• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
    • Webinar Library
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Blogs » Think Tank » Cisco’s Five Steps to Effective Third-Party Cybersecurity

Think Tank
Think Tank RSS FeedRSS

Cisco’s Five Steps to Effective Third-Party Cybersecurity

Cybersecurity
Photo: Bloomberg
January 6, 2020
Robert J. Bowman, SupplyChainBrain

It’s hard enough shoring up cybersecurity within the walls of your own business. But doing the same for the army of partners that makes up a global supply chain? That can be next to impossible.

Hardly a week goes by without news of another cyberattack against a major company’s supply chain. And more often than not, the conduit for the incursion is a third party with weak controls.

In modern-day supply chains, a third party can be any entity that sells parts, products, services, support, software — the list goes on. “For me, it comprises anyone other than ourselves who at any point in the stages of the value chain are actually involved in our solutions,” says Edna Conway, chief security officer of global value chain with Cisco Systems, Inc.

Cisco favors the term “value chain” — which any number of companies and consultants have attempted without success to supplant “supply chain” as the general descriptor for the end-to-end journey of product to market — because it suggests a larger universe of independent entities engaged in that effort. But whether or not one embraces corporate buzzspeak, there’s no doubt that the proliferation of partners raises serious issues of cybersecurity. Without adequate systems and procedures in place, any one of them could fall prey to the efforts of bad actors, including rival companies, governments, extortionists and even basement hackers.

Conway offers the following five-step approach to setting up an effective cybersecurity plan for third-party relationships.

1. Know the “who, what and where” of your supply chain. Self-evident though it might seem, many companies don’t have a handle on all of the parties that contribute in some way to the business. That’s especially the case in multi-tier supply chains — and it’s hard to think of a manufactured product today that doesn’t rely on such a structure.

2. Work on ways to communicate effectively with all of those parties. Conway isn’t referring to all of the interactions that cover geopolitical issues or continuity of supply, just those that specifically address issues of security. As such, she describes three main types of threats: manipulation (when information is altered), espionage (both nation-state and industrial), and disruption (involving attempts to shut down the business). She says it can be hard to impress upon a software license developer or third-party cloud-service provider the importance of guarding against all three threats. The same goes for individuals on the factory floor, whose attention might be focused on keeping the line going. “It takes training to make security a part of the everyday thinking of anybody in any role,” Conway says.

3. Develop “flexible and elastic” architecture. Cisco’s approach to supply-chain security encompasses 11 discrete domains that reflect the complexity of its processes. Design, development, delivery and service: each discipline owns relationships with third parties, creating the possibility of countless weak points both within and outside the organization. The strategy accounts for the fact that various areas of production require guidelines that are unique to their operations. “We wrote requirements in a way that you can map them, so that only those that are based on the nature of what you deliver to us apply,” says Conway. “Everybody gets a customized version.”

4. Embed security into everything you do with all third parties. Conway urges companies to ask the question: “Why are we using them, and how are they performing according to our service metrics?” Ironically, back when “Quality” was trumpeted in banners and corporate pep rallies, the concept wasn’t “imbued persuasively” within the organization. When it comes to cybersecurity now, quality isn’t a slogan or discrete function, says Conway — it’s instilled in every process within the supply chain. Cisco assigns points to third parties in line with their demonstrated adherence to quality, and security is a key part of that measure. “We make it mathematically meaningful, so if you’re fantastic as a supplier but horrid at security, you may not remain a preferred supplier,” she says.

5. Everyone must measure. Conway has been pushing hard to measure performance across the organization. “We establish tolerance levels against our own specifications and processes,” she says. “At the end of the day, we’re making security speak the language of business.”

Cisco’s security initiative wasn’t implemented all at once. Conway, who previously served as an outside attorney for the company specializing in intellectual property issues, became its CSO in the early 2000s. Rather than immediately impose a “monolithic architecture” from the start, she took it in stages, beginning with Cisco’s electronic manufacturing systems (EMS) partners, then moving to printed-circuit producers, engineering and the host of channel partners that make up the company’s “value chain.”

In preaching the gospel of cybersecurity, Conway considers it essential to communicate with the executive suite, whose world view is rooted in profit and loss. “I would like to translate my tolerance levels into dollar risk,” she says. “We all need to speak the language of business.”

Technology Sourcing/Procurement/SRM Supply Chain Visibility Supply Chain Security & Risk Mgmt High-Tech/Electronics

RELATED CONTENT

RELATED VIDEOS

Subscribe to our Daily Newsletter!

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • DOCUMENTS BEARING THE INSIGNIA OF US CUSTOMS AND BORDER PROTECTION LIE ON A TABLE

    New CBP Regs Call for Greater Diligence by Brokers in Reporting Security Breaches

    Freight Forwarding/Customs Brokerage
  • A WORKER IN A WAREHOUSE, SUPERIMPOSED WITH GRAPHICS SHOWING SUPPLY NETWORK

    Enabling Intelligent Visibility With Supply Chain Analytics

    Data Management (Big Data/IoT/Blockchain)
  • GSCMS-Promo.png

    Watch: Introducing the Global Supply Chain Marketing Summit

    Education & Professional Development
  • A HAND TURNS A LARGE, LIGHTED DIAL WITH THE WORD RISK ON IT iStock-NicoElNino-1364371014.jpg

    Measuring KPIs and KRIs for Comprehensive Supplier Performance Management

    Technology
  • DEEPLY CRACKED EARTH UNDER A BLUE CLOUDY SKY

    Why Maritime Supply Chains Must Adapt to Sustainability Regulations

    Ocean Transportation

Digital Edition

Scb nov 2022 sm

2022 Supply Chain Innovator of the Year

VIEW THE LATEST ISSUE

Case Studies

  • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

  • Convenience Store Client Maximizes Profit and Improves Customer Service

  • A Digitally Native Footwear Brand Finds Rapid Fulfillment

  • Expanding Apparel Brand Scales Seamlessly with E-Commerce Technology

  • How a Global LSP Scaled its Security Program and Won More Business

Visit Our Sponsors

Orderful Yang Ming Alithya
Barcoding Blue Yonder BNSF Logistics
CoEnterprise Data Capture Deposco
E2open GAINSystems Generix
Geodis GEP GreyOrange
Here Honeywell Intelligrated IFM
Infor Inmar Keelvar
Kinaxis Korber Lean Solutions Group 2H
Liberty SBF Locus Robotics Logility
LogistiVIEW Lucas Systems MCA Connect
MPO Nvidia Old Dominion
OpenText ORTEC Overhaul
Parsyl PMMI QIMA
Redwood Logistics Ryder E-commerce by Whiplash Saddle Creek Logistics
Schneider Dedicated Setlog Holding AG Ship4WD
Shipwell Tecsys TGW Systems
Thomson Reuters Tive Trailer Bridge
Vecna Robotics Verity
Verusen
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing