**4.10. Supply chain security**

The terrorist attacks at the World Trade Centre and Pentagon on September 11, 2001, brought attention to security in trade, for more reasons than just the attacks. Three factors can be outlined: first, the globalization of world trade depends on and is generated by the free flow of people, goods, and information; second, the increasing demands from businesses for efficient supply chain operations; and third, the increasing threats of terrorist attacks [98]. The last reason can be seen as an increase in perceived risk for terrorist attacks. This factor can define illegal and antagonistic threats, of which terrorists are one type. Therefore, supply chain security management can be defined as, "*the application of policies, procedures, and technology to protect supply chain assets from theft, damage, or terrorism, and to prevent the introduction of unauthorized contraband, people, or weapons of mass destruction into the supply chain*" [83]. The only problem with this definition is that it does not address the origin of the threat or risk. The five sources of supply chain risks provide that. Supply chain security needs to adjust its policies, procedures, and technology to protect the supply chain from all five risk sources. The flip side of supply chain security is supply chain resilience, or a supply chain's ability to withstand and recover from an incident [83]. Supply chain risk should incorporate security and resilience, where resilience also must handle a near miss incident that affects the performance of the supply chain and from which it needs to recover.

Present supply chain security research outlines several changes for how security in a supply chain should be approached. First, supply chain security should incorporate not only theft prevention but also anti-terrorism measures. Second, the focus is now on global issues and not just local or national issues [99]. Third, when conducting contingency planning, the concept of crisis management is to be included to obtain better resilience. Last, security is no longer an internal corporate question but rather an issue for all actors within the supply chain [83].

[100] suggest that methods and ideas from total quality management can be used successfully to increase supply chain security. The main idea is the lesson from quality management that sample inspection is expensive and useless at the end of the production line. Just like in quality management, supply chain security becomes more effective and less expensive by implementing the right management approach, technology, and reengineering operational processes. [85] state that security should be integrated throughout the entire supply chain to be successful at a reasonable price. This opinion is supported by several other authors [74, 83, 101, 102, 103].

#### **4.11. Supply chain security programs**

174 Risk Management – Current Issues and Challenges

business risk as a part of the contractual agreement.

potential loss [3, 91].

in their product [3].

**4.10. Supply chain security** 

insurance buyer is the central issue, and in extension, also the potential reduction of a

Today special insurance policies exist for everything from cargo damage and machinery breakdown to terrorism, war, and general consequence liability. Typically, all insist on special events to be considered valid for a certain incident. Sometimes the terms are so specific that different types of insurance are valid depending on the cause of the incident. One of the best examples is the often-conflicting terms in terrorism contra war insurance. If there is a recognized government behind the incident, then war insurance is valid, but if the incident is caused by someone else, it is the terrorism insurance policy that covers the economic impact. This also depends on the different terms that each insurance company has

*Transfer of risk by usage of business power*: This risk transfer strategy is commonly used between contractual partners, but is rarely mentioned because it opposes the belief that everybody wants to collaborate fairly and for the greater good [92, 93, 94, 95]. The general idea of this risk transfer strategy is to use the business power of size, information advantage, or control over a critical asset [96, 97] so the business partner can obtain a share of the

The terrorist attacks at the World Trade Centre and Pentagon on September 11, 2001, brought attention to security in trade, for more reasons than just the attacks. Three factors can be outlined: first, the globalization of world trade depends on and is generated by the free flow of people, goods, and information; second, the increasing demands from businesses for efficient supply chain operations; and third, the increasing threats of terrorist attacks [98]. The last reason can be seen as an increase in perceived risk for terrorist attacks. This factor can define illegal and antagonistic threats, of which terrorists are one type. Therefore, supply chain security management can be defined as, "*the application of policies, procedures, and technology to protect supply chain assets from theft, damage, or terrorism, and to prevent the introduction of unauthorized contraband, people, or weapons of mass destruction into the supply chain*" [83]. The only problem with this definition is that it does not address the origin of the threat or risk. The five sources of supply chain risks provide that. Supply chain security needs to adjust its policies, procedures, and technology to protect the supply chain from all five risk sources. The flip side of supply chain security is supply chain resilience, or a supply chain's ability to withstand and recover from an incident [83]. Supply chain risk should incorporate security and resilience, where resilience also must handle a near miss incident that affects the performance of the supply chain and from which it needs to recover.

Present supply chain security research outlines several changes for how security in a supply chain should be approached. First, supply chain security should incorporate not only theft prevention but also anti-terrorism measures. Second, the focus is now on global issues and Several new security programmes were launched in the aftermath of the World Trade Centre terrorist attack to protect international cargo flow from being abused for criminal (primarily terrorist) intentions without compromising supply chain efficiency. The U.S. Customs Office launched several programmes such as the Customs-Trade Partnership Against Terrorism (C-TPAT), Container Security Initiative (CSI), the 24-hour rule, etc. These security programmes address different aspects of supply chain security and target different parts of a transport chain. The link between these security programmes is that they involve all parties or stakeholders in supply chain security [104]. The effects from these programs both in order to handle security threats and their impact on different logistics processes have been addressed in a few papers [105, 106, 107, 108, 109]. [110] states that the C-TPAT certification will probably have a negative impact, mostly on small enterprises whiles large firms instead may have the possibility to trade-off the security costs with benefits related to supply chain transparency. [111] demonstrates the economical and competitive advantages for large and small shippers becoming FAST-approved (Free And Secure Trade). The acquisition of the FAST status may provide shippers with faster trans-border operations and consequently a substantial advantage on the export market [96]. [112] emphasize that efficiency and security in supply chains are closely related to each others, since higher security may reduce Customs delays. The relationship between security, efficiency and custom activities is clearly found in the AEO-program.

Other types of security programmes existed before the attacks on the World Trade Centre. These programmes were designed primarily to address theft problems within the transport business (TAPA FSR and TSR, etc.) [113]. The big difference between security programmes before and after the terrorist attacks is that afterwards, authorities (mainly U.S.) took the lead in developing and implementing these programmes. Before September 11, 2001, security was something the business itself handled. The implementation of these programmes has so far mainly occurred in the old western countries in North America and in Europe.

Other types of security programmes existed before the attacks on the World Trade Centre. These programmes were designed primarily to address theft problems within the transport business. The big difference between security programmes before and after the terrorist attacks is that afterwards, authorities (mainly U.S.) took the lead in developing and implementing these programmes. Before September 11, 2001, security was something the business itself handled. The implementation of these programmes has so far mainly occurred in the old western countries in North America and in Europe.

Supply Chain Security – Threats and Solutions 177

antagonistic events such as Hurricane Katrina and other natural disasters demonstrated their power to disrupt or cause uncertainty in supply chains. Second, terrorism conducts fund raising through criminal activities, which leads to that terrorism represents all antagonistic threats. Third, the tools and strategies for handling antagonistic threats are partly governmental (police and justice system) and partly consequence handling (insurance

For terrorist threats, it is useful to refer to transferred and perceived threatening pictures [31]. The perceived or actual marketing strategies which link a company or organisation with certain values/states/advocates will affect the risks for terrorist threats to the organisation/business/market position. The key issue in this conclusion is that the perceived relationship between a company/organisation and values/states/advocates is made by the potential terrorist. Therefore is it important for a holistic threats assessment to include and consider these different relationships between an organisation and different values/states/advocates with regard to direct and more important indirect connections.

Historically, terrorist groups and organisations have been closely related to a certain geographical area and executed in that area. This is a valid statement for terrorist organisations such as IRA and the Basque separatist movement, even if both have conducted attacks outside their fighting area but within their targets (e.g., in UK but outside Northern Ireland, and in Spain but outside the Basque province). Those types of organisations only constitute a threat if the operations are carried out in that area and if the logistics operation possesses any real or symbolic value for the terrorist organisations. The strong relationship between different terrorist groups and geographical area may be reduced when referring to international terrorist organisations such as Al-Qaeda, but the targets should still possess a symbolic value for the terrorist organisations, even if the value

The vulnerability of the supply chain is transmitted to the transport network. This depends on the simple fact that transports and freight activities physically bring the facilities of a supply chain together. Therefore, risks, uncertainties, and vulnerabilities in the supply chain and the transport network affect, contribute, and neutralize each other. Supply chain security is indented to safeguard the supply chain (in this meaning the transport and freight activities) from different antagonistic threats and thereby reduce the vulnerability of

*Supply Chain Management and Corporate Geography, Hanken School of Economics, Helsinki,* 

businesses, conventions and business contingency).

is public fear.

modern global trade.

**Author details** 

*School of Engineering, University of Borås, Borås, Sweden* 

Daniel Ekwall

*Finland* 

The cost for implementing these programs alters the current collaboration models with regards to risk and profit sharing within the supply chain. The risks for antagonist threats are depended on the local environment. This shall be compared with that the security programs advocates one to three different security levels which shall solve the problem. This leads to that the security level is adjusted towards the security programs instead of the local threat. This may lead to that the security cost is higher than needed but a standardisation within the supply/transport chain in security may result in better collaboration. The political reasons behind the different supply chain security programs is most likely the fear for terrorist attacks which according to [32] depends more on the *proliferation of mass media* than development of new weapons. This is the context to understand the content and effects from fear of terrorist against international trade. Nevertheless the supply chain security programs provides collateral benefits like better product control, lesser shrinkage and better incident prevention by reducing threat opportunities.

The compliance with these different logistics security programs are based on different reasons. The compliance with business logistics security programs (like TAPA:s) are based on customer requirements. This depends on the simple fact that these programs are focusing on theft prevention. The governmental logistics security programs like AEO, C-TPAT, CSI etc. are on other hand more focusing on preventing terrorist activities. These programs normally also contains some kind of disadvantage for the own organisation if not compliance. Therefore are the governmental logistics security programs entail with a higher likelihood of compliance due to that need for compliance are not based on a risk assessment about the potential causes and impacts for antagonistic threats but on a general business assessment. For legal businesses, the AEO, C-TPAT, etc., are both a global supply chain headache and a business opportunity, depending on the risk for theft and counterfeiting for that company [114]. Irrespective of the difference in compliance reasons, the governmental logistics security programs may result in collateral benefits like lower cost for theft and better working conditions for the employees but there are still to be demonstrated that the terrorism preventing logistics security programs actually reduces the risk for noneconomical-driven antagonistic threats because it's their primer reason for existing.

### **5. Conclusions**

First, [1] clearly points out the effects of the WTC terrorist attacks on the global flow of goods. The effect may be indirect, but it was devastating. This event along with nonantagonistic events such as Hurricane Katrina and other natural disasters demonstrated their power to disrupt or cause uncertainty in supply chains. Second, terrorism conducts fund raising through criminal activities, which leads to that terrorism represents all antagonistic threats. Third, the tools and strategies for handling antagonistic threats are partly governmental (police and justice system) and partly consequence handling (insurance businesses, conventions and business contingency).

For terrorist threats, it is useful to refer to transferred and perceived threatening pictures [31]. The perceived or actual marketing strategies which link a company or organisation with certain values/states/advocates will affect the risks for terrorist threats to the organisation/business/market position. The key issue in this conclusion is that the perceived relationship between a company/organisation and values/states/advocates is made by the potential terrorist. Therefore is it important for a holistic threats assessment to include and consider these different relationships between an organisation and different values/states/advocates with regard to direct and more important indirect connections.

Historically, terrorist groups and organisations have been closely related to a certain geographical area and executed in that area. This is a valid statement for terrorist organisations such as IRA and the Basque separatist movement, even if both have conducted attacks outside their fighting area but within their targets (e.g., in UK but outside Northern Ireland, and in Spain but outside the Basque province). Those types of organisations only constitute a threat if the operations are carried out in that area and if the logistics operation possesses any real or symbolic value for the terrorist organisations. The strong relationship between different terrorist groups and geographical area may be reduced when referring to international terrorist organisations such as Al-Qaeda, but the targets should still possess a symbolic value for the terrorist organisations, even if the value is public fear.

The vulnerability of the supply chain is transmitted to the transport network. This depends on the simple fact that transports and freight activities physically bring the facilities of a supply chain together. Therefore, risks, uncertainties, and vulnerabilities in the supply chain and the transport network affect, contribute, and neutralize each other. Supply chain security is indented to safeguard the supply chain (in this meaning the transport and freight activities) from different antagonistic threats and thereby reduce the vulnerability of modern global trade.
