HomeSupply Chain Management and Cybersecurity: Is there a relationship? (Spoiler Alert: COVID-19 = Proof of Concept)
Supply Chain Management and Cybersecurity: Is there a relationship? (Spoiler Alert: COVID-19 = Proof of Concept)
March 12, 2020
The importance of an effective supply chain management cannot be overstated. Simply expressed, it is the process through which companies seek to maximize profit and overall success through the timely provision of goods and services to customers, whom they undoubtedly want to retain as such. The same logic applies to all organizations, regardless if they exist for profit or as a non-profit. In all senses, organizations are expected to provide some form of product or service of value to the customer.
As with any form of management, risk – and the assessment of its degree – is involved. (Seriously, just ask my Actuarial friend. He will confirm it.) Combining the terms, supply chain (+ risk) management, in an enterprise risk management sense, includes the responsibility of ensuring the availability and delivery of services…and in the current, global focus…goods via the internet. Search Amazon for hand sanitizer. To that end, good luck finding anything that will arrive before late April or early May.
The current COVID-19 (Coronavirus) Pandemic unfortunately provides an excellent opportunity to illustrate the importance of both supply chain risk management in IT enterprise management strategic planning. For example, if an organization is in the midst of upgrading its infrastructure, an interruption could affect their ability to complete all required actions and successfully transition and reconnect network users. In the event of a shortage of United Parcel Service (UPS) or Federal Express (FEDEX) support personnel or drivers due to illness, necessary IT equipment like Uninterruptable Power Supplies (UPS) may not arrive on time and delay cutover completion. Residually, this will affect the organization’s ability to install, configure, and put into production the equipment necessary to maintain a positive, profit margin.
This type of scenario is exactly what was foreseen in the President Obama administration’s 2012 National Strategy for Global Supply Chain Security. This strategy acknowledged the importance of the sustainment of the current, global-level system that relies, in part, on “information technology and cyber and energy networks.” The stressing of supply chain risk management is not limited to just this strategy, though. It is also specifically mentioned in the administration’s Comprehensive National Cybersecurity Initiative, which includes an initiative directly focused on the development of a “multi-pronged approach for global security.” Ultimately, through the emphasis placed on the subject by his administration’s Executive Office and the very real pandemic currently sweeping the globe, there should be no doubt of the importance of managing risk, as it applies to supply chain management and, in the IT sense, enterprise management.
Based upon the vernacular and content of President Donald Trump’s, March 12, 2020 address to the nation, it appears the administration is focused more upon allaying “gut instinct” fears than actually acknowledging and addressing second, third, and fourth tier effects of instituting both travel and cargo shipment bans. This is not to say that it is unwise, as it should help to curb the spread of the virus, but the next two questions are nevertheless valid. What happens to small, mid-size, and large companies whose web-based supply chains suffer as a result? Will Small Business Administration (SBA) loans or their internally-identified, risk avoidance measures be enough to stave off insolvency?
Ultimately, the initially offered measures may be effective to a degree, but a seed of doubt remains. Will they effectively address the contagion threat, or will they unintentionally exacerbate the problem, while the Coronavirus continues to spread because of individual obstinance to medical reality? As with so many other times throughout history, critical thinking is key, and we can only hope that the powers that be will be swayed toward objectivity and transparency, rather than the peaceful placation of the masses, through technological persuasion (read: brace yourself for the anti-virus and virus conspiracy Facebook posts). In the meantime, the only, universally sound advice is to embrace every hand sanitization opportunity…and hope for best.
Justin Gehrke is a veteran Cybersecurity consultant. His vision is to help foster a true Culture of Cybersecurity Compliance across public and private IT sectors. In his spare time, he enjoys reading and herding unruly packets.