture (EA) for ACE and the Modernization is established to support all field activities and align information technology with the strategic objectives of Customs and all agencies. The EA provides for a multi- layer security management system. The information Customs has made public is represented in Figure D-1. POTENTIAL VULNERABILITIES The Customs Modernization and ACE programs will be state of the art but are subject to cyberattacks, as are all information systems. The reality of connec- tivity with the international trade and transportation community and the elec- tronic exchange of massive amounts of data and database queries add to the potential vulnerability.