Supply Chain Cyber Risk Management
Cyber security risk is among the most critical risks to the supply chain:
“Cyber and data privacy breaches are perceived to be the largest threat to the stability of transport and logistics, with the sector facing potential breaches of $2 trillion by 2019.”[i]
The reality of a cyber-crime is not if, but when, and how damaging it will be. The inevitability of a cyber-attack has forced end-product manufacturers to reassess every element of the end-product manufacturer from product design, outsourcing, and servicing the product.
Cyber security risks will increase exponentially over the next five years. The challenge is that most products have some type of software. So more often, suppliers are providing critical products with embedded software that has not been sufficiently quality controlled. Huge problem. Counterfeit components, malicious software, or hacktivists can disrupt the supply chain or at a minimum degrade functionality. Just look at susceptible technology in today’s automobile: automatic collision avoidance, lane-keeping assistance, adaptive cruise control, distance maintenance, front-car collision-avoidance systems, and 3600cameras.
Hacker Attach Risk
Hackers can be hacktivists or nation states. Hackers more often are exploiting the digital supply chain to add malware or malicious code that hides in the software company’s core software, installation, or patches. As a result of the Internet of Things (IoT), more hard products have built-in software that are Internet accessible. Supply chain, cyber-attacks focus on these soft targets such as smart refrigerators that are breachable with relatively little effort. As well, the benefits of hacking compared to the amount of effort are high. A hacker can hijack final-customer personal information, core Intellectual Property, financial information, and other core assets relatively easily.
High profile hacker attacks also have become common, just look at Equifax, Securities and Exchange Commission, Deloitte, and many others. This is the new normal for governments and end-product manufacturers. Most importantly, these attacks have unimagined consequences. Aside from losing invaluable information due to the breach, now executive management heads are beginning to roll. The Chief Information Security Officer and even the Chief Executive Officer may be fired.
Breaches can to have organizational consequences. The perception is that if senior executives cannot control the organization’s most valuable assets, such as Intellectual Property, then does the business know what it is doing. Investors pay attention to their investments and want to know that they are secure.
That is why internal and third-party cyber security have become paramount issues with end-product manufacturers and government.
[i] ‘How Easy Is It for Criminals to Find the Weakest Link in Your Digital Supply Chain’, The Loadstar, April 10, 2016.
Greg Hutchins is the principal engineer with Quality Plus Engineering. He is the author of more than 20 books as well as the recently published Supply Chain Risk Management.
Greg is also the founder of:
And other start ups. He can can be reached at GregH@QualityPlusEngineering.com or 503.233.1012