A Proven Method for Identifying Security Gaps in International Postal and Transportation Critical Infrastructure

The safety, security, and resilience of international postal, shipping, and transportation critical infrastructure are vital to the global supply chain that enables worldwide commerce and communications. But security on an international scale continues to fail in the face of new threats, such as the discovery by Panamanian authorities of suspected components of a surface-to-air missile system aboard a North Korean-flagged ship in July 2013 [1]. This reality calls for new and innovative approaches to critical infrastructure security. Owners and operators of critical postal, shipping, and transportation operations need new methods to identify, assess, and mitigate security risks and gaps in the most effective manner possible. The United States Postal Inspection Service (USPIS), in collaboration with the Universal Postal Union (UPU) and the CERT (R) Program at Carnegie Mellon University's Software Engineering Institute, developed a physical security assessment method to identify gaps in the security of international mail processing centers and similar shipping and transportation processing facilities. This assessment method and its associated field instrument are designed to be repeatable, cost effective, scalable, accurate, meaningful, and transparent. The USPIS has demonstrated these characteristics in using the field instrument in a variety of locations. Since the method uses UPU standards as its reference, it may be used by the international community to evaluate the security of postal administrations around the world. The method also can be applied to other types of critical transportation services, such as metropolitan transit systems. This paper describes the history, development approach, field experiences, and benefits of this method.