Terminal Operators and Their Role in U.S. Port and Maritime Security

Prepared for Members and Committees of Congress

The failed attempt by Dubai Ports World (DP World) to operate marine terminals at some U.S.
ports raises the issue of whether foreign marine terminal operators pose a threat to U.S. homeland
security. Notwithstanding the sale of U.S. terminal operations by DP World to a U.S. entity, the
underlying issue remains because many U.S. marine terminals are operated by foreign-based
companies and a similar transaction could occur in the future, given the global nature of the
shipping industry.
Evaluating the potential security ramifications of foreign-based terminal operators requires first
understanding how ports work and who is in charge of their security. Most major U.S. ports are
publicly owned by a “port authority,” which is a public organization associated with a city,
county, regional, or state government. A port typically contains many terminals that are each
designed to handle different types of cargo. Some port authorities operate all or some of their
marine terminals, but most ports lease their facilities to several different terminal operating
companies. All of the cargo handling that takes place on a marine terminal is performed by
members of a longshoremen’s union.
The Coast Guard is in charge of the security of port facilities and vessels, and Customs and
Border Protection (CBP) is in charge of the security of cargo. Coast Guard regulations and CBP
security guidelines require terminal operators to provide basic security infrastructure, such as
fences, gates, and surveillance cameras, and follow certain security practices when handling
cargo. The Transportation Security Administration (TSA) is developing a credentialing process
for screening port workers. However, port security involves much more than the measures put in
place within the immediate vicinity of a U.S. port complex. Not finding a terrorist-placed weapon
until after it reaches a U.S. port could be too late to prevent a potentially catastrophic event. Thus,
securing the cargo and ships in transit to U.S. ports is critical and consequently the bulk of federal
security activity takes place before cargo is unloaded at U.S. ports. Key layers of security are
CBP’s scrutiny of U.S.-bound cargo at the overseas port of loading and the Coast Guard’s
scrutiny of ships before they enter U.S. harbors.
The necessity of pushing the border out to counter the terrorist threat requires the cooperation of
shippers, carriers, ports, and border agencies in the country of origin to take security precautions
with U.S.-bound cargo. Global terminal operators like DP World may handle U.S. cargo at the
overseas loading port, even if they do not handle it at a U.S. port. Thus, a key issue for
policymakers is deciding under what conditions the United States should trust foreign cargo-
handling entities and whether they should be treated as partners in securing U.S. supply lines. The
DP World controversy refueled debate about whether the nation is doing enough, with sufficient
urgency, to secure U.S. ports. In its oversight role, Congress is assessing the effectiveness of
Coast Guard and CBP maritime security initiatives and faces pressing questions about the overall
security of ports and maritime commerce.

Port Administration and Operation..................................................................................................1
An Industry Driven by Globalization........................................................................................3
Security Requirements of Terminal Operators................................................................................4
Coast Guard Requirements.......................................................................................................4
Facility Security Plan..........................................................................................................4
CBP’s Requirements.................................................................................................................5
Customs-Trade Partnership Against Terrorism...................................................................6
Security Infrastructure...............................................................................................................7
Security Personnel.....................................................................................................................7
Screening Port Workers.............................................................................................................7
Security Extends Beyond the Port...................................................................................................8
Overseas Activity......................................................................................................................9
Coast Guard........................................................................................................................9
CBP ............................................................................................................................ ......... 9
Issues for Congress.........................................................................................................................11
Terminal Ownership and Security............................................................................................11
Foreign Terminal Operators and Owners...........................................................................11
A Border-centric or Systems Approach to Security................................................................12
Assessing DHS Maritime Security Initiatives.........................................................................12
Prioritizing Maritime Security Risks.......................................................................................13
Author Contact Information..........................................................................................................14

he failed attempt by Dubai Ports World (DP World) to operate marine terminals at some
U.S. ports raises the issue of whether foreign marine terminal operators pose a threat to
U.S. homeland security. DP World is a terminal operating company that operates as a 1T

commercial entity, but is owned by the Government of Dubai in the United Arab Emirates. In
March 2006, DP World purchased a competitor, the British-owned Peninsular & Oriental Steam
Navigation Company (P&O). P&O leased marine terminals around the world, including at five
U.S. ports – New York and New Jersey, Philadelphia, Baltimore, Miami, and New Orleans, and
was involved in other cargo handling operations at other East and Gulf Coast ports, as well as a
cruise terminal in New York City. As part of DP World’s purchase of P&O, DP World acquired 2
P&O’s terminal leases or concessions at these U.S. ports. However, as a result of Congressional
opposition, DP World announced on March 9, 2006 that it would sell its stake in the U.S. portion
of P&O’s operations to a U.S. entity and on March 16, 2007, DP World sold its stake to AIG 3
Global Investment Group.
Notwithstanding the sale of U.S. terminal operations by DP World to a U.S. entity, the underlying
issues remain: Is the ownership of a terminal operating company relevant to the security of a U.S.
port? Does foreign takeover of terminal operating leases potentially pose a threat to U.S. security?
Should companies owned by foreign governments be precluded from operating U.S. port
terminals? These policy questions remain an issue because (1) many U.S. marine terminals are
operated by foreign-based companies, and (2) given the global nature of the shipping business,
similar transactions may occur in the future.
The purpose of this report is to provide information relevant in answering these questions. It
begins by explaining how ports work and what marine terminal operators do. It then reviews the
extent of foreign involvement that already exists in U.S. ports. The next section describes the
responsibility of terminal operators in providing security at U.S. ports and how their role fits in
with the larger task of securing the entire maritime supply chain. The report concludes by
examining port security issues for Congress.

The debate over the DP World transaction often confused the terms “port,” “port authority,” and
“terminal.” Most major U.S. ports are publicly owned by a “port authority,” which is a public or
quasi-public organization associated with a city, county, regional, or state government. A port
authority is responsible for the overall administration of the property, terminals, and other
facilities on the port complex. A marine terminal is an assigned area with equipment for loading
and unloading ships, and space for staging cargo until it is loaded on the ship or transferred to
overland modes of transport. Some port authorities operate all or some of their marine terminals
themselves, but most ports are “landlord” ports because they lease their facilities to terminal
operating companies (the tenants). These leases are typically long-term – in the range of 10 to 30
years. Either the port authority or the terminal operator will supply the cranes and other cargo

1 For further information on the United Arab Emirates, see CRS Report RS21852, The United Arab Emirates (UAE):
Issues for U.S. Policy, by Kenneth Katzman.
2 The Committee on Foreign Investment in the United States (CFIUS) reviewed and approved this transaction. For
further information on CFIUS, see CRS Report RL33312, The Exon-Florio National Security Test for Foreign
Investment, by James K. Jackson.
3 See DP World News releases dated March 9, 2006 and March 16, 2007 available at http://www.dpworld.com/.

handling equipment. It depends on the lease agreement between the port authority and each
terminal operator.
As one port authority suggests, one can think of a public port like a shopping mall.4 The port
authority owns the entire mall property while the stores are leased to individual retail companies.
A large port could contain 15 to 20 marine terminals of various types. Some of the terminals
could handle containers (which are truck-trailers without the wheels), others may handle dry bulk
cargo (such as coal, grain, or sugar), liquid bulk cargo (such as petroleum or chemicals),
breakbulk cargo (such as steel coils, pipes, or large machinery), or automobiles and trucks. A
typical container terminal may be 100 to 300 acres in size, while the entire port complex of a
major port may be 2,000 to over 3,000 acres in size.
While the above model applies to the marine terminals involved in the DP World transaction, it
does not apply to all marine terminals. Public port authorities only own approximately one-third 5
of the deep-draft marine terminal facilities in the United States. Many of the privately owned
marine terminals are associated with the oil, gas, and chemical industries. In these cases, the
waterside terminal may be a component of a larger industrial complex on land. For instance, at
the Port of Houston, the Port of Houston Authority only owns or leases 12 marine terminals while
there are 138 private terminals that are owned by either U.S.-based, foreign-based, or multi-
national corporations that handle approximately 85% of the cargo that moves through the Port of 6
Terminal operators (a.k.a. stevedores) contract with longshoremen unions to provide cargo 7
handling services on the docks. Longshoremen are hired by and report directly to a union hiring
hall. Terminal operators also employ a management team who are hired by and report directly to
the terminal operating company. Longshoremen, called “dockworkers,” operate cranes that
physically move the cargo from ship to dock and vice versa. Longshoremen, called “checkers,”
perform clerk functions in an office in or near the port. At a container terminal, the checkers are
responsible for directing the container traffic within the terminal area – they tell the dockworkers
where containers need to be moved. The ocean carrier provides a stowage plan which tells the
terminal operator where the containers need to be loaded on the ship. In the case of inbound
shipments, the terminal operator separates those containers to be picked up by truck from those
that will move by rail (if there is an “on-dock” railroad at the terminal). Longshoremen also staff
the gates where trucks enter to pick-up and drop-off containers.
Longshoremen do not know the contents of containers except for containers carrying hazardous
material, which require special handling and storage requirements. The terminal operator is not 8
concerned with the origin and final destination of the shipment. The only cargo information
relevant to the terminal operator in performing its function is the weight of the container (for ship

4 An analogy used by the Port of Tacoma, “Questions and Answers: Port Terminal Ownership, Operations, and
Security,” February 24, 2006, Press Release.
5 U.S. Maritime Administration, U.S. Public Port Development Expenditure Report, November 2005, p. 1.
6 Port of Houston Authority, Fact Sheet, available at http://www.portofhouston.com.
7 The longshoremen unions negotiate their contracts with a trade association that represents terminal operators.
8 Testimony of Robert Scavone, P&O Ports North America, House Committee on Transportation and Infrastructure,
Subcommittee on Coast Guard and Maritime Transportation, hearing on Implementation of Port Security Programs,
March 9, 2006.

loading purposes), whether or not it has been released by Customs (for imported cargo), the bill
of lading number (or booking number for export cargo), seal number, and container number.
While DP World would have been the first Middle Eastern based company to operate container
terminals in U.S. ports, most container terminals are operated by other foreign-based companies.
A survey by the U.S. Maritime Administration found that at the seventeen largest U.S. container
ports, 45 terminals (66%) were operated by a foreign based company, 5 terminals (7%) were
operated by a joint venture between a domestic and foreign based company, and 18 terminals
(26%) were operated by a purely domestic terminal operating company. The survey found that
several of the ports have no U.S.-based container terminal operators: Baltimore, Jacksonville,
New Orleans, Houston, Los Angeles, and Tacoma. At the combined Ports of Los Angeles and
Long Beach, the largest container port complex in the United States, only three of the fifteen
container terminals are operated by U.S.-based companies. At the Port of New York and New
Jersey, the second largest container port, only two of the six container terminals are operated by
U.S.-based companies. At the Port of Norfolk and the Port of Savannah, the port authority 9
operates the terminals rather than leasing them to private terminal operators. The Port of Portland
(Oregon) leases its container terminal to a U.S. based operator. Most of the foreign terminal
operators are based in Hong Kong, Japan, South Korea, Taiwan, Singapore, China, the United
Kingdom, and Denmark. A handful of terminal operators are partially owned by the governments
of Singapore, Taiwan, and China.
Most U.S. container terminals are managed by foreign companies because almost all of the
container shipping lines are owned by foreign companies. Typically, a foreign container shipping
line creates a U.S. subsidiary or a U.S. affiliate to operate the terminals at its busiest U.S. ports to
better ensure service quality and control costs. Two large U.S.-based container lines and their
terminal operations were sold to foreign interests in the late 1990s. In 1997, American President
Lines was sold to Neptune Orient Lines, which is partially owned by the government of
Singapore. In 1999, Sea-Land Service, the U.S. company that pioneered container shipping in the
late 1950s, was sold to Maersk Lines, a Danish carrier. The president of the World Shipping
Council (WSC) who is also a former executive of Sea-Land believes that U.S. investors have
avoided the container shipping industry because of its high capital investment requirements,
“boom and bust” cycles, intense competition, and because foreign tax laws are more favorable to 10
While many terminal operators are affiliated with a steamship line, independent terminal
operating companies also exist. DP World and P&O are two of several global terminal operating
companies. Other global stevedores are Hutchison Port Holdings, based in Hong Kong; PSA,
based in Singapore; and SSA Marine, based in Seattle. One estimate is that the four largest global 11
terminal operators handle about 80% of the containers being shipped worldwide. Some U.S.

9 Except that a foreign company has a 50% stake in the operations of one of the terminals at the Port of Norfolk.
10 Testimony of Christopher Koch, President and CEO of the World Shipping Council, House Homeland Security
Committee, Hearing on SAFE Port Act, April 4, 2006.
11 Testimony of Gary Gilbert, Senior Vice President, Hutchison Port Holdings, Senate Committee on Homeland
Security and Governmental Affairs, Subcommittee on Investigations, Hearing on Securing the Global Supply Chain,
March 30, 2006.

independent terminal operators only operate in the United States, such as Maher Terminals and
American Stevedores in New York, and Transbay and Marine Terminals Corporation in Oakland.
Foreign involvement in U.S. port terminal operations is an extension of an industry driven by
globalization. The largest container shipping lines have extended their services around the globe
because their biggest customers, such as big box retailers and auto, electronics, and clothing
manufactures, have extended their supply lines and distribution networks around the globe. In
turn, global independent terminal operators, such as DP World or P&O, seek to follow their
customers, the shipping lines. The shipping business is capable of scanning the globe for low-cost
inputs. For instance, it is not improbable that a ship calling at a U.S. port could have been built in
South Korea, registered in Panama, owned by a Greek company, operated by a Japanese ocean
carrier, captained by a German, and crewed by Filipinos.

Terminal operators are responsible for maintaining security on the property they rent from the
port authority. Coast Guard regulations and Customs and Border Protection (CBP) security
guidelines require terminal operators to provide basic security infrastructure and follow certain
security practices when handling cargo. These requirements are reviewed in some detail below
because they indicate the specific responsibilities of a terminal operator in providing security at a
The Coast Guard is in charge of the security of port facilities and vessels, under the terms of the
Ports and Waterways Safety Act of 1972 (P.L. 92-340) and the Maritime Transportation Security 1213
Act of 2002 (MTSA, P.L. 107-295).
Each terminal operator in a port area is required to conduct a security assessment of their facility 14
as well as write a security plan and submit it to the Coast Guard for review and approval. The
Coast Guard does not mandate specific security equipment or procedures that the terminal
operators must adopt but rather calls for “performance-based” criteria to be used to ensure the
security of the facility. The security plan provides some leeway for the terminal operators to tailor
their security measures to their particular type of cargo terminal.
In the facility security plan, the terminal owner or operator must specify how it will address the
security vulnerabilities identified in its security assessment. For instance, it must restrict access to
its facility with fences and a system to identify unauthorized personnel. The operator must specify
how it will monitor activity at the facility through the use of some combination of security
guards, water-borne patrols, alarm systems, surveillance equipment, and lighting. In the case of

12 MTSA regulations are codified at 33 CFR 101 et. seq.
13 The Coast Guard is also charged with a number of non-homeland security missions: marine safety, marine
environmental protection, fisheries enforcement, aids to navigation, and others.
14 See 33 CFR Part 105 for a complete listing of port facility security requirements.

container facilities, the operator must specify how it will check container seals and verify that
arriving trucks have legitimate business at the facility. The facility operator must conduct periodic
security drills and exercises. It is required to designate a Facility Security Officer (FSO) who is
responsible for ensuring that the facility is in compliance with Coast Guard regulations and serves
as the point of contact for notifying security threat level changes. The FSO is also required to
keep records for two years and make them available to the Coast Guard regarding security
training sessions, drills and exercises, security incidents and breaches, changes in security threat
levels, maintenance of security equipment, and other records regarding security procedures at the
The Coast Guard inspects terminals for compliance with security requirements. July 1, 2004 was
the deadline for port facilities to begin operating under their security plans. Between then and
January 1, 2005, the Coast Guard conducted initial on-site inspections at approximately 3,150
port facilities in more than 300 U.S. ports to check on compliance with the security plans. The
Coast Guard plans to conduct annual compliance inspections at port facilities but the Coast Guard
Captain of the Port, which is the lead federal official in charge of a port area, can also verify
continued compliance at the facilities in his or her area at any time. To ensure that inspections
reflect the normal course of business at a terminal, the Coast Guard has indicated that it is using 15
unscheduled or unannounced spot checks to check on compliance. The Coast Guard reports that
since July 2004, it has required corrective action on more than 700 violations of the MTSA
security regulations and that of those 700 plus violations, 44 resulted in major control actions, 16
such as closure of the terminal until corrective action was taken.
Similar to terminal operators, vessel owners must also submit for Coast Guard approval a security
assessment and security plan for their ships. Because of the close interface between vessels and
facilities (when the vessel is in port), vessel and facility owners are required to coordinate their
security measures and procedures and submit evidence of this coordination in a document called a
“Declaration of Security.” Facility and vessel owners are required to update and resubmit their
security plans to the Coast Guard every five years or whenever a substantial change is made to
their facility or vessel.
CBP is in charge of cargo security. When CBP inspects cargo shipments arriving from overseas,
the terminal operator’s role is to set those shipments aside as CBP directs. CBP is the primary 17
federal agency tasked with ensuring the security of the nation’s borders. CBP’s port security
mission is to prevent terrorists and instruments of terror from entering the United States. Like the
Coast Guard, CBP faces the difficult challenge of achieving a sufficient level of security while
not jeopardizing the efficient flow of commercial goods at the nation’s ports of entry (POE).
Generally, every shipment, whether it arrives via maritime, truck, rail, or air cargo container, must

15 GAO, Coast Guard: Observations on Agency Priorities in FY2006 Budget Request, March 17, 2005, GAO-05-364T,
p. 10.
16 Testimony of Rear Admiral Thomas Gilmour, U.S. Coast Guard, House Armed Services Committee hearing,
National Security Implications of Dubai Ports World’s Takeover of U.S. Ports, March 2, 2006.
17 CBP was created in the reorganization that followed the creation of the Department of Homeland Security (DHS)
with the passage of the Homeland Security Act of 2002 (P.L. 107-296), and is comprised of the inspection functions of
the legacy US Customs Service, Immigration and Naturalization Service, the U.S. Border Patrol, and a portion of the
inspectors of the Animal and Plant Health Inspection Service. CBP is also home to CBP Air and Marine.

be released by CBP before it may enter the commerce of the United States. CBP is not only
responsible for ensuring the security of the containers (in terms of preventing their subversion by
terrorists and other criminals), but is also responsible for ensuring that the cargo does not violate
any commercial laws of the United States.
The Customs-Trade Partnership Against Terrorism (C-TPAT) was initiated in April 2002 as a
voluntary program offering importers expedited processing of cargo and other benefits if they
comply with CBP requirements for securing their entire supply chain. Currently, C-TPAT is open
to importers, carriers, freight forwarders, customs brokers, U.S. port authorities, terminal
operators, and Mexican and other CBP-invited foreign manufacturers. In order to participate in
the C-TPAT, applicants must sign an agreement that commits them to assessing the security of
their supply chains, submit a security questionnaire to CBP, implement a security program in
accordance with C-TPAT guidelines, and extend their security program to other companies
involved in their supply chain.
Once the applicant company has conducted the security self-assessment and submitted the
security profile, CBP reviews the security profile to develop an understanding of the company’s
security practices. CBP also reviews information regarding the company’s trade compliance
history and any past criminal investigations. Based upon the results of these reviews, CBP will
work with the applicant to address any security concerns discovered during the review, or will
certify the applicant as a C-TPAT certified member. CBP also conducts what is called a
‘validation’ of a C-TPAT certified members’ security arrangements. The validation process is an
on-site review of the supply chain security measures outlined by the C-TPAT participant in the
security profile it submitted to CBP. CBP has created Supply Chain Security Specialists (SCSS),
who conduct the validation. During the validation process, the SCSS will meet with company
representatives and potentially visit selected domestic and foreign sites in the C-TPAT 18
participant’s supply chain.
C-TPAT security guidelines differ depending on the type of business the applicant is engaged in.
For instance, importers have a different set of security guidelines than carriers, or port or terminal
operators; and C-TPAT guidelines recognize that terminals, for example, vary according to the
type of cargo they handle. As with other C-TPAT participants, U.S. Marine or Port Terminal
Operators (MPTO) must conduct a comprehensive assessment of their international supply chain
(conveyances, foreign facilities, domestic warehouses, etc.) and work with their business partners
to ensure that the appropriate security measures are adhered to throughout their supply chain. The
security guidelines that MPTO must commit to implementing and maintaining throughout their
supply chains in order to become a member of C-TPAT include the following categories:
conveyance security (to prevent unauthorized access or tampering); business partner requirements
and security procedures (to ensure that partners commit to C-TPAT guidelines); container security
(procedures for ensuring proper sealing and container integrity, along with procedures to report
any problems to CBP); physical access controls (identification badges, visitor and vendor
controls, mail screening etc.); procedural security; personnel security (background checks and
investigations, etc.); physical security (fences, gates, cameras, alarms systems, etc.); and

18 CBP, “C-TPAT Validation Fact Sheet,” accessed at http://www.cbp.gov/xp/cgov/import/commercial_enforcement/

information technology security.19 As the above discussion indicates, C-TPAT requirements for
Port Authorities and Terminal Operators are similar to the Coast Guard’s security requirements.
Whether the terminal operator or the port authority is responsible for providing basic security
infrastructure, such as perimeter fencing, security gates, lighting, monitoring equipment, or alarm
systems, is likely to be addressed in the terms and conditions of the lease agreement between the
port authority and the terminal operator. The geography of a port complex is one factor that could
determine infrastructure security arrangements. For instance, if there are a group of terminals that
abut one another, then the port authority may be the party that provides perimeter fencing and a
perimeter security gate for access to all the grouped terminals. On the other hand, if a particular
terminal is isolated from other terminals in a port complex, then the terminal operator may be
responsible for providing security infrastructure. The federal government has provided funding
directly to ports for security infrastructure. Since September 11, 2001, the federal government has
provided about $876 million in six rounds of grants to port authorities and individual terminal 20
operators for security infrastructure.
Either the port authority or the terminal operator hires security guards. Within the grounds of a
terminal, there may be security guard and “port watchmen” positions defined in the contract
between the longshoremen’s union and the terminal operator. A few of the largest port authorities
have their own police force. The port authority police force could include both waterside and
landside patrols, and police assigned to port gates. Other port authorities rely on the police force
of the government with which they are associated, such as city, county, or state police.
A key issue in port security is the trustworthiness of the people who work in them. As per MTSA
(46 USC 70105), DHS is responsible for determining whether a port worker poses a potential
terrorism security risk. The Coast Guard is assisting the Transportation Security Administration
(TSA) in developing a worker identification card (Transportation Worker Identification
Credential, TWIC) that will be used to limit access to secure areas of a port or vessel. MTSA
requires that the card use biometric technology and that the card be issued to only those port 21
workers who are not deemed a terrorism security risk as determined by the Secretary of DHS.
TSA’s initial deadline for issuing TWIC cards was August 2004. The GAO investigated why TSA
missed its initial deadline and found that delays were due to difficulty in obtaining DHS approval
to proceed with the prototype phase, extra time needed to collect data for a cost-benefit analysis,

19 See, CBP, “Online Application for U.S. Marine Port Authority/Terminal Operators,” http://www.cbp.gov/xp/cgov/
import/commercial_enforcement/ctpat/onlinectpat_app_process/marine/app_marine_port_auth_operators.xml for a
more complete discussion of these guidelines.
20 Association of American Port Authorities, http://www.aapa-ports.org.
21 MTSA (116 STAT. 2073) provides some guidance as to determining terrorism risk and requires an appeals process
for those found ineligible for a card.

and additional work required to assess card technologies.22 The agencies tested a prototype
worker card at various ports in 2005 and implementation of the card is to begin in 2007. A
contentious issue, among several, is deciding what criminal offenses might disqualify a worker
from obtaining a card.
Most port authorities are awaiting the deployment of the TWIC card to provide an ID system for
port workers. However, a couple of port authorities have an ID card system already in place. The
Port Authority of New York and New Jersey has had an ID system for dockworkers since 1953.
The Waterfront Commission of New York Harbor performs background checks on all
longshoremen at the port, who must be registered and licensed. The Commission was created in

1953 to fight corruption at the port. The Port of Miami introduced an ID system a few years 23

ago. Three port authorities in Florida have begun implementing a state-wide ID system to fulfill 24
requirements of a Florida state law on port security. The Florida law requires a fingerprint-based
criminal history check of port workers.
As long and difficult as it has been to develop a background check and ID system for U.S. port
workers, this effort concerns only one node in the maritime transportation system. The United
States has no jurisdiction over transportation workers in overseas ports, as well as the truck
drivers, rail workers, and others who directly handle the cargo on its way to the overseas port.
One of the criteria for C-TPAT participants is to conduct background checks on their employees.
However, it is not known how or if CBP validates these checks. While background checks can
provide some level of assurance as to the trustworthiness of a worker, experience has shown that
individuals, who have undergone much greater scrutiny, such as high level security clearances,
have occasionally proven untrustworthy.

Port security involves much more than the measures put in place within the immediate vicinity of
a U.S. port complex. Securing the cargo and ships in transit to U.S. ports is arguably more critical
and consequently the bulk of security activity takes place before cargo is unloaded at U.S. ports.
While U.S. ports are an acceptable place to interdict illegal drugs and enforce trade laws, not
finding a terrorist weapon until after it reaches a U.S. port could be too late to prevent a
potentially catastrophic event. In response to this reality, the Coast Guard and CBP have adopted
a strategy of “pushing the borders out” with a layered system of security measures. Key elements
in this layered strategy are CBP’s scrutiny of U.S. bound cargo at the overseas port of loading
and the Coast Guard’s scrutiny of ships before they enter U.S. harbors. Thus, with respect to anti-
terrorism measures, U.S. ports are viewed as the last line of defense rather than the first.

22 GAO Report GAO-05-106, Port Security: Better Planning Needed to Develop and Operate Maritime Worker
Identification Card Program, December 2004. TWIC delays were also the subject of a congressional hearing, House
Transportation and Infrastructure Committee, Subcommittee on Coast Guard and Maritime Transportation, Field
Hearing on National Strategy for Maritime Security, January 24, 2006.
23 “Where’s Your ID?” Journal of Commerce, November 12, 2001, p.44.
24Not Waiting for TSA, Journal of Commerce, February 20, 2006, p.16.

Recognizing the international nature of the shipping industry, the Coast Guard has sought to raise
global standards for maritime security. Through the International Maritime Organization (IMO), a
United Nations body that establishes shipping standards, the Coast Guard assisted in the
development of a new international code for maritime security: the International Ship and Port
Facility Security Code (ISPS), which went into effect on July 1, 2004. The ISPS contains
security-related requirements for Governments, port authorities, and ship owners. The host
government is responsible for enforcing the code. The ISPS largely parallels MTSA with respect
to the security requirements of ports and ships. The Coast Guard also actively assesses the
security of foreign ports that trade with the United States. The Coast Guard is visiting all of the
140 countries that trade with the United States to assess the effectiveness of anti-terrorism
measures at their ports.
To counter the terrorist threat in part, the Coast Guard has sought to improve the quality and
advance the timing of information submitted to them by vessels so that they can better evaluate
the terrorism risk posed by ships, crews, and cargo bound for U.S. ports. After September 11,

2001, the Coast Guard instituted new reporting requirements for ships entering or leaving U.S.

harbors. The former 24-hour advance Notice of Arrival (NOA) was extended to a 96-hour NOA.
The NOA includes detailed information on the crew, cargo, and the vessel itself. The Coast Guard
evaluates this information and other intelligence to determine what action it may take, if any,
regarding the vessel. It could board and inspect the ship in the open ocean, at an anchorage near
shore, at the dock, and it may escort the ship into (and out of) the port to enforce a security zone
around the ship.
The Coast Guard is also deploying a vessel tracking system (the Automatic Identification System
that has a range of 20-30 miles) to monitor ship traffic in U.S. harbors. This capability currently
exists at 12 U.S. ports and the agency plans to extend this capability nationwide. The Coast Guard
is also pursuing a long-range vessel tracking system that will have a range of about 2,000 nautical
The Container Security Initiative (CSI), one of a series of initiatives aimed at improving the
security of cargo destined for the United States, was initiated by the U.S. Customs Service (now
CBP) in January of 2002 to prevent terrorists from exploiting containers entering into the United
States. CSI is based on four core elements: (1) identifying high-risk containers; (2) pre-screening
high-risk containers at the earliest possible point in the supply chain; (3) using technology to pre-
screen high risk containers quickly; and (4) developing and using smart and secure containers.
Under the CSI program, CBP officers are sent to participating ports where they collaborate with
host country customs officers to identify and pre-screen high-risk containers using non-intrusive
inspection technology before the containers are loaded on U.S.-bound ships. CSI ports provide
CBP an opportunity, in cooperation with host country officials, to screen and potentially inspect
cargo containers before they arrive at U.S. seaports.

CBP continues to expand CSI to additional foreign ports. By the end of 2007, CBP hopes to
expand CSI to 58 ports, covering approximately 85% of the volume of maritime containers
shipped to the United States. As of September 2006, CSI was operational at 50 foreign ports,
covering approximately 82% of the volume of maritime containers destined for the United 25th
States. The port of Dubai, United Arab Emirates, became the 35 operational CSI port on March 26

26, 2005.

CBP’s cargo inspections are dependent on receiving accurate information in a timely manner in
order to execute risk assessment and targeting procedures before shipments arrive at U.S. Ports of
Entry. To give inspectors adequate information and time to perform a risk assessment on arriving 27
cargo shipments, the legacy Customs Service published a rule (known as the 24-hour rule)
requiring the submission of certain cargo manifest information to Customs 24 hours in advance of
the vessel cargo being laden at the foreign port. The Trade Act of 2002 (P.L. 107-210), as
amended, required CBP to develop rules requiring the mandatory electronic submission of cargo 28
manifest data for all modes of entry. The final rule maintained the 24-hour rule, which applies to 29
all U.S.-bound vessel cargo. The 24-hour rule applies to all U.S.-bound vessel cargo, regardless
of whether or not the cargo passes through a CSI port. CBP is also exploring the acquisition of
additional data that would provide CBP access to data covering the entire movement of a
container: from point of packing to final destination. CBP has established a program called the
Advance Trade Data Initiative (ATDI) as the prototype for the acquisition of this data.
CBP uses the Automated Targeting System (ATS) in order to identify high-risk containers
requiring additional inspection. ATS uses electronically filed entry information to automatically
flag high-risk shipments. ATS standardizes manifest, bill of lading, entry, and entry summary data
and creates integrated records called “shipments.” These shipments are then evaluated and scored
by ATS using weighted rules derived from the targeting methods of experienced personnel. The
higher the score, the more attention the shipment requires, and the greater the chance it will be
targeted for additional enforcement actions (non-intrusive scans or physical inspection). When
CBP asserts that it screens 100% of U.S.-bound cargo, it is referring to the use of the ATS system
to identify high-risk containers.

25 CBP, “Container Security Initiative Reaches Gold: Fifty Seaports Now Targeting and Pre-screening Cargo Destined
for U.S.Press Release, Sept. 29, 2006.
26 CBP, “Port of Dubai to Implement the Container Security Initiative and Begin Targeting and Pre-Screening Cargo
Destined for the US, accessed at http://www.cbp.gov/xp/cgov/newsroom/press_releases/archives/2005_press_releases/
27 U.S. Department of the Treasury,Presentation of Vessel Cargo Declaration to Customs Before Cargo Is Laden
Aboard Vessel at Foreign Port for Transport to the United States,” Federal Register, vol. 67, no. 211, Oct. 31, 2002, pp.
28 The Trade Act of 2002 (P.L. 107-210), as amended by the Maritime Transportation Security Act of 2002 (P.L. 107-
29 Department of Homeland Security, Bureau of Customs and Border Protection, “Required Advance Presentation of
Cargo Information; Final Rule,” Federal Register, vol. 68, no. 234, Dec. 5, 2003, pp. 68140-68177.

The port security debate surrounding the DP World purchase of P&O has raised a number of
issues for Congress. Among them are the degree to which ownership is relevant to security and
what potential threats to security may stem from such ownership; the federal presence on port
grounds that is necessary to insure the security of a port; and the identification and mitigation of
vulnerabilities in the maritime supply chain.
At issue for policymakers is how to ensure and verify compliance with agreed-upon security
standards in an environment in which terminal ownership is subject to change and frequently is
foreign-based. DHS seeks a security regime which requires terminal operating companies to
comply with federal security measures regardless of ownership. The Coast Guard checks for
compliance with physical security requirements at the terminal. CBP, through its C-TPAT
program, requires terminal operators to adhere to similar security measures. CBP is also in charge
of deciding which cargo to physically inspect, with the terminal operator’s role merely to set that
cargo aside as CBP directs. TSA will be in charge of screening terminal workers when the TWIC
card is implemented. One could argue that these measures apply equally to all terminal operators
and that therefore the ownership of the terminal operating company is irrelevant to the security of
a port. However, the credibility of these federal security requirements also depends on how much
of an actual presence port businesses perceive federal authorities have in the port. In exercising its
oversight role, Congress is likely to consider whether the Coast Guard and CBP have enough
inspectors to verify compliance with agreed upon security measures.
If one believes that stevedore ownership is relevant to security, then a subsequent question is
whether foreign ownership poses more of a security risk than domestic ownership. In evaluating
whether foreign terminal operators should be excluded from U.S. ports, more information as to
how many U.S. marine facilities are actually operated or owned by foreign-based companies
would be useful. As indicated above, most container terminals in the United States are operated
by foreign companies but container terminals account for only one type of marine facility. It is
probable that in some cases, other types of marine terminals are not only operated but also owned
by foreign interests. While the Maritime Administration has compiled information on the
ownership of container terminals at the largest U.S. container ports, similar information regarding
other types of marine terminals is not readily available.
It is important to pinpoint exactly what advantage a terrorist group would have if it had some kind
of connection with a terminal operator. Foreign terminal operators would gain intimate
knowledge of the day-to-day security procedures at the U.S. terminals they operate and
theoretically could pass this knowledge on to a terrorist group. However, U.S.-based terminal
operators would have the same knowledge and a terrorist group could infiltrate them also.
Because foreign terminal operators hire mostly Americans to work in their terminals, they may
pose no more security risk than a U.S.-based company. One could view foreign companies like
DP World as mostly the financiers behind the terminal operation with little or no involvement in
the day-to-day running of the terminals.

Defining the potential threat posed by foreign terminal operators is important because there are
also drawbacks to banning them from U.S. ports. Cargo security policy is about striking an
appropriate balance between security and commerce. It also involves balancing security and
capital investment. Port facilities depend on large capital investments. The piers, wharfs, cranes,
and elevators needed to load and unload ships; the storage yards, warehouses, or tank farms
needed to store cargo; the dredging of shipping channels and berths; and landside connections to
interstate highways and transcontinental railroads are all expensive infrastructure. Thus, the issue
of foreign terminal operators involves guaranteeing security while remaining attractive to sources
of capital.
Because it could be too late if a terrorist weapon is discovered after it arrives at a U.S. port, the
security of U.S. ports necessarily relies on the cooperation of shippers, carriers, ports, terminal
operators, and border agencies in the country of origin to begin the screening process. Key policy
questions are: Should the United States trust these foreign entities? Should they be treated as
partners and allies in securing maritime commerce? Because there are two ends to America’s
supply line, the answer to both may be a qualified “yes.” For instance, although DP World will
not be handling any U.S. cargo in U.S. ports, it will be handling U.S. cargo at ports of origin in 30
China, Hong Kong, Europe, Southeast Asia, the Middle East, and elsewhere.
In evaluating the DP World transaction or others like it, it is appropriate to consider the extent to
which the United States depends on foreign entities to secure its supply chain. CSI depends on the
cooperation of the host government of the overseas port of loading to inspect U.S. bound cargo.
C-TPAT depends on the cooperation of overseas manufacturers and overland carriers to protect
U.S. bound shipments from terrorist infiltration. ISPS relies on the cooperation of foreign
governments and foreign-flag carriers to enforce port and vessel security codes. As one maritime
industry spokesperson stated:
This is an international business with an international problem. The only way its going to be
addressed effectively is through international efforts, which means the U.S. isnt going to do 31
it all, nor can it do it all.
While the DP World issue spotlighted the role of terminal operators in port security, the initial
debate about who should be operating U.S. ports quickly broadened into a debate about whether
U.S. ports are secure. The DP World controversy refueled debate about whether the nation is
doing enough, doing it with enough urgency, and spending enough on U.S. port and maritime 32
security. Members of Congress have referred to ports as the “soft underbelly” in U.S. homeland

30 In fact, DP World is a terminal operator at three of the six overseas ports that DHS has chosen to participate in a pilot
program to test the feasibility of 100% scanning of containers. SeeDP World to Help Test SFI,” Traffic World, Dec.
8, 2006.
31 Interview with Christopher Koch, World Shipping Council, Journal of Commerce, April 3, 2006, p. 44.
32 For further background information on this debate, see CRS Report RL31733, Port and Maritime Security:
Background and Issues for Congress, by John Frittelli, and CRS Report RS21293, Terrorist Nuclear Attacks on
Seaports: Threat and Response, by Jonathan Medalia.

security,33 to the shipping container as a modern day “Trojan horse,”34 and have argued that there 35
are still “massive blind spots” in the maritime security regime. While no one asserts that enough
has already been done to strengthen security, post-9/11 initiatives like CSI, ATS, C-TPAT, MTSA,
and ISPS have, most acknowledge, created a framework for building a maritime security regime.
An issue of likely interest to Congress is the effectiveness of these maritime security initiatives.
GAO has issued a number of reports addressing post-9/11 security initiatives. GAO has reported
several factors limiting CSI, including staffing imbalances and lack of technical requirements for 36
NII equipment used at foreign ports. A number of concerns have also been raised by GAO
regarding the C-TPAT program including the scope of effort and level of rigor applied to the
validation process; how many and the types of validations that are necessary to manage security 37
risk; and various staffing issues. The ATS system and CBP’s targeting strategy more generally
have been scrutinized by GAO in reports that criticize the strategy for not incorporating all the
key elements of a risk management framework, and not being entirely consistent with recognized 38
modeling practices. Also, the DHS Inspector General published the results of an audit of CBP’s
targeting procedures, and concluded that improvements were needed regarding the data used by
ATS, examination results should be used to refine ATS targeting rules, and physical controls over 39
containers could be improved. The DHS Inspector General has also raised concerns about the 40
effectiveness of port security grants. The GAO has also identified difficulties in deploying 41
radiation scanners at U.S. ports and it has reviewed the Coast Guard’s ability to use risk 42
management to guide its port security mission. The CBP and Coast Guard have begun
implementing many of the GAO’s and OIG’s recommendations.
A major concern for policymakers is assessing what is most at risk in the maritime domain and
allocating the nation’s resources accordingly. Three significant security issues in the container

33 Senator Dianne Feinstein as quoted in “Improved Security at Ports Urged,” Los Angeles Times, February 24, 2005, p.
34 Statement of Senator Carl Levin, “Securing Global Supply Chain or Trojan Horse?” States News Service, May 26,
35 Interview with Senator Norm Coleman, Fox News Network, March 28, 2006.
36 See GAO testimony before the Senate Permanent Subcommittee on Investigations, Committee on Homeland
Security and Governmental Affairs, Homeland Security: Key Cargo Security Programs Can be Improved, May 26,
2005, and Container Security: A Flexible Staffing Model and Minimum Equipment Requirements Would Improve
Overseas Targeting and Inspection Efforts, GAO-05-557, April 26, 2005.
37 See, GAO, Homeland Security: Key Cargo Security Programs Can Be Improved, GAO-05-466T, Testimony by
Richard M. Stana, Director, Homeland Security and Justice Issues, before the Senate Permanent Subcommittee on
Investigations, Committee on Homeland Security and Governmental Affairs, May 26, 2005.
38 See, GAO, Summary of Challenges Faced in Targeting Oceangoing Cargo Containers for Inspection, GAO-04-
557T, March 31, 2004 and Cargo Container Inspections: Preliminary Observations on the Status of Efforts to Improve
the Automated Targeting System, GAO-06-591T, March 30, 2006.
39 See, DHS OIG, Audit of Targeting Oceangoing Cargo Containers (Unclassified Summary), OIG-05-26, July 2005.
40 See, DHS OIG,, Follow Up Review of the Port Security Grant Program, OIG-06-24, February 2006, and Review of
the Port Security Grant Program, OIG-05-10, January 2005.
41 See, GAO, Combating Nuclear Smuggling: DHS Has Made Progress Deploying Radiation Detection Equipment at
U.S. Ports-of-Entry, but Concerns Remain, GAO-06-389, March 2006.
42 See, GAO, Risk Management: Further Refinements Needed to Assess Risks and Prioritize Protective Measures at
Ports and Other Critical Infrastructure, GAO-06-91, December 2005.

supply chain have been identified: (1) the integrity of the container packing process at the
overseas factory or warehouse, (2) the integrity of the subsequent truck movement from the
factory or warehouse to the overseas port of loading, and (3) the integrity of the manifest 43
information that CBP uses, in part, to target high risk shipments for inspection. Because there is
no fool-proof way to address these vulnerabilities, some security experts call for greatly
increasing the percentage of containers that are physically inspected. Others question whether a
determined terrorist would not be able to find an inexpensive solution to circumvent screening
While the threat of a shipping container being used as a “Trojan horse” by terrorists has received
much attention, debate persists about the likelihood that terrorists would use them for such
purpose. The GAO reports that while shipping containers are vulnerable, an extensive body of
work by the FBI, academic, think tank, and business organizations concluded that the likelihood 44
of such use to smuggle a weapon is considered low. Some contend that a more likely tactic is
that terrorists would attempt to smuggle a weapon using private watercraft and land at a public
marina because they could remain in control of the weapon and avoid the scrutiny that occurs at
official ports of entry. Terrorists could also smuggle a weapon in other types of cargo, such as
motor vehicles or breakbulk cargo. They could repeat the attack method used against the USS
Cole or the Limberg in which terrorists rammed a small boat packed with explosives into the hulls
of these ships. They could employ this tactic against a cruise ship, a ferry, or a ship carrying 45
hazardous cargo.
The issue for Congress is how to protect U.S. ports and the supply chains on which the U.S.
economy depends. Congress faces pressing questions about the overall security of ports and
maritime commerce; the amount of funding that will be required to secure the maritime
transportation system; and the amount of federal presence in ports that is necessary to prevent or
deter terrorist use of ports as a destination or transit point for attacks on the United States.
John Frittelli Jennifer E. Lake
Specialist in Transportation Policy Analyst in Domestic Security
jfrittelli@crs.loc.gov, 7-7033 jlake@crs.loc.gov, 7-0620

43 For a discussion of other maritime security issues, see CRS Report RL32841, Border and Transportation Security:
Possible New Directions and Policy Options, by William H. Robinson, Jennifer E. Lake, and Lisa M. Seghetti.
44 GAO-05-404, Cargo Security: Partnership Program Grants Importers Reduced Scrutiny with Limited Assurance of
Improved Security, March 2005, p. 6-7.
45 For further analysis on this issue, see CRS Report RL33787, Maritime Security: Potential Terrorist Attacks and
Protection Priorities, by Paul W. Parfomak and John Frittelli.