In case you didn't know: April is National Supply Chain Integrity Month.
The Cybersecurity & Infrastructure Security Agency (CISA) partnered with the Office of the Director of National Intelligence National Counterintelligence and Security Center (NCSC), Office of the National Cyber Director (ONCD), the Department of Defense (DoD) and others to cultivate this movement, with 2023 marking it's 6th annual event. This year's theme centers around supply chain risk management as a call to action for stakeholders to apply these management practices that secure critical supply chains in the U.S.
"The past few years have taught us how disruptive events can have cascading supply chain impacts on American businesses and the public,” says Mona Harrington, assistant director for the National Risk Management Center at CISA. “As organizations introduce technology into their operations, they must take a comprehensive approach in their strategy for supply chain resilience, which includes being smart about their procurement process, knowing who makes up their extended supply chains and applying basic cyber hygiene. Government and industry must work together to shift from a reactive to a proactive approach for supply chain risk management.”
Today, the supply chain seems to sit closer to disruption than ever before. Keeping it close, and becoming familiar with risks, is key in this industry to create strategy for proactive practices ready to take on issues as they arise and keep progress moving at a forward trajectory. According to Ian Schmertzler, CFO at Dispel, cybersecurity technology is at the forefront of this plan-of-action, offering proof of identity, proof of origin, proof of custody continuity, transaction validation, position data and consumption data, to name a few.
“We live in a cyber physical world," says Schmertzler.
One that's only becoming increasingly more nuances as technological capabilities compound on themselves to provide more knowledge at a faster rate. For example, I recently explored ChatGPT and learned how quickly, and easily, the AI can render information in a useful way to formulate things as complicated as quantum physics, or as creative as crafting a social media post. And what are two main risks AI brings about? Proof of identity and ownership that can affect everyone — supply chains included.
Continuous monitoring requires an approach that harnesses supply chain data to uncover risks in business relationships at every level— from customer to investor. According to Munish Walther-Puri, senior director of critical infrastructure at Exiger, "none of this is possible to do at scale without technology, which can be used to automate decision framing around cyber supply chain risk, illuminate n-tier supplier visibility, leverage machine learning algorithms to analyze supply chain data or model exposure reduction from certain controls and security measures. Developing resilience means allocating resources (personnel, effort, money, attention, data, etc.), to risk management and response planning." And given the current state of the world, where networks are breaking down for financial institutions, energy service providers, government agencies, etc. it's clear that the risks are not an if but a when, that organizations must prioritize.
"If integrity means preventing someone from stealing or inserting false components, then the aforementioned areas are the ones where cyber has a part to play," says Schmertzler. "If you are rock-solid confident in your inventory system’s cybersecurity, for example, and you cannot reconcile your count, then that’s a pretty good sign someone took or lost something. We can extend this though: goods are increasingly cyber physical in nature. So, defenses facing outward now need to also protect the components themselves.”
We know the power of data and every supply chain imaginable is now utilizing it in one form or another. When being mindful of integrity and using that data to, not only hold yourself accountable but also keep your processes safe, paying attention to the patterns is a step in the right direction. "“What you are looking for are deviations from a pre-existing pattern. If you see that, the next sensible question is “why?", says Schmertzler.
Let that "why" be a guide towards awareness in supply chain visibility that mitigates risks for all parties. If you're not asking "why" it might be time to start, in order to find honorable practice in your supply chain and offer honorable service to the people around you.