Threats to supply chain security are everywhere these days. But the best weapon for dealing with them consists of data that’s readily at hand.

Open-source intelligence, or OSINT — consisting of insights that draw on public data sources such as websites, social media, television and radio — offers a treasure trove of information that makes possible real-time risk detection in critical supply chains.

OSINT is of particular value in situations involving “contested” logistics environments — “where an adversary or enemy engages in any kind of activity that tries to deny, disrupt or defeat logistics,” notes Jason English, vice president of enterprise business development with Babel Street, provider of a data-analytics platform for threat intelligence.

English’s experience in supply chain security includes more than 26 years as a naval intelligence officer. He views OSINT as “a critical-force multiplier” for anticipating and fending off cyberattacks. “It has the ability to leverage the power of public and commercial domain information to provide timely, relevant and globally sourced situational awareness without reliance on classified operations,” he says.

OSINT even includes insights gleaned from the “dark web” — essentially, anything that doesn’t reside behind the wall of privacy erected by the intelligence community.

When it comes to shoring up supply chains against external threats, however, the challenge isn’t a lack of publicly available information — it’s too much of it. The so-called “democratization” of data in the internet age cries out for a means of making sense of it all. Often, says English, “you’ve got to find a needle in a haystack.”

That said, the universe of potential disruptions these days is so vast that businesses struggle just to understand where the biggest threats lie. In addition to cyberattacks, there are natural disasters, pandemics and issues of regulatory compliance to consider. But to get the most out of a cybersecurity initiative, English advises that companies focus their attention on suppliers and vendors — “the heartbeat of the supply chain.”

That, of course, is more easily said than done. The typical supply base consists of a complex web of relationships and multiple tiers of production, which become progressively less visible as it approaches the raw-materials stage. Often that huge network includes parties with some degree of foreign ownership or control. And always lurking in the background is the possible presence of a hostile entity, whether government-controlled or independent criminal actor.

Moving up through the subtiers of suppliers, companies find the commitment to cybersecurity compliance becoming increasingly tough to enforce. Yet the threat to the entire network is no less dire at any stage. The failure of a single link in the chain, no matter how small, is enough to bring a sophisticated production line to a halt. (That reality was underscored by China’s recent threat to cut off western access to rare earth minerals, a market in which it enjoys a near-monopoly.)

During his time in the military, English personally witnessed the vulnerabilities that lie within a multi-tier supply chain. He considers the consequent level of risk “the soft underbelly of any war-fighting organization — and you can apply that outside DOD to the public domain and commercial space.” Hence the saying by military planners that “amateurs talk strategy; professionals study logistics.”

Any modern-day setting involving massive amounts of data inevitably gives rise to talk of artificial intelligence. It’s able to analyze information at a scale that can’t be matched by humans or legacy information systems. English says AI is proving its mettle at risk mitigation and detection is three ways: speed, scope of coverage and relevance. The first is manifested in the ability to issue real-time alerts. The second makes possible the monitoring of global activity from all public signals. And the third separates the “noise” from what’s truly important to supply chain security.

AI and natural language processing can survey an entire ecosystem of vendors and map out hidden dependencies and relationships, equipping businesses with “the ability to surface those risks,” English says. AI, he adds, is especially good at anomaly detection — sussing out patterns and trends and bringing hidden threats to the fore.

Finally, through its ability to sift through so much publicly available data, AI can engage in predictive modeling, allowing human decision-makers “to prioritize information and make smart decisions faster with higher confidence,” he says.

AI is, of course, something of a two-edged sword — it can be wielded by cyberthieves as well as those determined to stop them. But “even as adversaries leverage those capabilities, there’s AI out there that can detect them,” English says. “It’s constantly evolving.”