Supply Chain Security from a Systems Perspective

The term supply chain describes a choreographed process resulting in goods being manufactured and transported from the point of origin to their final destination. Global supply chains can involve many actors that include raw materials suppliers, manufacturers of the finished goods, packaging suppliers, logistics management firms, consolidators, truckers, railroads, air carriers, marine terminal operators, ocean carriers, cargo/mode/customs agents, financial and information services, large/small retailers and the end consumers of the goods.

Global supply chains are highly vulnerable since they consist of many different actors, which handle large quantities of goods and information. A great deal of focus is placed upon assessing and mitigating risks associated with physical vulnerabilities such as piracy, counterfeiting, strikes, terrorism, weather-related disruptions and more.

However, supply chains are equally vulnerable to disruptions in the information flows that control virtually every aspect of the physical flow of goods. Successful execution of supply chain processes thereby requires a communications infrastructure securely bridging three fundamental barriers—a cross-geographic, inter-enterprise and cross-systems—inherent to all modern supply chains.

Due to the networked nature of supply chains, they present unique challenges from the perspective of information security, which include the following:

  • Securing user access: Sensitive information processed outside an enterprise brings with it an inherent level of risk, because outsourced services bypass the system of internal controls enforced within each enterprise’s boundaries. As a result, the communications infrastructure must be looked to for harmonization and enforcement of security policies crossing multiple actors and users with widely different roles.
  • Information location: In complex supply chains critical data is likely to be hosted in multiple locations. This is made even more likely as cloud-based computing infrastructures and extranets are increasingly employed. Again, the communications infrastructure must be able to enforce security policies across all geographies, enterprises and systems.
  • Data segregation and confidentiality: Supply chain data is typically managed within shared environments alongside data of other partners, customers and competitors. As a result, encryption methods are typically employed to insure confidentiality. However, as supply chains involve numerous actors that vary widely in terms of technological sophistication, security standards, risks, etc., the ability to utilize encryption methodologies across all critical data stores can be challenging. This again becomes an area where the communications provider is looked to for providing end-to-end encryption services.
  • Resilience/Recovery: As supply chain information is spread across multiple actors, any system design that does not replicate the data and application infrastructure across multiple sites is vulnerable to system-wide failure. Network-based cloud computing platforms provide a means whereby information may be backed up and restored across critical partners.
  • Agility: The systems infrastructure supporting supply chain functions must be sufficiently agile to the dynamics of the industry.  The supply chain partner of choice is often selected based upon their ability to quickly accommodate change and their ease of integration with other actors.

These challenges are best overcome by the communications provider, as they all involve executing security and control functions that must be executed across multiple geographies, enterprises and systems. Accordingly, as global supply chains become more geographically stretched and involve more specialized partners, they are also becoming more network dependent.

James E. deMin is Senior Consultant at BT.