Not too long ago a computer simulation found vulnerabilities in the beef supply chain that showed potential issues severely affected multiple industries to the point of causing great economic harm.
A disruption in the cattle industry could lead to an issue at beef packing plants, which affected the transportation industry, with then hit the oil and gas industry. One example of the economic domino theory.
In this age of COVID-19 and trying to keep moving forward with a stronger focus on technology, helping buffer supply chain gaps, no matter how you look at it, the underlying message is it has to be secure.
“Security is a hot topic on how we run supply chains,” said Jonathan Wright, global head of cognitive process reengineering at IBM Global Business Services. “What does it mean for security as we increase the level of technology? As we move to cloud, what does it mean for security? It is becoming more obvious that as we increase technology, it reduces error. Human error is way more prevalent than technology error. We have to have humans in there to manage the checks, but it is important to use technology to improve the human experience, to improve the experience of the planners.”
The goal is to eliminate errors and increase productivity.
Reducing cybersecurity risk
“We want to take away the opportunity for errors,” Wright said. “We want to provide information to planners in a simple consumable way so they can then analyze it in a much easier, richer way so they can add value. We are trying to break down the silos that sit in the supply chain to think more about an intelligent workflow. Give them one strong, rich data set. It is about improving security and reducing risk.”
The supply chain historically was like driving by looking in the rear view mirror, Wright said.
“Everyone was looking at historic data to forecast the future,” he said. “In a stable environment, in a steady-state environment, there is a lot of richness in what happened last year, last month, last week. But in a volatile world, and I believe we will have significant volatility over the next few years, history is less relevant than where we are today. Where are we on the COVID index, are schools back, are people back in the office, what is the weather? All these external forces. Now we have the power to use all this external data, use AI and Cloud Compute to grind through the data at a significant pace to really forecast SKU level and zip codes to create a forecast. This is like looking through the windscreen to drive compared to looking in the rear view mirror.”
In an abnormal environment the industry is in right now, there has to be a new way to forecast and understand what is happening with the supply chain.
New way to forecast
“With the compute power we have now and the ability to take multiple data sources and analyze them with new algorithms, we can better predict what a person will do tomorrow or what they are doing today when they are in the store,” Wright said. “History is valuable, but it is not as useful as it was. Behavior has fundamentally changed. What are the drivers that affect demand? For every different product and every different SKU, it is possible to determine the drivers. We can have driver-based forecasting. Let’s look at the drivers that impact behavior and monitor the drivers and coming out of that we will be able to predict and forecast what the consumption will be and what the demand will be. You can take that same mentality and apply it to the industrial world.”
“It can start to identify when this happened, this is what the impact will be. We can use it in a more predictive manner. It is the science of data analytics. Bringing that data analytics to understand what is affecting that behavior or the consumption of the demand.”
Understanding one company’s supply chain and reaping benefits from it via technology is one thing, but knowing products coming in from your suppliers are secure and don’t have any built in back doors or vulnerabilities is another.
Technology and humans together
That is where technology can also help out and humans need to be open to new ideas and approaches.
Supply chain cyber risk is a complicated field that spans the entire lifecycle of a product, from its design to its manufacturing, and ultimately, its distribution, storage, and maintenance. This complex lifecycle affords opportunities for an attacker to exploit — either remotely or physically — the product’s hardware or software.
Consider how many “hands” a product passes through during this process, from the upstream supply chain of globally sourced raw materials to downstream distribution and production. Supply chains come from different providers and geographies, and while this approach lends itself to economies of scale and other efficiencies, it’s hardly conducive to security.
Tool to assess risk
Along those lines, more organizations are becoming aware of the importance of identifying cybersecurity risks associated with extensive, complicated supply chains. Several solutions ended up developed to help manage supply chains; most focus on contract management or compliance. There is a need to provide organizations with a systematic and more usable way to evaluate the potential impacts of cyber supply chain risks relative to an organization’s risk appetite. This is especially important for organizations with complex supply chains and highly interdependent products and suppliers.
National Institute of Standards and Technology (NIST) created a publication that describes one potential way to visualize and measure these impacts: A Cyber Supply Chain Risk Management (C-SCRM) Interdependency Tool, designed to provide a basic measurement of the potential impact of a cyber supply chain event. This tool is intended to bridge that gap and enable users and tool developers to create a more complete understanding of an organization’s risk by measuring impact in their specific environments.
This tool provides the user greater visibility over the supply chain and the relative importance of particular projects, products, and suppliers compared to others.
Whether the industry is cattle, oil, or beverages, understanding the supply chain and keeping it secure will remain a major focus moving forward.
Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a CFE Media content partner. This article originally appeared on ISSSource’s website.
Supply chain security advice and guidelines
The human asset in cybersecurity
IIoT’s growing impact on ICS cybersecurity
Original content can be found at isssource.com.