When we think of wars in recent American history, the World Wars come to mind, the Korean War, the Vietnam War, the Gulf War. Each subsequent conflict resulted in fewer and fewer deaths. The logical conclusion must be that the human race is getting more peaceful and civil with time, right? If direct human casualties is your only measure, then yes, perhaps we have evolved. You may also want to consider that as the toll of traditional wars has declined, silent wars have steadily grown in sophistication and impact. Historians generally recognize that the Cold War began in the aftermath of World War II and eventually ran its course around the time of the fall of the Berlin Wall in 1989. But it’s far from over. We are in a Second Cold War now. With the rise of the internet, connectivity, and global supply chains, the stakes have gotten extremely high. And with hacks, breaches, and misinformation being spread each and every day, though it’s difficult to directly tie a great many casualties to this war, make no mistake that our systems — and your global supply chain — is under constant threat every day.
Where do we begin in securing the supply chain? First, we recognize that attacks often take advantage of the sophisticated, disparate systems that come together to form the supply chain. It’s difficult to maintain airtight security throughout a system is composed of a myriad of outside partners and third-party vendors. The supply chain often relies on an honor code that all participants do their best to secure their cog in the clockwork. However, as cliché as it sounds, the chain of trust is only as strong as its weakest link. Set in a global network that includes partners from many countries with varying laws and regulations makes it nearly impossible to regulate adequately.
Vulnerabilities in hardware are particularly concerning. Though it’s far more difficult to pull off a hardware attack, the upside is extremely attractive for perpetrators if they can manage it. Through interdiction and seeding, attackers can infiltrate and modify hardware in such a way that is extremely difficult to detect or fix. Interdiction is the method in which hardware is intercepted en route to its destination, modified, then sent back on its way without detection. Even more insidious, seeding attacks occur right on the factory floor.
No matter how perpetrators gain access to hardware, if they are successful, it’s nearly impossible to detect. Implants can exist at the microchip level and firmware manipulation could easily seem legitimate since firmware, after all, is by nature an applied change to core functionality. In either case, only certain components are likely to be infected, rather than whole swathes of hardware further complicating your ability to pinpoint the culprit.
Between the CRMs, ERPs, MESes, MOMs, and the rest of the alphabet soup of acronyms, there may be a good deal of sophisticated yet disparate software systems at play in your supply chain. Data is likely flowing in many different directions from those same outside partners and third-party vendors we mentioned before. Similar to how hardware is susceptible to a firmware breach, so too are software systems vulnerable to automatic software updates. If hackers gain access to the servers over which an IT department distributes software updates company-wide, real files can get replaced with malware, which is then propagated throughout the entire tech stack.
Hackers also use social engineering to trick well-intentioned users into giving up login credentials or other sensitive information. Once the systems within your supply chain are infiltrated and compromised, attackers can inject malicious code into software that is, once again, extremely difficult to detect.
Demand Auditable Security Measures From Your Vendors
With so many hard-to-detect vulnerabilities and disparate systems at play throughout an expansive supply chain, where do you begin to bolster your security? Standards such as ISO 9001, SOC 2, and CMM provide some cover, but can be expensive. At the end of the day, companies must demand more of their vendor partners. Don’t give in to the temptation of short-term costs savings at the expense of the long-term damage wrought on by porous security. Vet your software vendors by mandating they provide demonstrable proof that they have integrated a security framework and are fully compliant.
Keep in mind that 16 percent of all breaches are attributed to vulnerabilities in third-party software and only 14 percent of risk-management professionals are highly confident that their vendors are meeting their security requirements. Indeed, demanding proof from your vendors that they champion security — and cutting out ones that can’t — is the best way to ensure the weakest link in your supply chain isn’t going to cost you billions of dollars in disrupted operations.
ThinkIQ’s cloud-based intelligent supply chain platform gathers and contextualizes data from disparate data silos with great care and security. We utilize OPC, SQL, and SFTP protocols to ensure a highly secure flow of data throughout your entire supply chain. To learn more about how the data security ThinkIQ provides has led to partnerships with General Mills, McCain, Corning, and Mars, contact one of our friendly experts today. You can also start by downloading our eBook titled "Advanced Material Traceability Revolutionizes Digital Transformation"