A discussion about the implications of President Biden’s executive order on the review of critical supply chains with two experts from Kroll Inc.: Daniel Hartnett, associate managing director with the Compliance Risk and Diligence Practice, and Stacy Scott, managing director in the Cyber Risk Practice.
The actual outcome of the Biden executive order will depend on the manufacturing sector in question, says Hartnett. Not all will be directly affected; the order targets a total of 10 supply chains that are considered most critical to U.S. national and economic security.
Within those areas of scrutiny, cyber risk will be a major focus. But the exercise could itself heighten the chances of attack against the communications infrastructure of those industries under study. “When you’re put under the spotlight,” says Scott, “the bad guys are seeing it as well.”
The biggest weakness in manufacturing supply chains to be revealed by the coronavirus pandemic was a lack of visibility into multiple tiers of suppliers, Hartnett says. “It’s not knowing who’s in the end-to-end supply chain, and where they’re located.” Secondly, companies became aware of an excessive concentration of suppliers within particular geographies. A disruption affecting one part of the world therefore ends up having an outsized impact all the way through the supply chain.
Such lack of visibility extends to having inadequate information about the cyber-robustness of sub-tier suppliers, Scott says. That’s made more difficult by the reluctance of suppliers to share sensitive information about their level of security controls. “It’s one more place where information is out there to get into the wrong hands,” she says.
Hartnett says the pandemic and subsequent economic freefall taught supply chains four lessons: the need for better visibility, stronger communications, a proactive approach to risk management, and the importance of prioritizing risk across the organization.
Timely, incisive articles delivered directly to your inbox.