Hacked to Death: Data Security in Supply Chain
Russia did in fact hack and influence the United States presidential election. This widely reported story is based on information from“a former B...
Russia did in fact hack and influence the United States’ presidential election. This widely reported story is based on information from “a former British intelligence operative, whose past work US intelligence officials consider credible”. Yes, it’s true… we’re literally living in a James Bond movie, and the villain is still at large.
Crisis of Connectivity
Digitisation is the most important megatrend affecting supply chain strategy today. Visibility to both demand and supply has, in the blink of an eye, evolved from a notoriously slow, clunky process of transmitting batch data to a nearly incomprehensible supernova of constant information. Cisco tracks global internet traffic this flow has grown 300-fold since the turn of the century. Connectivity is everywhere, but it’s not always good.
In supply chain terms, this includes order data, engineering information, prices and contractual terms. Layer on top of this machine-to-machine connectivity, remotely guided vehicles and even more ominously, digitally linked smart products, and we’re suddenly accountable for a lot more than just secrets. Connectivity may be the ultimate double-edged sword.
In our annual Future of Supply Chain survey this past fall, not only did “data security/IT incidents” rank highest overall among 13 separate risks considered with 30% of 1,408 respondents saying they were “very concerned”, it has also risen fastest.
More tellingly, the anxiety rises with seniority. Among 126 respondents at the Senior Vice President level or higher, the portion saying they’re "very concerned" is still higher at 37%.
Splitting these survey results by industry tells another story about who might be asleep at the controls. Hi-tech respondents, for instance, are nearly twice as likely to cite this problem as a major concern than are industrials, while half of healthcare and pharmaceutical respondents consider it a minor worry. The fact that hi-tech gets it first is not surprising given their familiarity with the technology itself. Others might be wise to follow their lead.
What to Do
Last year, the US National Counterintelligence and Security Center (NCSC) produced a video intended to help supply chain professionals protect against hacking. Its recommendations are a common-sense breakdown of questions procurement professionals should consider when engaging suppliers. My colleague Geraint John, whose research on sourcing and supply chain risk offers valuable frameworks on this topic, breaks it down in a blog post written last summer.
Unfortunately, as the Russia revelations suggest, the bad guys seem to be a step ahead, which means investments in vigilance are going to have to increase. From a tools perspective, security should evolve like any other technology business with market-driven innovation delivering improvements in network, software and hardware access control. Expect to spend money on security in supply chains in the same way that you’ve gotten used to upgrading your mobile phone every two years. It is a spiral that you cannot afford to shun.
Another idea is the use of supply chain segmentation strategies. Supplier management excellence includes developing deep trusting relations with certain suppliers, while maintaining more arms-length links with others. The known cost, service and innovation benefits of tight supplier collaboration will increasingly include security tactics that streamline information flow without risking attack. Sort of like TSA Precheck for supply chain.
Segmentation applies to customers and channels too, with different levels of priority, service and information sharing for each segment of your fulfilment supply chain. Retailers, interestingly were the second most concerned among industries about data security/IT incidents (hi-tech was first). Their need to protect consumer data should make them receptive partners in efforts to improve supply chain data security.
The Fatal Virus
Business in general, and supply chain management in particular, depends on trust. Consumer confidence underpins commerce because we’ve grown accustomed to retailers having our personal information already loaded in their systems. The same is even truer upstream, with manufacturers who share design data, trade secrets and market information with suppliers and contract manufacturers.
Seeds of fear and doubt, once sown, are deadly. If they take root and spread, everything could quickly grind to a halt.
Get ready to pay for protection.
The January issue of Supply Chain Digital is live!
Follow @SupplyChainD on Twitter.
NTT DATA Services, Remodelling Supply Chains for Resilience
Joey Dean, the man with the coolest name ever and Managing Director in the healthcare consulting practice for NTT DATA and is focused on delivering workplace transformation and enabling the future workforce for healthcare providers. Dean also leads client innovation programs to enhance service delivery and business outcomes for clients.
The pandemic has shifted priorities and created opportunities to do things differently, and companies are now looking to build more resilient supply chains, none needed more urgently than those within the healthcare system. Dean shares with us how he feels they can get there.
A Multi-Vendor Sourcing Approach
“Healthcare systems cannot afford delays in the supply chain when there are lives at stake. Healthcare procurement teams are looking at multi-vendor sourcing strategies, stockpiling more inventory, and ways to use data and AI to have a predictive view into the future and drive greater efficiency.
“The priority should be to shore up procurement channels and re-evaluate inventory management norms, i.e. stockpiling for assurance. Health systems should take the opportunity to renegotiate with their current vendors and broaden the supplier channel. Through those efforts, work with suppliers that have greater geographic diversity and transparency around manufacturing data, process, and continuity plans,” says Dean.
But here ensues the never-ending battle of domestic vs global supply chains. As I see it, domestic sourcing limits the high-risk exposure related to offshore sourcing— Canada’s issue with importing the vaccine is a good example of that. So, of course, I had to ask, for lifesaving products, is building domestic capabilities an option that is being considered?
“Domestic supply chains are sparse or have a high dependence on overseas centres for parts and raw materials. There are measures being discussed from a legislative perspective to drive more domestic sourcing, and there will need to be a concerted effort by Western countries through a mix of investments and financial incentives,” Dean explains.
Wielding Big Tech for Better Outcomes
So, that’s a long way off. In the meantime, leveraging technology is another way to mitigate the risks that lie within global supply chains while decreasing costs and improving quality. Dean expands on the potential of blockchain and AI in the industry.
“Blockchain is particularly interesting in creating more transparency and visibility across all supply chain activities. Organisations can create a decentralised record of all transactions to track assets from production to delivery or use by end-user. This increased supply chain transparency provides more visibility to both buyers and suppliers to resolve disputes and build more trusting relationships. Another benefit is that the validation of data is more efficient to prioritise time on the delivery of goods and services to reduce cost and improve quality.
“Artificial Intelligence and Machine Learning (AI/ML) is another area where there’s incredible value in processing massive amounts of data to aggregate and normalise the data to produce proactive recommendations on actions to improve the speed and cost-efficiency of the supply chain.”
Evolving Procurement Models
From asking more of suppliers to beefing up stocks, Dean believes procurement models should be remodelled to favour resilience, mitigate risk and ensure the needs of the customer are kept in view.
“The bottom line is that healthcare systems are expecting more from their suppliers. While transactional approaches focused solely on price and transactions have been the norm, collaborative relationships, where the buyer and supplier establish mutual objectives and outcomes, drives a trusting and transparent relationship. Healthcare systems are also looking to multi-vendor strategies to mitigate risk, so it is imperative for suppliers to stand out and embrace evolving procurement models.
“Healthcare systems are looking at partners that can establish domestic centres for supplies to mitigate the risks of having ‘all of their eggs’ in overseas locations. Suppliers should look to perform a strategic evaluation review that includes a distribution network analysis and distribution footprint review to understand cost, service, flexibility, and risks. Included in that strategy should be a “voice of the customer” assessment to understand current pain points and needs of customers.”
“Healthcare supply chain leaders are re-evaluating the Just In Time (JIT) model with supplies delivered on a regular basis. The approach does not require an investment in infrastructure but leaves organisations open to risk of disruption. Having domestic centres and warehousing from suppliers gives healthcare systems the ability to have inventory on hand without having to invest in their own infrastructure. Also, in the spirit of transparency, having predictive views into inventory levels can help enable better decision making from both sides.”
But, again, I had to ask, what about the risks and associated costs that come with higher inventory levels, such as expired product if there isn’t fast enough turnover, tying up cash flow, warehousing and inventory management costs?
“In the current supply chain environment, it is advisable for buyers to carry an in-house inventory on a just-in-time basis, while suppliers take a just-in-case approach, preserving capacity for surges, retaining safety stock, and building rapid replenishment channels for restock. But the risk of expired product is very real. This could be curbed with better data intelligence and improved technology that could forecast surges and predictively automate future supply needs. In this way, ordering would be more data-driven and rationalised to align with anticipated surges. Further adoption of data and intelligence and will be crucial for modernised buying in the new normal.
These are tough tasks, so I asked Dean to speak to some of the challenges. Luckily, he’s a patient guy with a lot to say.
On managing stakeholders and ensuring alignment on priorities and objectives, Dean says, “In order for managing stakeholders to stay aligned on priorities, they’ll need more transparency and collaborative win-win business relationships in which both healthcare systems and medical device manufacturers are equally committed to each other’s success. On the healthcare side, they need to understand where parts and products are manufactured to perform more predictive data and analytics for forecasting and planning efforts. And the manufacturers should offer more data transparency which will result in better planning and forecasting to navigate the ebbs and flows and enable better decision-making by healthcare systems.
Due to the sensitive nature of the information being requested, the effort to increase visibility is typically met with a lot of reluctance and push back. Dean essentially puts the onus back on suppliers to get with the times. “Traditionally, the relationships between buyers and suppliers are transactional, based only on the transaction between the two parties: what is the supplier providing, at what cost, and for what length of time. The relationship begins and ends there. The tide is shifting, and buyers expect more from their suppliers, especially given what the pandemic exposed around the fragility of the supply chain. The suppliers that get ahead of this will not only reap the benefits of improved relationships, but they will be able to take action on insights derived from greater visibility to manage risks more effectively.”
He offers a final tip. “A first step in enabling a supply chain data exchange is to make sure partners and buyers are aware of the conditions throughout the supply chain based on real-time data to enable predictive views into delays and disruptions. With well understand data sets, both parties can respond more effectively and work together when disruptions occur.”
As for where supply chain is heading, Dean says, “Moving forward, we’ll continue to see a shift toward Robotic Process Automation (RPA), Artificial Intelligence (AI), and advanced analytics to optimise the supply chain. The pandemic, as it has done in many other industries, will accelerate the move to digital, with the benefits of improving efficiency, visibility, and error rate. AI can consume enormous amounts of data to drive real-time pattern detection and mitigate risk from global disruptive events.”