• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile

  • CORONAVIRUS
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • REGIONS
    • Asia Pacific
    • Canada
    • China
    • Europe
    • Latin America
    • Middle East/Africa
    • North America
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Blogs » Think Tank » How a Fighter Pilot’s Experience Can Help Boost Supply-Chain Cybersecurity

Think Tank
Think Tank RSS FeedRSS

Sourcing/Procurement/SRM / Supply Chain Planning & Optimization / Supply Chain Visibility / Business Strategy Alignment / Quality & Metrics / Regulation & Compliance / Supply Chain Security & Risk Mgmt

How a Fighter Pilot’s Experience Can Help Boost Supply-Chain Cybersecurity

How a Fighter Pilot’s Experience Can Help Boost Supply-Chain Cybersecurity
December 3, 2018
Robert J. Bowman, SupplyChainBrain

Who knew that a battle strategy devised for fighter pilots could be repurposed to protect supply chains from cyber threats and other security risks?

John Boyd was a U.S. Air Force fighter pilot and military theorist who greatly influenced the development of both aircraft and battle tactics. He is best known today for formulating the OODA Loop, a decision cycle that draws on human thought processes to fashion a system for responding to a given situation — in its original incarnation, an attack by an enemy pilot.

Standing for Observe, Orient, Decide and Act, the OODA Loop has since been applied to business, medicine, law enforcement, litigation and any number of other instances in which one confronts an antagonist or uncertain scenario.

Now, the OODA Loop is being touted as an approach to mitigating supply-chain risk, especially cyber threats.

The idea can be found in “Innovations in Third Party Continuous Monitoring,” a white paper by the Shared Assessments Program, a consortium for third-party risk management.

According to Shared Assessments, third-party involvement was the leading factor behind an increase in the cost of a data breach in 2017. (Such incursions can come from unexpected directions; recall the theft of payment-card data from Target Corp. in November of 2013, affecting some 110 million customers, where the point of access was an air-conditioning contractor.)

It’s no surprise, therefore, that cybersecurity experts should view their mission in military terms, and draw on the wisdom of a former fighter pilot. One of Boyd’s earliest applications of OODA Loop principles came out of the Korean War, leading to the conclusion that American planes were besting the enemy because their bubble-shaped canopies afforded pilots a wider field of view, enabling them to make decisions more quickly.

Obviously, the stakes are much lower when the OODA Loop is applied to the world of business. But the growing cost of cyber breaches, including reputational damage and lost customers, is high enough to justify its use by risk managers.

At first glance, the routine set forth by Boyd might seem blindingly obvious. “Humans use that process every day. They make lots of observations, such as when they’re crossing the street,” says Bob Maley, consultant and senior leader of information security with The Santa Fe Group. It acts as managing agent of the Shared Assessments Program.

Upon closer examination, however, the OODA Loop can be of value in helping companies formulate strategies for minimizing and avoiding supply-chain risks. It allows organizations to “improve situational awareness, increase risk management program ROI, and reduce compliance costs,” according to the Shared Assessments Program.

More specifically, the group says, the routine can help a company to devise plans in line with its “risk appetite,” prioritize the use of experts who can recognize and act against threats, and draw up a corporate “playbook” for response by less-experienced individuals.

Third-party oversight is more than a case of vetting partners at the beginning of a relationship, notes Charlie Miller, senior vice president with The Santa Fe Group. It incorporates onboarding, contracting and ongoing monitoring. “You want to make sure that you have controls protecting the critical assets of the outsourcer,” he says.

The notion of continuous monitoring, including a system of alerts in the event of a threat or actual breach, “was nascent two years ago,” adds Miller. “But it’s becoming more robust as we go forward.”

Cybersecurity experts tend to be overly tactical in their approach, says Maley. That orientation can lead to a series of “point-in-time” responses that fail to achieve a broader picture of cyber threats. (For risk managers, perhaps, a metaphorical “bubble canopy.”)

“The OODA Loop process helps open peoples’ minds to understanding that tactical solutions are just feeding into an overarching strategy,” Maley says.

For example, third-party risk management often confronts a series of business “siloes,” whereby various functions inside and outside the organization fail to communicate on a regular basis. As a result, multiple units might not all be using the same group of preferred (and properly vetted) suppliers.

In applying the principles of the OODA Loop, companies collect observations from all parts of the supply chain. Take the use of call centers, for which many companies rely on multiple service providers. Do they fully understand the kinds of customer data to which those vendors have access? Have they envisioned the fallout if one of those centers becomes compromised? (At that point, risk managers are moving from “observe” to “orient.”)

That’s valuable guidance for any company, but is it necessary to evoke a buzzterm like “OODA Loop” to describe a model of thinking and reacting that’s just part of human nature?

“People for centuries have been using this decision-making process without knowing it’s called the OODA Loop,” acknowledges Maley. Still, applying a term that emerged from the experience of combat to the everyday business world can help to impress executives with the urgency of shoring up their cybersecurity programs. And it can serve as a path forward for rapid action in the face of a threat.

“The intention is to give those on the ground who are observing the risk the tools and playbooks that can help them make decisions without having to engage the entire governance structure,” explains Miller. “To the extent that decisions and actions are becoming integrated into their playbooks, mindsets and quickness to respond, that’s the benefit.”

RELATED CONTENT

RELATED VIDEOS

Wake up to live
“Supply Chains in Crisis”
updates and the latest Supply Chain News!

Subscribe to our Daily Newsletter

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • 0620_NFT.png

    Can NFTs Be an Effective Tool for Supply Chain Visibility?

    Technology
  • The Craft Beer Boom: How to Satisfy Changing Consumer Tastes

    Shortages of Beer, Popcorn Join Supply Chain Crisis

    Global Supply Chain Management
  • FedEx

    FedEx Faces Big Changes as New Boss Confronts Higher Costs, Angry Contractors

    Last Mile Delivery
  • 0621_Burrito.png

    Chipotle Zeroes in on Supply Chain Traceability and Visibility

    Sourcing/Procurement/SRM
  • cyber crime

    The Cyber Blind Spot That Makes Every Supply Chain Vulnerable

    Regulation & Compliance

Digital Edition

Scb may 2022 sm

2022 Supply Chain ESG Guide

VIEW THE LATEST ISSUE

Case Studies

  • 3PL Doubles Productivity With Robots to Fulfill Medical Supply Orders

  • E-Commerce Company Cuts Order Fulfillment Time by 40%

  • Fashion Retailer Halves Fulfillment Time With Omichannel Automation

  • Distributor Scales Business by Integrating Warehouse Automaton Software

  • Fast-Growing Fashion Brand Scales E-Commerce Fulfillment With Whiplash

Visit Our Sponsors

Yang Ming Alithya Barcoding
Blue Yonder BNSF Logistics Generix
GEP GreyOrange Here
Honeywell Intelligrated IFM Inmar
Keelvar Kinaxis Korber
Liberty SBF Locus Robotics Logility
Lucas Systems Nvidia Old Dominion
ORTEC Parsyl QIMA
Redwood Logistics Saddle Creek Logistics Schneider Dedicated
Setlog Holding AG Ship4WD Shipwell
Tecsys TGW Systems Thomson Reuters
Tive Trailer Bridge Vecna Robotics
Verity
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2022 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing