Hacked to Death: Data Security in Supply Chain
Russia did in fact hack and influence the United States’ presidential election. This widely reported story is based on information from “a former British intelligence operative, whose past work US intelligence officials consider credible”. Yes, it’s true… we’re literally living in a James Bond movie, and the villain is still at large.
Crisis of Connectivity
Digitisation is the most important megatrend affecting supply chain strategy today. Visibility to both demand and supply has, in the blink of an eye, evolved from a notoriously slow, clunky process of transmitting batch data to a nearly incomprehensible supernova of constant information. Cisco tracks global internet traffic this flow has grown 300-fold since the turn of the century. Connectivity is everywhere, but it’s not always good.
In supply chain terms, this includes order data, engineering information, prices and contractual terms. Layer on top of this machine-to-machine connectivity, remotely guided vehicles and even more ominously, digitally linked smart products, and we’re suddenly accountable for a lot more than just secrets. Connectivity may be the ultimate double-edged sword.
In our annual Future of Supply Chain survey this past fall, not only did “data security/IT incidents” rank highest overall among 13 separate risks considered with 30% of 1,408 respondents saying they were “very concerned”, it has also risen fastest.
More tellingly, the anxiety rises with seniority. Among 126 respondents at the Senior Vice President level or higher, the portion saying they’re "very concerned" is still higher at 37%.
Splitting these survey results by industry tells another story about who might be asleep at the controls. Hi-tech respondents, for instance, are nearly twice as likely to cite this problem as a major concern than are industrials, while half of healthcare and pharmaceutical respondents consider it a minor worry. The fact that hi-tech gets it first is not surprising given their familiarity with the technology itself. Others might be wise to follow their lead.
What to Do
Last year, the US National Counterintelligence and Security Center (NCSC) produced a video intended to help supply chain professionals protect against hacking. Its recommendations are a common-sense breakdown of questions procurement professionals should consider when engaging suppliers. My colleague Geraint John, whose research on sourcing and supply chain risk offers valuable frameworks on this topic, breaks it down in a blog post written last summer.
Unfortunately, as the Russia revelations suggest, the bad guys seem to be a step ahead, which means investments in vigilance are going to have to increase. From a tools perspective, security should evolve like any other technology business with market-driven innovation delivering improvements in network, software and hardware access control. Expect to spend money on security in supply chains in the same way that you’ve gotten used to upgrading your mobile phone every two years. It is a spiral that you cannot afford to shun.
Another idea is the use of supply chain segmentation strategies. Supplier management excellence includes developing deep trusting relations with certain suppliers, while maintaining more arms-length links with others. The known cost, service and innovation benefits of tight supplier collaboration will increasingly include security tactics that streamline information flow without risking attack. Sort of like TSA Precheck for supply chain.
Segmentation applies to customers and channels too, with different levels of priority, service and information sharing for each segment of your fulfilment supply chain. Retailers, interestingly were the second most concerned among industries about data security/IT incidents (hi-tech was first). Their need to protect consumer data should make them receptive partners in efforts to improve supply chain data security.
The Fatal Virus
Business in general, and supply chain management in particular, depends on trust. Consumer confidence underpins commerce because we’ve grown accustomed to retailers having our personal information already loaded in their systems. The same is even truer upstream, with manufacturers who share design data, trade secrets and market information with suppliers and contract manufacturers.
Seeds of fear and doubt, once sown, are deadly. If they take root and spread, everything could quickly grind to a halt.
Get ready to pay for protection.
The January issue of Supply Chain Digital is live!
Follow @SupplyChainD on Twitter.