Continuing to explore supply chain crime taxonomies (blog 13.10.2014) - an interview with PhD Candidate Toni Männistö on his latest research results.
Hi Toni, can you please tell bit about yourself and what do you do in supply chain security and trade facilitation?
I like to think myself as an industrial engineer who is designing security solutions that make business sense. I have been studying supply chain security and trade facilitation since 2009, and my work has related mostly to numerous and diverse projects CBRA has done over the past six years. Perhaps the most memorable projects I have participated are the Customs Risk Management study of the World Customs Organization, Supply chain security standard feasibility project with the European Committee for Standardization, and the three EU-wide security projects LOGSEC, CASSANDRA, and SAFEPOST.
I have spent the past three and half years working on my PhD thesis at the École Polytechnique Fédérale de Lausanne (EPFL), Switzerland. The PhD research comprises three elements: a taxonomy of supply chain crime risks, model of logistics-friendly supply chain security management, and a case study with the Swiss postal operator Swiss Post. The thesis work is now almost completed, so it will be soon time to look for new research projects. I think that particularly interesting future research topics include use of Big Data in cargo risk profiling, integration of security solutions into logistics processes, and cost-efficient cargo theft solutions.
What triggered your research interests in supply chain crime taxonomies – did you for example observe gaps in previous research?
In fact, my experienced colleagues got first the idea of developing a taxonomy of supply chain crime risks. It seemed that practitioners across industries and disciplines tend to understand the notion of supply chain security risk in different ways. Security risks mean explosive and incendiary devices for aviation security experts, anything that can kill or injure for customs administrations, and (mainly) nuclear and radioactive weapons in shipping containers for most maritime authorities. At the same time, the shipping industry considered theft and robberies as the most significant supply chain security risks. Everyone was literally on a different page, as if nobody was talking the same language. It was also rather obvious that few saw the forest from the trees. I mean no one seemed to recognize that the global supply chain was a common enabler of drug trafficking, nuclear proliferation, small arms running, and counterfeiting and so many other significant transnational crime phenomena.
A brief review of academic literature made us even more confident about the relevance of supply chain crime taxonomy. We found out that academics use no less confusing terminology than the practitioners. They talked about “damage, terrorism, crime, and security threats” as if these concepts were distinct and comparable varieties of supply chain security risks. We identified a few ad hoc definitions and classifications, but no earlier studies seemed to had investigated supply chain crime methodologically, following a rigorous and transparent research procedure and/or using empirical evidence.
Can you please explain the supply chain crime taxonomy you have published in International Journal of Shipping and Transport Logistics with Luca and myself, earlier in 2014?
The taxonomy of supply chain crime types has been evolving quite a bit since we wrote the taxonomy paper in late 2012. The fundamental logic is still the same, however. The taxonomy is built around the observation that criminals interact with the supply chain three main ways: 1) by taking assets out of the supply chain, 2) by introducing unauthorized goods into the supply chain, and 3) by directly attacking the supply chain.
1) Theft class: The first taxonomy class encompasses crimes in which criminals remove assets from the supply chain without authorization. By assets I mean mainly cargo and vehicles, though technically the criminals could loot factories for machinery and abduct people for ransoms, e.g., sea pirates capturing a ship and its crew. I call this first taxonomic group as theft class, deeming that such a general name captures best the wide array of crimes that involve stealing, or more technically, the unauthorized removal of assets. More precisely, crimes falling into the “theft class” include robbery (taking by force or intimidation), hijacking (capturing of vehicles in transit), burglary (stealing by intrusion), deceptive pickups (stealing by pretending to be someone else), and sea piracy (robbing ships at sea). The theft class also covers activities called organized cargo theft and pilferage, which draw attention to the scope of activity and the character of the thieves themselves.
2) Smuggling class: The second taxonomic class, called smuggling, comprises crimes involving people who introduce contraband or security threats into the supply chain. The security threats refer to chemical, biological, radiological, and nuclear weapons and explosive devices – commonly abbreviated as CBRNe threats. The security threats have potential to kill, maim, or otherwise cause damage while they travel through the supply chain. Contraband encompasses five general types of illegal commodities. The first three “trade-control” contraband types are labelled as absolute, relative, and fiscal. The absolute contraband consists of inherently illegal commodities such as stolen goods, counterfeits, and illegal drugs, which importation, exportation, or possession is forbidden under any circumstances. This is different from the relative contraband that covers a wide array of otherwise legal goods that cross borders without appropriate permits, licenses, certificates or other authorizing documents. The fiscal contraband refer to the otherwise legal commodities that are imported / exported without paying appropriate duties and taxes. Besides the trade-control contraband, we can distinguish safety contraband, goods transported without paying regard to regulations governing safe transport of goods, e.g., fireworks or sulphur acid. The fifth contraband type, contractual contraband, includes merchandise that violates contractual requirements unilaterally and deceitfully - e.g., goods produced with child labor, sold outside agreed markets, or not meeting safety standards.
3) Direct attack class: The “direct attack” class covers hostile activities that aim to damage supply chain infrastructure, vehicles, cargo, or people. The direct attacks are immediate, and unlike all crimes in the smuggling class, the direct attacks do not involve anything dangerous moving through the supply chain. For example, a derailment of a cargo train, a sinking a container ship, or a shoot-down of an airfreighter all count as direct attacks because the attackers strike immediately instantly, and they come from the outside of the supply chain. Other examples of direct attacks include sabotage on air traffic control systems and arsons of warehouses, ports, or other logistics facilities.
In the journal paper – which is available to the blog readers on request – there was also one class on “crime facilitation”. Can you elaborate a bit on it?
Sure. The “facilitation” class entails supporting crimes that help criminals commit theft, smuggling, and direct attacks – the above described primary supply chain crimes. The supporting crimes do not bring direct reward for criminals but provide means and methods for pursuing the primary crimes. We can identify six facilitating crimes: identity theft, corruption, cyber crime, insider fraud, document fraud, and use of violence and intimidation. Theft of corporate identity of a reputable company - e.g., AEO holder or a known consignor - helps smugglers infiltrate illegal goods into the supply chain and across international borders. Masking illegal activities behind a seemingly legitimate front company also helps cargo thieves to pick-up loads from unexpected shippers. Also, bribing of officials and supply chain insiders smooths the way of contraband and CBRNe weapons through the supply chain. Corrupted or otherwise solicited entrusted officials and insiders may also collude with cargo thieves. Involvement of supply chain insiders in crime, either as a facilitator or a perpetrator, poses a unique security risks because insiders can access to confidential information, tamper security systems, solicit other employees to crime or negligence. A complicit warehouse worker, for example, might divulge inventory records for burglars, pinpoint exact location of targeted goods inside the warehouse, and purposefully “forget” to lock the backdoor and activate burglar alarms for night. Cyber crime, defined as any activity where ICT technology is an agent, facilitator or target of crime helps criminals get access to confidential information, take over computer systems - and switch off alarm systems for example - , and sell illegal goods online. As said earlier, fraudulent documents help smugglers to deceive border control officials and cargo thieves to steal pick loads. Finally, violence and intimidation can be the goal, e.g., direct attack, or facilitator of supply chain crime, e.g., robberies.
This has been very interesting description of the current research outcomes regarding supply chain crime taxonomies. What do you suggest as next research steps in this topic?
Now when we have a general framework for supply chain crime types, it would be interesting to study how we could tackle multiple crime problems at the same time. For example, under what circumstances anti-smuggling solutions also mitigate the risk of cargo theft and direct attacks. Also, the role of facilitating crime, especially cyber crime and misuse of insider information, would be a highly relevant and topical future research area.
OK, great, thanks a lot Toni, and good luck with your doctoral thesis defense, still in December this year! And anyone who is interested to learn more about crime taxonomies in global supply chains – or, to make suggestions for improving current taxonomies – please feel free to send us email (firstname.lastname@example.org )