Volkswagen Chattanooga’s Severe Semiconductor Shortage
Officials at have announced that production will be suspended from Friday, May 7th, through Monday 10th, before resuming operations on Tuesday 11th, due to a “significant shortage of semiconductor capacities”.
What does this mean?
Unlike many cases during a COVID-19-ravaged era, the pause in production isn’t caused by the pandemic but by a supply chain bottleneck that is preventing leading manufacturers from producing the all-important semiconductor.
Amanda Plecas, a spokeswoman, stated that the production comes as a result of “the increasing demand for consumer electronics on the one hand, and the recovering automotive markets on the other, this has also led to supply bottlenecks in the automotive industry since the turn of the year. The result is industry-wide adaptations in automobile production."
What is a Semiconductor?
The semiconductor is, arguably, the most important piece of technology in any device.
There is a myriad of intricate little parts in every device that you own ─ we rely on them to make modern technology work. But in every snazzy gadget, there is always a mainframe of sorts that ensures every other part works harmoniously and as it should. In this case, that’s exactly what a semiconductor does.
As industry-leading supply chain specialist, Adebayo Adeleke notes in his recent paper, “[the semiconductor is] like the little brain of any electrical device that you now own. It makes it all tick.”
Adeleke goes on to state that “right now, the semiconductor industry is responsible for creating a component that enables advancement in communications, computing, healthcare, military systems, transportation, clean energy, and a myriad of other applications.
Needless to say, the mighty semiconductor is playing an increasingly important part in everyday life. And, right now, to repeat the news of the day: we keep running out of this magical little component, and the shortages are “shorting” the technological hives of leading economies, including the United States and their Eastern counterpart, China.”
Who Else Is Affected?
As Adeleke’s sentiments suggest, many organisation’s are suffering as a result of the current shortage ─ not just Volkswagen. In recent times, German luxury brand, BMW, has had to close two plants, including its , United Kingdom, due to a shortage of semiconductors. Nissan, Toyota, Ford, and Jaguar Land Rover have also recently joined the list of automobile manufacturers closing their doors in the looming shadow of the supply chain struggle.
President Biden the Brave
To address the global shortage, President Joe Biden and the Democratic Party recently decided to step in with a federal stimulus. In a meeting with automotive and tech executives, Biden called for a bipartisan push to strengthen the United States semiconductor industry and announced that the federal government had to boost America’s home soil semiconductor production.
A drop in the ocean, according to Adeleke.
“It’s a step in the right direction from the higher-ups, but it’s ultimately pointless; I imagine tumbleweed rolled across the room when Biden delivered that line to the tech executives. Why? Because, according to the Semiconductor Industry Association, to make the US self-sufficient for its chips, it’d cost a whopping US$1.4tn in investments and government incentives over a decade.”
Back in January, the , through preliminary findings, that the semiconductor industry’s worldwide market revenue had grown by approximately . In a recent announcement, it turns out that growth actually hit , rising in value to US$466.2bn in 2020, despite ongoing supply chain disruptions caused by the COVID-19 pandemic. That’s a staggering level of growth in a world that has borderline fallen apart in recent times.
Adeleke looked at this development and told the world that, while it sounds like a positive, the reality is that it just isn’t. “The problem is, technology has advanced at such a rapid pace in recent years, and every year hungry consumers demand “the next best thing” ─ a reality made possible only by the very best, cutting-edge semiconductors. Semiconductors that have been successfully monopolised by in South Korea and (TSMC) ─ the industry-leading producer ─, and politicised by warring superpowers.”
Where Does the Shortage Come From?
The blame for our global semiconductor shortage tends to be put at the feet of COVID-19 and its effect on the manufacturing industries in both South Korea and Taiwan, where the bulk of the cutting-edge chips are created. And, while we’re right to claim that the pandemic was a catalyst for the issue, it’d be wrong to say that it’s the sole cause.
Looking deeper into the shortage, there’s a very obvious issue that is being brushed under the global pandemic-shaped carpet: consumer demand and the politicisation of technology.
“Due to the demand for cutting-edge chips [in recent years], leading semiconductor manufacturers have been evolving their manufacturing plants to ensure that they can produce the next generation of semiconductor year-on-year. They were forced to look forward and to stop looking back”, says Adeleke.
“Now, courtesy of a shift to work-at-home norms, there’s a higher demand for electronics that run, not just on the cutting-edge chips but the older, less-sophisticated ones ─ and suppliers haven’t got any.
This, once again, brings us back to the ferocious, politicised war between the technology titans of leading nations and the consumer greed that accommodates and justifies the demand for “flagship” devices”, he adds.
Semiconductor Shortage ~ Business Fatality
This potentially fatal mistake is now forcing leading semiconductor manufacturers to attempt to alter their current production lines to meet the demand of each consumer market that relies on cutting-edge chips to power their technology ─ automobiles, handheld devices, and home appliances.
But, arguably, it’s too little too late. Leading organisations are already starting to close the doors of their production plants, and, in the case of automobile manufacturers and smart device creators, the subsequent losses that they will sustain in the coming quarters could well cripple their future potential.
Biden’s Supply Chain Intentions Depend on Cybersecurity
In recent years, the United States’ supply chain network has faced an onslaught of cyberattacks. The attacks have left the global superpower a shaking nation with a whole portfolio of challenges, risks, and vulnerabilities exposed to the masses. From the attack to the that breached companies like Apple, Microsoft, Uber, and Tesla, to the most recent , it’s evident that, in an increasingly digital age, cybercriminals fear no traditional governmental powers, and supply chain networks need to hunker down on cybersecurity.
Looking back at the height of the COVID-19 pandemic, western nations found themselves ill-equipped to deal with the novel Coronavirus; not due to lack of knowledge or medical inability but because supply chains were in a chokehold and supplies like personal protective equipment (PPE) for frontline workers weren’t being manufactured fast enough.
The Executive Order (EO) of US supply chains to figure out exactly where the vulnerabilities and risks are, to help institutions and organisations manage any future disruption caused by COVID-like events.
The EO focuses on six primary sectors:
- Communications and information technology
- Defence industrial base (DIB)
- Energy and power
- Public health
The listed sectors, as you might expect, are increasingly dependent on digital products and services to maintain daily operations, which increases their vulnerability to potential attacks ─ so they need cybersecurity. In fact, cybersecurity should be front-and-centre as a critical facet of the EO if the federal government truly intends to create a more robust and resilient supply chain in the face of rising criminal adversity.
Digitisation Dangers The Nation
When it comes to a globally interconnected supply chain, the ambitions of Biden’s administration are potentially a little far-fetched and off-the-mark, in reality. I say that because an overwhelming number of industry-leading organisations ─ even in the tech realm ─ still do not feel confident in their ability to deal with the vulnerabilities in their supply chain. Most of which come not from internal operations but from externals ones in the form of third parties and suppliers that they collaborate with.
According to the dated but increasingly relevant Marsh Microsoft introduction, “cyber risk has moved beyond data breaches and privacy concerns to sophisticated schemes that can disrupt entire businesses, industries, supply chains, and nations, costing the economy billions of dollars and affecting companies in every sector. The hard truth organisations must face is that cyber risk can be mitigated, managed, and recovered from, but it cannot be eliminated.”
Taking a look at the survey results reveals a telling tale: that third-party providers and supply chain operations external to an organisation are most likely to be the victim of cyberattacks and potential infiltration.
The survey found a wide discrepancy in many organisations’ view of the cyber risk faced by supply chain partners, compared to the level of perceived risk they themselves pose:
This variance is consistent across industry sectors and geographic regions, and the largest organisations exhibited the largest dissonance: 61% of companies with revenues of US$5bn or more suggested that their supply chain partners pose a risk, whereas only 19% say they themselves pose a risk to the third-parties involved:
Low Confidence in 3rd-Party Risk Mitigation Capabilities
The above paints a pretty poor picture of the overall supply chain security ─ a disconnect between large organisations and their suppliers, which could be driven by companies’ low confidence in their ability to mitigate cyber risks posed by their commercial partners. The number of companies that considered themselves “highly confident” in that area is few and far between, with only 5-15% of respondents feeling prepared to deal with the cyber risks caused by certain types of third-party providers.
So due to the very obvious lack of knowledge, it’s clear that supply chain professionals and organisations, as well as the Biden administration, should call upon their cybersecurity industry peers ─ ─ to take the fight to black hat cybercriminals.
How Cybersecurity Professionals Can Help
According to Padraic O’Reilly, CPO and Co-Founder of CyberSaint, the success of Biden’s Executive Order is heavily dependent on its stakeholders taking note of lessons from cybersecurity’s supply chain risk management initiatives, including:
- Identifying the main weaknesses along the chain of production before determining which ones can be fixed cost-effectively. Then, compare that with the cost of the potential impact ─ discover where the holes are and what’s worth prioritising.
- Thinking about the supply chain as a cybersecurity practitioner does. Cyber-risk is all about making sense of multiple data sources, and supply chain risk is the same. Don’t think about the supply chain as a single entity; rather, consider it as many entities that produce data ripe for deep risk analysis.
- Standardisation across the globally interconnected supply chain is hard, and communication is key. Cyber experts are hot on the topic, as managing risk is exactly what they do. Vulnerabilities and risk is the language that they speak in. They’ve been dealing with supply chain security for years before disruptions at the scale of COVID-19 came about.
Cross-sector collaboration with a strong focus on communication across hierarchical levels is at the very core of the cybersecurity function. If Biden hopes to see his supply chain initiative reign triumphant, his administration must ensure that efforts are coordinated across agencies, public entities, and the private sector industry. The administration must also carefully consider the potential impact of increased regulation that should be put in place following the year-long project ─ it could make or break the initiative across various sectors.
According to O’Reilly:
“The best choice is to rely on standards, measurement, and cross-industry collaboration to make this happen. Other supply chain standards, such as the (CMMC), can serve as models for a data-driven approach.
Without these considerations, we risk a lot of duplicative time, effort, and analysis, only to fail to mitigate cyber-risks and possibly result in yet another supply chain attack. We hope stakeholders will engage the information security community to bolster this project. Leveraging existing analysis by the information security community will matter to its success.”
Adapting To The Unknown
The fact of the matter is, when it comes to the US supply chain, we mostly haven’t got a clue. It’s a massively interconnected network that represents an ecosystem ─ one with risks coming from all angles and multiple points of failure. It’d be almost impossible to figure out all of the potential risks, as Biden’s initiative intends, so, according to O’Reilly, it’d be beneficial to focus not on sniffing out every single supply chain vulnerability but on advanced persistent threat (APT) incentives:
- What are the low-hanging targets?
- What do criminals want?
- What are they capable of?
“Doing some scenario modelling and talking in probabilities could lead to more informed decisions regarding mitigating risk. NIST 800-30 and the are examples of risk-quantification methods that aim to translate cybersecurity risk into dollars and cents. Understanding supply chain risk requires measurement, strong governance, input from security experts, information sharing, and advances in cyber and IT risk-management software. Instead of logging an APT's activity, start getting a fact pattern about where they may be going”, O’Reilly adds.
So the final point to the Biden administration and organisations that are working on is clear: cybersecurity professionals have an advantage over their peers because they already live to standardise data; they view risk through a lense of complexity and costliness of failure, and if the two parties can collaborate effectively, there’s a chance that security professionals can finally understand the full extent of the supply chain ecosystem and, with any luck, secure it from future attacks.