Military Supply Chain Tracking System Both Inefficient and Dangerous
Yet, this great system of technology and regulations falls apart because the Defense Department uses RFID systems to control and monitor its global container movement. The application of this technology to track cargo overseas is inefficient, dangerous and fundamentally flawed.
The military regulation governing the overall supply chain includes 308 pages, 17 appendices, 73 references to U.S. code, directives, instructions, other regulations and standards, with 173 acronyms. It is a major document describing almost every aspect of the military supply chain.
Radio frequency identification is specifically recommended in these regulations, and for most applications, it’s a good choice. However, while RFID is appropriate in controlled environments, it is absolutely inappropriate for the global environment.
Several reasons account for that weakness: disparate frequencies worldwide; disparate communication protocols; its land-based character and accompanying costs for access and maintenance of the infrastructure needed; and its security vulnerabilities.
RFID technology requires airwaves to communicate. However, the frequencies used vary in different regions of the world. For instance, the RFID frequency used for container tags or devices in China will not work in the United States. The Federal Communications Commission has decided which frequency must be used in the United States and despite protest, issued a final rule in 2004 that only the 433.5 to 434.5 MHz portion of the spectrum band can be used for commercial shipping containers.
Additionally, the FCC’s rule allowed these RFID systems to transmit for a rather long 60 seconds. Any RFID transponder attached to a shipping container — including those of the Defense Department — must use the frequency upon arrival at a U.S. port. The transponder reacts to a triggering radio frequency message from a transceiver used within U.S. port facilities or at other locations. Customs and Border Protection, the military or the port facility can employ that transceiver. It sends the triggering frequency to produce a return transmission of pre-loaded data to the transponder such as manifest or shipping data or information detected by the RFID device including the opening of the container door while in transit.
It must also contend with protocols. In order for the transponder and reader to talk to each other, they need to speak in the same way. In other words, they must follow a protocol or a set of instructions. It is akin to one person speaking Spanish and the other English and at different speeds, with different volumes and both talking at the same time. Protocols tell each person — or in this case global shipping concerns — the container transponder and the interrogator — when to start and stop, what language to use and how fast to talk. Unless the instructions are clear to each, communication may not take place. As with frequencies, there are no global protocols or standards.
In addition to frequency and protocol problems, an equally troublesome area for military RFID usage in container security is the overland movement of cargo in different areas of the world. This requires the creation of a land-based infrastructure of antennas and readers at chokepoints. These are spots along a container’s journey that cannot ordinarily be circumvented, and make a controlled, affordable global distribution path virtually impossible.
Only at chokepoints at a container’s origin and destination is a land-based RFID system a reasonable option. In areas along the container’s route, a land-based system is often complex because each RFID transponder connected to a shipping container would have to “see” the transceiver that triggers the transmission of data from the container. Geography and topography are consequently an issue in constructing antenna systems. For instance, coalition forces have greatly expanded the use of a new supply route to Afghanistan via Russia, Kazakhstan, Uzbekistan and Tajikistan. The highway is an alternative to other roads through central Asia, which have become vulnerable to attack. Thus, the Defense Department will have to control the infrastructure problems that emerge with new routes in addition to those in other countries in which it operates or requires contractors to use RFID tags.
For the department to control the infrastructure where antennas are placed, it will have to own, lease or be given access to the land by local governments along the roads where the containers travel.
Finally, because of chokepoint locations and the distances and time between them, the nature of RFID transmission becomes historical. One can only know what has already taken place when the container is eventually interrogated at the chokepoint. The addition of GPS on a container serves only as location monitoring, not breach detection. Security personnel will only be notified that there was a breach and only if the doors were opened, and only after the breach has occurred.
Beyond all these infrastructure concerns is the real threat RFID poses to port facilities around the world. The fact that only approved and published RFID signals are required to be transmitted on a required frequency at U.S. ports by both the private and public sectors, makes the system a potential instrument of terrorist tactics. Private sector and government agencies, such as CBP and the Defense Department can, by virtue of routine and normal procedures, unwittingly detonate explosive devices planted by terrorists in containers at U.S. ports.
In November 2007, an international transportation security company, two Defense Department contractors, a container retailer, a university, and a U.S. city’s bomb squad demonstrated how an RFID tag could send a signal to a detonator built from widely available, over-the-counter components. An undergraduate student spent about $20 to make the detonator. The RFID signal detonated a small amount of explosives in a container by means of a simple emission of a radio signal traveling on the approved RFID 433 MHz frequency. Officials from the Defense Department, Government Accountability Office, Department of Homeland Security and Coast Guard observed the demonstration. The office of the secretary of defense sent two observers, including the chief engineer of an RFID program and his supervisor.
They witnessed the preparation of the device used that day. The Army confirmed in writing that its representatives examined the device and wiring and validated the demonstration.
In the Defense Department’s own words, the “Army representatives examined the device and wiring and confirm that a commercial RFID interrogator was used to ‘wake up’ a commercial RFID tag. When the RFID tag responded on the 433 MHz frequency, the relay closed and the blasting cap set off the explosive charge.”
The result of the test was filmed and is available for review. The video was also sent to the House Homeland Security Committee, among others. It showed empirically the vulnerability of RFID transmissions as approved and mandated for use with containers.
Two months after the demonstration, DHS made an official statement.
“DHS recognizes and benefits from the use of RFID technology to ensure the smooth and secure movement of both people and cargo into the United States. It is accurate that RFID systems are in use at U.S. ports of entry (air, sea and land) and have been adopted by a number of private-sector companies for supply chain management, asset and shipment tracking and inventory purposes. While RFID systems used in maritime ports rely upon a variety of transmission frequencies for port and terminals operations, there is currently no one common RFID frequency in use throughout the global supply chain.
“While it is technically feasible that the detection of RFID emissions could be used to trigger an explosive device within a container, DHS does not agree with the report’s assessment that ports that employ RFID technology become more vulnerable to terrorist attack.”
DHS, therefore, admits in writing that using this frequency to trigger an explosive device is technically feasible, but the public shouldn’t worry about it. In other words: “We know this can happen, but let’s wait until it does.” Unfortunately, this vacuous logic is indicative of DHS in its container security efforts.
It is difficult to distinguish which is worse, the acknowledgement by DHS that RFID container security applications are a vulnerability, or the continued employment of the technology by the Defense Department for its containers after experiencing the results of the bomb blast demonstration.
One must question why the Defense Department recently placed a $429.4 million order for RFID devices called DASH7.
To what extent does this lack of understanding of — or refusal to admit to — the existence of the vulnerability permeate the higher echelons of the Pentagon and the military logistics commands? Or is this just one more example of politics influencing contract decisions in the military industrial establishment? Could it be the political correctness of not questioning authority or policy? Will it take death or a catastrophe to effect change? These questions are as real as the vulnerability.
There are alternatives to radio frequency identification technology mandated for container security, and they can provide more features than what RFID offers. Any routine reading of logistics industry publications would be enough for the Defense Department to understand that choices already exist in the market. It’s time for the Defense Department to learn more and play politics less.
James R. Giermanski is the chairman of Powers Global Holdings Inc. and president of Powers International LLC, an international transportation security company. He served as regents professor and director of transportation and logistics studies at the Center for the Study of Western Hemispheric Trade at Texas A&M International University.