Nov 24, 2020

TrapX: A Survey on Cyber-Vulnerabilities in Manufacturing

Cybersecurity
OT
TrapX
ESG
Oliver Freeman
3 min
Cybersecurity, IoT, 5G in supply chain manufacturing.
Cyber-attacks can be devastating, so how do can manufacturers and supply chain professionals defend against them...

A survey released by TrapX Security, a global leader in ‘deception-based’ cyber defence solutions, and Enterprise Strategy Group (ESG), has recently shed light on how manufacturing companies are vulnerable to cyber-attacks, and what could be done to stop the attacks. 

The survey itself asked 150 cyber and IT professionals directly involved in security strategy, control and operations within manufacturing organisations about their current and future concerns. “The research findings point to an industry whose security teams are seeing the information technology (IT) and operational technology (OT) environments converging at a rapid pace. Yet manufacturing organisations are struggling to safeguard OT assets as they are using the same tools to safeguard their IT infrastructure as they are for OT.”

The Findings

Some key statistics found in the survey: 

  • 49% say IT and OT is tightly integrated 
  • 77% expect further IT and OT infrastructure convergence in the future 
  • 53% believe their security operations workload exceeds staff capacity 
  • 53% agreed their organisation’s OT infrastructure is vulnerable to some form of cyber-attack 
  • 43% say that the volume of security alerts have increased 

“The research illustrates a potentially dangerous imbalance between existing security controls and staff capabilities and a need for more specialised and effective safeguards,” said Jon Oltsik, ESG Senior Principal Analyst and Fellow. “Manufacturing organisations are consolidating their IT and OT environments to achieve economies of scale and enable new types of business processes. Unfortunately, this advancement carries the growing risk of disruptive cyber-attacks. 

While organisations have deployed numerous technologies for threat detection and response, the data indicates that they are overwhelmed by growing volumes of security data, visibility gaps, and a lack of staff and skills. Since they can’t address these challenges with more tools or staff, CISOs really need to seek out more creative approaches for threat detection and response.”

The Future 

The findings in the research show that there is a disconnect between IT/OT departments and managers higher up in the work-chain. That is to say, that more attention is required for the correct allocation of resources, time and professional help in certain areas of cyber-security. As stated above, with a massive influx of data, comes the necessity to vastly improve security along with it; and while we may be a little far from any major sci-fi advanced hacking techniques, companies must invest in their security across all areas, not just cyber, to have a chance of maintaining their entire supply chain, let alone their own data. 

“This research shows that manufacturing organisations are experiencing real challenges when it comes to threat detection and response, particularly for specialised OT assets that are critical for business operations,” said Ori Bach, CEO of TrapX Security. “This data, and our own experience working with innovators in all sectors of manufacturing, demonstrate there is a clear need for solutions like Deception, which can improve cyber defences and reduce downtime without the need to install agents or disrupt existing security systems and operations.”

Share article

Jun 11, 2021

NTT DATA Services, Remodelling Supply Chains for Resilience

NTTDATA
supplychain
Supplychainriskmanagement
Procurement
6 min
Joey Dean, Managing Director of healthcare consulting at NTT DATA Services, shares remodelling strategies for more resilient supply chains

Joey Dean, the man with the coolest name ever and Managing Director in the healthcare consulting practice for NTT DATA and is focused on delivering workplace transformation and enabling the future workforce for healthcare providers. Dean also leads client innovation programs to enhance service delivery and business outcomes for clients.

The pandemic has shifted priorities and created opportunities to do things differently, and companies are now looking to build more resilient supply chains, none needed more urgently than those within the healthcare system. Dean shares with us how he feels they can get there.

A Multi-Vendor Sourcing Approach

“Healthcare systems cannot afford delays in the supply chain when there are lives at stake. Healthcare procurement teams are looking at multi-vendor sourcing strategies, stockpiling more inventory, and ways to use data and AI to have a predictive view into the future and drive greater efficiency.

“The priority should be to shore up procurement channels and re-evaluate inventory management norms, i.e. stockpiling for assurance. Health systems should take the opportunity to renegotiate with their current vendors and broaden the supplier channel. Through those efforts, work with suppliers that have greater geographic diversity and transparency around manufacturing data, process, and continuity plans,” says Dean.

But here ensues the never-ending battle of domestic vs global supply chains. As I see it, domestic sourcing limits the high-risk exposure related to offshore sourcing— Canada’s issue with importing the vaccine is a good example of that. So, of course, I had to ask, for lifesaving products, is building domestic capabilities an option that is being considered?

“Domestic supply chains are sparse or have a high dependence on overseas centres for parts and raw materials. There are measures being discussed from a legislative perspective to drive more domestic sourcing, and there will need to be a concerted effort by Western countries through a mix of investments and financial incentives,” Dean explains.

Wielding Big Tech for Better Outcomes

So, that’s a long way off. In the meantime, leveraging technology is another way to mitigate the risks that lie within global supply chains while decreasing costs and improving quality. Dean expands on the potential of blockchain and AI in the industry

“Blockchain is particularly interesting in creating more transparency and visibility across all supply chain activities. Organisations can create a decentralised record of all transactions to track assets from production to delivery or use by end-user. This increased supply chain transparency provides more visibility to both buyers and suppliers to resolve disputes and build more trusting relationships. Another benefit is that the validation of data is more efficient to prioritise time on the delivery of goods and services to reduce cost and improve quality. 

“Artificial Intelligence and Machine Learning (AI/ML) is another area where there’s incredible value in processing massive amounts of data to aggregate and normalise the data to produce proactive recommendations on actions to improve the speed and cost-efficiency of the supply chain.”

Evolving Procurement Models 

From asking more of suppliers to beefing up stocks, Dean believes procurement models should be remodelled to favour resilience, mitigate risk and ensure the needs of the customer are kept in view. 

“The bottom line is that healthcare systems are expecting more from their suppliers. While transactional approaches focused solely on price and transactions have been the norm, collaborative relationships, where the buyer and supplier establish mutual objectives and outcomes, drives a trusting and transparent relationship. Healthcare systems are also looking to multi-vendor strategies to mitigate risk, so it is imperative for suppliers to stand out and embrace evolving procurement models.

“Healthcare systems are looking at partners that can establish domestic centres for supplies to mitigate the risks of having ‘all of their eggs’ in overseas locations. Suppliers should look to perform a strategic evaluation review that includes a distribution network analysis and distribution footprint review to understand cost, service, flexibility, and risks. Included in that strategy should be a “voice of the customer” assessment to understand current pain points and needs of customers.”

“Healthcare supply chain leaders are re-evaluating the Just In Time (JIT) model with supplies delivered on a regular basis. The approach does not require an investment in infrastructure but leaves organisations open to risk of disruption. Having domestic centres and warehousing from suppliers gives healthcare systems the ability to have inventory on hand without having to invest in their own infrastructure. Also, in the spirit of transparency, having predictive views into inventory levels can help enable better decision making from both sides.”

But, again, I had to ask, what about the risks and associated costs that come with higher inventory levels, such as expired product if there isn’t fast enough turnover, tying up cash flow, warehousing and inventory management costs?

“In the current supply chain environment, it is advisable for buyers to carry an in-house inventory on a just-in-time basis, while suppliers take a just-in-case approach, preserving capacity for surges, retaining safety stock, and building rapid replenishment channels for restock. But the risk of expired product is very real. This could be curbed with better data intelligence and improved technology that could forecast surges and predictively automate future supply needs. In this way, ordering would be more data-driven and rationalised to align with anticipated surges. Further adoption of data and intelligence and will be crucial for modernised buying in the new normal.

The Challenges

These are tough tasks, so I asked Dean to speak to some of the challenges. Luckily, he’s a patient guy with a lot to say.

On managing stakeholders and ensuring alignment on priorities and objectives, Dean says, “In order for managing stakeholders to stay aligned on priorities, they’ll need more transparency and collaborative win-win business relationships in which both healthcare systems and medical device manufacturers are equally committed to each other’s success. On the healthcare side, they need to understand where parts and products are manufactured to perform more predictive data and analytics for forecasting and planning efforts. And the manufacturers should offer more data transparency which will result in better planning and forecasting to navigate the ebbs and flows and enable better decision-making by healthcare systems.

Due to the sensitive nature of the information being requested, the effort to increase visibility is typically met with a lot of reluctance and push back. Dean essentially puts the onus back on suppliers to get with the times. “Traditionally, the relationships between buyers and suppliers are transactional, based only on the transaction between the two parties: what is the supplier providing, at what cost, and for what length of time. The relationship begins and ends there. The tide is shifting, and buyers expect more from their suppliers, especially given what the pandemic exposed around the fragility of the supply chain. The suppliers that get ahead of this will not only reap the benefits of improved relationships, but they will be able to take action on insights derived from greater visibility to manage risks more effectively.”

He offers a final tip. “A first step in enabling a supply chain data exchange is to make sure partners and buyers are aware of the conditions throughout the supply chain based on real-time data to enable predictive views into delays and disruptions. With well understand data sets, both parties can respond more effectively and work together when disruptions occur.”

As for where supply chain is heading, Dean says, “Moving forward, we’ll continue to see a shift toward Robotic Process Automation (RPA), Artificial Intelligence (AI), and advanced analytics to optimise the supply chain. The pandemic, as it has done in many other industries, will accelerate the move to digital, with the benefits of improving efficiency, visibility, and error rate. AI can consume enormous amounts of data to drive real-time pattern detection and mitigate risk from global disruptive events.”

 

Share article