SUPPLY CHAIN Dr. Mike Lloyd
tcly / Shutterstock.com
Dr. Lloyd has more than twenty-five years of experience in the modeling and control of fast-moving, complex systems. He has been granted twenty-one patents on security, network assessment, and dynamic network control. Before joining RedSeal, he was chief technology officer at RouteScience Technologies (acquired by Avaya), where he pioneered self-optimizing networks. Dr. Lloyd holds a degree in mathematics from Trinity College, Dublin, Ireland, and a PhD in stochastic epidemic modeling from Heriot-Watt University, Edinburgh, Scotland.
Securing the Supply Chain against Cyber Disruption S
Just like a physical chain, a supply chain is only as strong as its weakest link. Today’s issues are about networks of interdependence. We extract major economic benefits from modern supply chains, because each organization can focus on its core mission or specialty.
upply chains have existed as long as we’ve had commerce. We have proof of extensive supply networks even three-and-a-half thousand years ago with the discovery of a late Bronze Age Uluburun shipwreck. The rise of the internet started a revolution in these time-honored structures, bringing rapid change through improved communication. This produced major benefits—supply chains often became shallower but wider, with increased specialization and more participants in the global exchange. Many of these changes improved efficiency, agility, and for those skilled at adapting, presented new ways to outpace competitors. This all sounds great, but from a security perspective, it also created serious new headaches. Supply chains have become complex and fragile, and prone to disruption from cyberattacks. Just like a physical chain, a supply chain is only as strong as its weakest link. Today’s issues are about networks of interdependence. We extract major economic benefits from modern supply chains, because each organization can focus on its core mission or specialty. This narrowing November–December 2021
of focus is very effective, allowing each organization to be the best at whatever it does—making widgets, transporting them, or adding value by assembling parts made by other specialists. But this same narrowing of focus on just one aspect of a system means the system as a whole becomes fragile. For example, the person responsible for a large ship can do an amazing job protecting the assembled vessel and the dockyard,
large system built out of components is only as strong as the security of the weakest component supplier.
Security Costs Money Therefore, it’s not enough to allow suppliers to compete for price or customer satisfaction. Security costs money. If we just procure everything from the lowest bidder, we will get the (lack of) security we’re paying for. Security is like quality—you can’t just assume that a supplier
We extract major economic benefits from modern supply chains, because each organization can focus on its core mission or specialty. This narrowing of focus is very effective, allowing each organization to be the best at whatever it does, but this same narrowing of focus means the system as a whole becomes fragile. but the ship is composed of uncountable parts made elsewhere, under the control of other organizations. If an attacker can’t easily compromise the final ship, they can focus up the chain, compromising components that become part of the ship. This analogy plays out for other applications too—any
| 68 |
LossPreventionMedia.com
delivering a good outcome today will do so tomorrow. The supply chain has had to face the challenge of repeatable quality through standards and audits. Organizations establish baselines of what it takes to make a quality, reliable product, then build their supply chains around those who can meet the
