• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
    • Webinar Library
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Blogs » Think Tank » Can U.S. Supply Chains Be Saved From Cyberattacks?

Think Tank
Think Tank RSS FeedRSS

Can U.S. Supply Chains Be Saved From Cyberattacks?

Cybersecurity
Photo: Bloomberg
April 21, 2021
Padraic O'Reilly, SCB Contributor

In February, President Joe Biden signed Executive Order 14017, calling for a comprehensive review of critical U.S. supply chains. The action was in response to shortages of medical supplies such as personal protective equipment (PPE) for front-line healthcare workers during the height of the COVID-19 pandemic. Other needs identified by the order included semiconductor chips for the automotive industry and other high-tech applications.

These issues hinder Americans’ ability to obtain essential products, and create instability for workers in affected industries. The goal of the new order, according to the White House, is to proactively address such issues before they recur.

“While we cannot predict what crisis will hit us, we should have the capacity to respond quickly in the face of challenges,” the White House said. “The United States must ensure that production shortages, trade disruptions, natural disasters, and potential actions by foreign competitors and adversaries never leave the United States vulnerable again.”

The President’s campaign made it clear that his Administration is committed to addressing supply-chain risks comprehensively. But will the initiative succeed?

From a security standpoint, there are a number of issues that the Administration should consider. Failure to do so will result in duplicative time and effort, wasting resources while failing to mitigate cyber risks that could result in another supply-chain attack.

The first step to ensuring the security of U.S. supply chains is to identify their vulnerabilities and risks. Biden’s executive order focuses on six sectors: the defense industrial base, public health, information technology and communications, power and energy, transportation, and agriculture.

The reliance of supply chains on digital products and services has created serious vulnerabilities, making cybersecurity an essential part of the review. The fear that a nation-state actor could decide to hold up the supply chain via cybercrime is real. Section 4.4 of the executive order makes it clear that cyber risk management is a key concern and area of focus. Within a year, reports must be submitted covering the current state of supply chains’ reliance on competitor nations. How the government engages the information-security community for this purpose will make or break the initiative across all sectors.

Ensuring Results in One Year

The undertaking covers a lot of territory for a single-year timeframe. It’s critical that the information security and technology community, drawing on lessons from the past year, provide input to the parties that are driving the initiative. The efforts of industry groups such as information sharing and analysis centers (ISACs) and the IT Sector Coordinating Council (ITSCC) will be core to success. In addition, there’s a mountain of data and analytics coming out of the big four consulting firms on which risks to prioritize when dealing with third parties.

The U.S. Department of Defense should play a key role in helping the initiative to roll out seamlessly. A comparable effort being overseen by DOD is the Cybersecurity Maturity Model Certification (CMMC), requiring suppliers of government-contracted materials to meet specific standards. One key piece of advice, based on public and private reaction to the CMMC thus far, is to avoid as much as possible mixing contract award and review processes. Sector industry leaders and government agencies should work together to decide on a simple yet effective standard for cyber across the various supply chains simply.

The Importance of Standardization

Creating the right partnerships and obtaining input from information security experts is one thing, but ensuring increased cybersecurity maturity across U.S. supply chains is quite another. Communication is the one element that can make or break new requirements when rolled out to an ecosystem this large. It’s driven by measurement, with results standardized across groups regardless of their level of cybersecurity maturity. Standards such as the NIST CSF Supply Chain Risk Management subcategory or previously mentioned CMMC are great tools for making requirements clear, and implementing them effectively across supply chains. The cyber-assessment methodologies under NIST CSF are especially valuable in providing context for suppliers with little knowledge of information security.

When it comes to measurement, gaming out all of the potential risks in U.S. supply chains is impossible, given the complexity of global supply-chain ecosystems. It’s nevertheless valuable to identify scenarios that examine various potential points of failure. Leveraging existing risk-quantification methodologies in creative ways is key to achieving true resilience. It’s essential that companies understand supply-chain risk as a means of achieving good governance, drawing on input from security teams, data and information sharing, and advances in risk-management software.

One can only hope that Biden’s supply-chain initiative will take advantage of existing data from past events, and predictive analyses about the future. Can the entire supply chain be benchmarked, and all vulnerabilities be identified in a single year? And can we mitigate the severe cyber risk in U.S. supply chains? That remains to be seen.

Padraic O'Reilly is co-founder and chief product officer of CyberSaint.

Sourcing/Procurement/SRM Supply Chain Visibility Global Supply Chain Management Quality & Metrics Regulation & Compliance Supply Chain Security & Risk Mgmt Aerospace & Defense Chemicals & Energy High-Tech/Electronics Pharmaceutical/Biotech

RELATED CONTENT

RELATED VIDEOS

Subscribe to our Daily Newsletter!

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • DOCUMENTS BEARING THE INSIGNIA OF US CUSTOMS AND BORDER PROTECTION LIE ON A TABLE

    New CBP Regs Call for Greater Diligence by Brokers in Reporting Security Breaches

    Freight Forwarding/Customs Brokerage
  • A WORKER IN A WAREHOUSE, SUPERIMPOSED WITH GRAPHICS SHOWING SUPPLY NETWORK

    Enabling Intelligent Visibility With Supply Chain Analytics

    Data Management (Big Data/IoT/Blockchain)
  • A HAND TURNS A LARGE, LIGHTED DIAL WITH THE WORD RISK ON IT iStock-NicoElNino-1364371014.jpg

    Measuring KPIs and KRIs for Comprehensive Supplier Performance Management

    Technology
  • GSCMS-Promo.png

    Watch: Introducing the Global Supply Chain Marketing Summit

    Education & Professional Development
  • DEEPLY CRACKED EARTH UNDER A BLUE CLOUDY SKY

    Why Maritime Supply Chains Must Adapt to Sustainability Regulations

    Ocean Transportation

Digital Edition

Scb nov 2022 sm

2022 Supply Chain Innovator of the Year

VIEW THE LATEST ISSUE

Case Studies

  • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

  • Convenience Store Client Maximizes Profit and Improves Customer Service

  • A Digitally Native Footwear Brand Finds Rapid Fulfillment

  • Expanding Apparel Brand Scales Seamlessly with E-Commerce Technology

  • How a Global LSP Scaled its Security Program and Won More Business

Visit Our Sponsors

Orderful Yang Ming Alithya
Barcoding Blue Yonder BNSF Logistics
CoEnterprise Data Capture Deposco
E2open GAINSystems Generix
Geodis GEP GreyOrange
Here Honeywell Intelligrated IFM
Infor Inmar Keelvar
Kinaxis Korber Lean Solutions Group 2H
Liberty SBF Locus Robotics Logility
LogistiVIEW Lucas Systems MCA Connect
MPO Nvidia Old Dominion
OpenText ORTEC Overhaul
Parsyl PMMI QIMA
Redwood Logistics Ryder E-commerce by Whiplash Saddle Creek Logistics
Schneider Dedicated Setlog Holding AG Ship4WD
Shipwell Tecsys TGW Systems
Thomson Reuters Tive Trailer Bridge
Vecna Robotics Verity
Verusen
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing