by K. Eric Harper
We all experience the consequences of supply chain disruption in these interesting times.
Perhaps your grocery store does not have your favorite brand of bathroom tissue, so you settle for anything available. You receive household food items delivered to your home but there is limited room in the freezer.
Your personal supply chain management practices must estimate what you need next week and match the quantities for the storage space. There are no garage freezers for sale to expand your capacity. They are stuck in the Far East where they were manufactured.
Businesses deal with these concerns every day because no one is best at producing everything. Relationships are built over time through negotiation and trust. A key part of that trust is based on sharing the least amount of information with and from your partners to reduce the risk of exposing intellectual property and proprietary business information.
Supply Chain Benefits
Supply “chain” is a faulty mental model. The relationships are more of a mesh, where the links are temporal and evolve over time. On the other hand, supply chain is the concept we are most familiar with, so we stick with it for now.
Supply chains are prevalent in our society because they provide substantial benefits. Collaboration with partners makes it possible to focus on your own core competencies. This separation of concerns creates business value at intermediate stages during the production process, and reduces the number of direct reporting relationships needed to create value for end customers.
Managed properly, a supply chain allows each participant to diversify the sources for their business inputs and enable just-in-time processes.
Protect Your Supply Chains
Security best practice protects your assets, whether they are physical or digital. This protection is not effective unless you can observe the current conditions, measure the outcomes, and hold everyone accountable for guarding the assets. A supply chain extends across many security domains where each is managed by a different organization. Trustworthy communication is essential to maintain supply chain visibility.
You require pervasive visibility into your supply chain – at scale – to secure and manage your assets. You need to invest in extensive local data collection and obtain the ability to view your supply chain key performance indicators (KPIs), all the time, and to drill into the details when necessary. Your partners need to do the same and securely share their KPIs within the trust relationship.
Without secure communication, for example, a supply chain can be fragmented and provide limited visibility of the overall business risk. Each member of the chain knows something about their direct suppliers and customers, but little beyond that scope.
Financial failure of a supply chain participant two links away will come as a surprise during interesting times. Lack of supply buffers or control over production timing causes cascading failures. Intentional payment delays can trigger these failures.
Protect Your Vulnerable Communications
Communication in supply chains is vulnerable to many threats. Malicious actors are motivated to compromise the nodes and links to gain access to intellectual property and business information.
This process is done in stages: gaining initial access, monitoring the network traffic and processes, subverting communications to gain deeper control, planning and executing the thefts, and then covering up the tracks by removing logs and audit trails.
Another tactic is holding the supply chain hostage to generate disruptions and loss of value. Establishing a foothold in business and deploying ransomware has become more common. Causing a business to act not in their best interests is another scenario. Finally, unauthorized control of supply chain communications can be motivated by corrupt or self-serving activities.
Some forward-looking organizations are starting to look at risk managed for their supply chain, but most still do security as perimeter defense because that’s all they know, and that’s the only tech they can buy.
Seek out risk management tech that starts with visibility, analytics, event-response, and remediation capabilities for supply chain. Monitoring and incident response for the IoT is a new category to consider. Your solution should provide centralized data aggregation and dashboard visualizations, advanced edge analytics for high scalability and cost-effective, non-invasive data collection from your supply chain elements.
K. Eric Harper is a Senior Consultant at InsightCyber.