In late 2007, it was discovered that numerous counterfeit network devices had been purchased and installed across branches of the US critical infrastructure, including the Air Force, Marine Corps, Federal Bureau of Investigation and the Federal Aviation Administration. These counterfeit products had hardware embedded into the systems which enabled unauthorized access through an unknown communication channel known as a “back door.”
Even though most of the devices were purchased by established, reputable manufacturers, these counterfeit products managed to exploit a weakness in the supply chain process which allowed the consumers to purchase and install the devices themselves. As a result, potentially malicious actors were able to find their way directly into the operation and pose a significant risk to critical national infrastructure.
Once this risk was identified, the US Government began requiring their supply vendors to be vetted, improving the supplier and partner assessment process and ensuring that future network assets were provided by suppliers which had certified their supply chains to provide more awareness.
Identifying and highlighting these various layers of the supply chain is critical to reducing risks. Clarifying ownership and establishing clear and open communication will help to capture and improve supply chains when potential new issues are identified.
Knowing your supply chain and its level of risk
To help understand what changes we need to improve in supply chain security, it is important to first establish a clear definition of what a supply chain is. Simply put, it is a sequence of processes that are involved in the production and distribution of any commodity.
However, with the complexity and integral nature of supply chains in the modern world, a more detailed definition is required. Leading supply chain platform provider Blume Global defines it as “a connected system of organizations, activities, information and resources designed to source, produce and move goods from origination to a final destination.”
Further still, a digital supply chain incorporates technology into every facet of the supply chain, such as cloud computing for data processing and storage, or autonomous vehicles for transport and manufacturing. Whether it’s shipping of raw material to manufacturing facilities, distributing goods or services to a consumer, developing of computer source code or purifying silicon for electrical components within every mobile phone around the world, we are all impacted by a complex series of supply chains.
It is sometimes very easy to oversimplify the intricacies of the many supply chains needed simply to put a mobile phone in your hand. However, every stage of a given supply chain carries a level of risk. Counterfeit products from a vendor, software distributed with embedded spyware, unauthorized access to data and restricted facilities are just a few examples of what can go wrong. Companies must consider how supply chains impact their business and continuously review the steps they have taken to secure them.
The 4 best ways to improve Supply Chain security
So, what can we expect in the future of supply chain security, and how can we work to reduce our risk exposure? Here are four key things you can do to secure your supply chain:
Ensure open communication and participation in continuously improving and securing the supply chain process. Clear ownership and communication will help you identify supply chain risks faster.
Establish supply chain governance to ensure a continuously updated picture of your company’s exposure to risk and highlight the many supply chains that impact it. This allows for a deeper analysis of the impacts and potential risks, which are difficult to mitigate if the environment isn’t fully acknowledged
Make sure authorized vendor management reviews are conducted to ensure that certified suppliers continuously and regularly review their own supply chains to certify their product or service.
Integrate security standards into your operations, products and processes to ensure high levels of protection and confidentiality. Invest in tools that help you monitor your supply chains better to improve the integrity and authenticity of the products or services you send and receive. At times, supply chains may be completely overlooked without realizing the risk or impact they have on company operations.
Even though you have supply chain governance in place, it is important to stay vigilant. In August of this year, it was discovered that the CEO of a supply company sold counterfeit products worth more than $1 billion. So, the issue remains and the operative principle should be “never trust, always verify.”
As we innovate and cooperate with supply chains across the world, participating in organizations like the Charter of Trust can ensure a broader understanding of the impact that supply chains have on our everyday lives. By continuously adopting security best practices by default, we can better identify, reduce and mitigate our exposure to supply chain threats.
About the author
Group Security Officer – Architecture and Design
Michael has worked in IT and Cybersecurity for over 30 years across multiple industries, including government, finance, telecommunications, and managed services. Started out programming on his first TRS-80 and Tandy 2000 to watching the industry explore and expand into quantum computing. Throughout the years Michael has enjoyed working with many talented peers to help push the field of Information Technology to new heights.