Triggering a Reaction

In “Mixed Signals”, our Vol. XIV, Art. 6 commentary, we covered a story by Sean Mattson of the Express-News in Monterrey, Mexico. Sean wrote:

“Increasingly popular technology that tracks the contents of shipping containers could make some major U.S. sea and land ports vulnerable to terror attack, according to a private sector study. But a test of how easily the tracking system could be exploited as a bomb trigger was ignored by the Homeland Security Department, according to one of the firms involved in the study …”

“In the November test,” Sean reported, “a detonator tuned to pick up an RFID reader signal set off a small explosive charge placed in an empty container.

“The detonator was built by a college student using parts bought at Radio Shack for about $ 20, said Powers International chairman Dr. Jim Giermanski, an expert on international transportation, border logistics and Mexico trade.

“‘Because an explosive device can be easily wired to detonate with the proper RFID signal … all our nation’s ports that employ the approved RFID frequency for shipping containers become more vulnerable to terrorist attack,’ thus reducing the need for ‘surreptitious port penetrations, elaborate electronics, intricate timing, or other specialized terrorist tradecraft or operations in the United States,’ he stated further.

Doctor Giermanski, the author of the report, put it even more bluntly in an interview: “What this really means is that all a terrorist needs is an undergraduate and a case of beer … I think it’s clear that eventually we are going to lose a few ports,” he added.

RFID (Radio Frequency IDentification) is the same technology used at department stores to track merchandise. Those security tags that set off an alarm when an unchecked item leaves the premises – that’s RFID – and here’s how it works at a container port:

An RFID tag is attached to a container. When the container arrives at a port, the tag digitally ‘talks’ to a port receiver through radio frequency to let a computer know that the container reached its destination undisturbed. Terrorists, says Dr. Giermanski, can use the same technology to trigger a bomb.

He proved it on November 13, 2007, with the help of a college undergraduate student and $ 20 worth of equipment purchased at Radio Shack. Using the same radio frequency signal employed at many ports, he turned the RFID into a trigger.

For more than two weeks, Dr. Giermanski stated, we called and wrote to the State’s Port Authority, the DHS, and Border Protection to ask anyone to attend the demonstration, but each either denied our request for an interview or insisted that the demonstration did not prove a threat existed.

The professor also invited U.S. Senator Lindsey Graham and several other lawmakers to attend the demonstration, but none did.

“I don’t need to attend one of his meetings,” the senator said. “I very well understand what kind of threats exists to our ports.” The senator also stated that because Dr. Giermanski has patented a means of detection that could replace existing RFID technology, he has a motive other than protecting his country.

Dr. Giermanski was quick to disagree and cited his frustration at not being contacted by the senator or by the DHS. Homeland Security is reluctant to respond, Dr. Giermanski says, because millions of dollars have already been invested in RFID, and he pointed out that there is even an RFID Caucus headed by two congressmen who advocate its use.

Because the DHS and Customs and Border Protection (CBP), didn’t respond to questions regarding the test, their initial silence attracted the attention of the U.S. Committee on Homeland Security.

In an eventual response to questions from the Committee, the DHS and a leading manufacturer of RFID systems dismissed the need for concern, stating that, “While it is technically feasible that the detection of RFID emissions could be used to trigger an explosive device within a container, DHS does not agree with the report’s assessment that ports that employ RFID technology become more vulnerable to terrorist attack.” Etc., etc., and etc. … naturally.

But others see some risk, Sean points out. Mark Nelson, Savi Technology’s senior director of corporate communications, for instance, says that “With some 20,000 containers entering the U.S. every day, the risk of a terrorist concealing a bomb inside one is very real.”

Other experts also note that containers without RFID seals or other supply chain controls may also be exposed to RFID emissions at ports.

Port authorities appear reluctant to talk about it, and the American Association of Port Authorities declined a request to talk about the prevalence of RFID technology at ports.

“Ports are understandably hesitant to talk about the specifics of their security plans because it is sensitive information,” said a security consultant and former assistant port director for safety and security at the Port of Miami. RFID technology, he said, should not be considered the “silver bullet” for port security but just one of a number of measures needed for safeguarding ports.

Those who acknowledge the shortcomings of RFID technology have yet to solve the problems. Port officials in Europe are testing RFID coupled with acoustic and ultrasound sensors that can help detect detonators, or other such devices, an RFID researcher at the Georgia Institute of Technology said, but while most of the major ports in the U.S. are testing RFID technology, very few have considered coupling the technology with other devices to make it safer. They will now, though. They’ll be urged to do so by some of the 33,890 security firms that have sprung up since 9-11.

[Remember the “roaring applause” at the gathering of those 400 security industry executives?]