Protecting the Auto Supply Chain, Part Two
Make sure to check out Saturday's Part One of Protecting the Auto Supply Chain!
Written by Sean Martin
Maybe of more interest to our readers here is the top theme captured in the 2011 Symantec Internet Security Threat Report; Targeted Attacks. The report highlights a targeted attack named Hydraq (or Aurora), an attack designed specifically to steal data. Not only is Hydraq designed to steal, it is designed to steal intellectual property from major corporations. Given the attention that this threat gained in the media, it is likely that most IT security professionals have their eyes open and their security measures fine-tuned to combat this specific attack. But, according to Symantec, they expect the attackers to modify their wares via an investment in the advancement of rootkits, employing these advanced rootkits as part of new targeted attacks in the future.
Therefore, as alternative methods for collaboration are explored, it is of paramount importance that OEMs and suppliers utilize reports and data available to them – reports such as those referenced here – in order to properly assess the situation such that they can make informed decisions regarding performance, reliability, and security as they relate to costs. The industry should not take lightly the task of finding the right balance of cost vs. functionality vs. risk.
Separately, two firms very familiar with this space, ANX (www.anx.com) in the US and ENX (www.enxo.com) in Europe, described two key exchange areas within the automotive data exchange environment which represent the core of the automotive supply chain collaboration space; Engineering data and EDI data; split at 80 percent and 20 percent, respectively.
During interviews with both firms, each described that, in the Engineering collaboration space, 80-90 percent of the risk exposed would primarily be associated with the loss and theft of design and other engineering documents, such as the theft of highly-sensitive CAD drawings or the leaking of real-time CAE communications. The firms also expect that 70-80 percent of the risk exposed in the EDI space is associated with delayed or failed order transactions. A significant failure within a just-in-time manufacturing process could take down an entire production line.
While cost is certainly a factor, the price of the service becomes a non-issue if the low-cost alternative introduces weakened security measures, unacceptable reliability and inadequate performance. If the communications don’t flow, aren’t quick enough, are vulnerable to attack, and introduce the risk of sensitive data being leaked or stolen, it won’t matter how little the service costs.
In an effort to help suppliers make an informed decision, captured below are some of the primary concerns associated with the secure and reliable exchange of intellectual property and EDI communications. The information is presented in the form of questions to ask the service provider before making trade-offs based primarily on cost.
1. Can the service substantially reduce the complexity, errors, and overhead of setting up multiple secure OEM communications?
2. Can the service provide a one-call setup and configuration process with always-on end-to-end communications across multiple countries, languages, and ISPs?
3. Can the service provider protect against unauthorized access to, and loss of, highly sensitive information such as Engineering designs and documents
4. Can the service provider properly protect against breaches and denial of service attacks such that they can guarantee an end-to-end service without disruption to critical just-in-time EDI transactions?
The automotive industry will undoubtedly continue to rely heavily on their supply chain communications. With the increased pressure to establish and maintain a respectable bottom line, it is completely natural that the OEMs and suppliers must also find ways to work better together using efficient and long-lasting cost-effective means. The actions toward these goals, however, should not come via the introduction of risk to operating the supply chain with reliability, integrity, or security.
Don’t let $1 trillion in theft prove you wrong. Ask questions. Verify answers. Choose wisely.
SAP Ariba to digitise procurement for Expo 2020 suppliers
The global trade event, this year hosted in Dubai, was rescheduled from last year and will now take place between 1 October 2021 and 31 March 2022.
As the event’s Innovative Enterprise Software Partner, SAP Ariba solutions will fully digitise and automate the procure-to-pay lifecycle, providing a streamlined experience for thousands of market leading, global suppliers and strengthening the global supply chain with enhanced transparency and efficiency. The cloud-based platforms operate through on SAP Ariba’s UAE public cloud data centre and connects to the Ariba Network.
Expo 2020 "a long-term investment"
Mohammed AlHashmi, Chief Technology Officer, Expo 2020 Dubai, said the world trade event is “a long-term investment in the future that aims to enhance opportunities for sustainable business connectivity and growth”, which stretches beyond Expo 2020’s six-month window.
“Our partnership with SAP is an example of what can be achieved with the invaluable support of our technology partners to host one of the most digitally advanced World Expos ever,” he added. “The implementation of SAP Ariba solutions has transformed our end-to-end procure-to-pay cycle and helped set new standards of procurement automation for projects of this scale.”
To date, more than AED 1bn has already been transacted by Expo 2020 suppliers through SAP Ariba. The platform promotes collaborative partnerships and allows registered users to participate in sourcing events, negotiate and initiate contracts, and centralise their invoicing and payments in real time.
Claudio Muruzabal, President of EMEA South, SAP, said: “Expo 2020 Dubai is demonstrating global best practices in digitising its procurement process with SAP Ariba solutions to help gain visibility into its spend, tighten collaboration with its suppliers, and achieve process automation, including completely paperless invoicing.”
About Expo 2020 Dubai
Expo 2020 will take place in Dubai and is the first of the long-running World Expos to be hosted in the Middle East, Africa and South Asia territory. The original World Expo, called the Great Exhibiton, was hosted in 1851 at the Crystal Palace in London, designed as a showcase for the innovations of the Industrial Revolution.
Expo 2020 was originally due to run 20 October 2020 to 10 April 2021, but was last year postponed in light of COVID-19 restrictions - though some business has already taken place virtually. The event will place greater emphasis on innovation in sustainable solutions through the Sustainability District, blending technology and culture. It is expected that around 70 per cent of the 25 million attendees will be international visitors.