Balancing Act: Securing Modern Supply Chains

Article by Bettina Warburg

It’s not just the black hats anymore. The modern marketplace is crowded and contentious, leaving little, if any, room for error. In earlier posts in this series, we discussed these realities relative to a recent investigation by Bloomberg concerning a hardware manufacturer’s logistics network, which revealed significant vulnerabilities. Building off this foundation, our team thought it worth contextualizing this alleged hack within larger situation of modern supply chains.

Know Thy Vendors

A supply chain is only as strong as its weakest link. Given the number of partners involved in most modern supply chains, firms expose themselves to many potential weak links daily. After spending substantial effort and capital on R&D and the painstaking process of bringing a product to market, a company must ultimately rely on vendors, subcontractors, and a host of other partners to find success.
Just a handful of years ago, a massive retailer had their data security compromised through a low-tier HVAC vendor with substandard information security. The vendor’s access to the retailer’s networks as a logistics partner made the havoc possible. When news of the hack broke, the retailer experienced an 11% dip in their stock price, paid a $10 million settlement in response to a class action suit from customers, and damage to its brand that took years to rebuild.

A New Regulatory Landscape

This example, along with the Super Micro hack, demonstrate the need for buy-in from all supply chain participants. It’s not enough for a company to adopt impactful technologies to shore up its own data security and logistics. Every third-party it partners with has significant access to critical information and systems must also adhere to rigorous standards.
The EU is taking such a notion to heart with the GDPR, now regulating adequate due diligence concerning data security on all suppliers, vendors, subcontractors, and partners before accepting and processing a customer’s personal information. In other words, the EU is removing choice on whether to adopt wide-reaching, comprehensive security protocols. Between regulators and consumer-investor backlash, firms do not lack for incentives to be diligent in their logistics.

Death by Flashdrive

International espionage provides another example of a critical supply chain lapse that caused the entire world to take notice. The well-publicized Stuxnet virus was implanted in Iran’s uranium enrichment facility, causing catastrophic damage from just the introduction of a small amount of binary code.
A single idle computer terminal was all that was needed. It allowed a person using a flash drive to upload the powerful virus into the network. The virus was able to command centrifuges within the plant to oscillate, essentially rendering the equipment useless. And throughout the virus had the machines reporting normal operating indicators to the network’s users.
Although few share the same motives as the Iranian plant, every outfit reliant on outdated logistics practices is similarly vulnerable. Corporate espionage is neither dying nor buried, even if it doesn’t make many headlines these days. In fact, as supply chains become more complex, the risk of another Stuxnet has never been greater.

Finding Clarity Amidst the Crowd

Companies are not helpless regarding logistics security. Utilizing blockchain, AI, IoT, and complementary innovations like on-demand manufacturing, supply chains can be cognitive and agile. And these tools can also help firms effectively eliminate reliance on human trust and the susceptibilities  that accompany it. In the final piece of this series, Animal Ventures will take a closer look at those cognitive supply chains and the benefits they bring companies, logistics partners, and consumers in light of Bloomberg’s sobering report.
Editor’s Note: This report is the fourth in a five-part series exploring the future of supply chain integrity and you can read the first three parts here, here and here. Check back in tomorrow to read the final entry, and take a look at AV’s white paper for more insight into the future of logistics and security.