Other Voices: A new and growing threat for supply chains

While many companies focus on preventing theft across the supply chain, McAfee's chief supply chain officer says cyber security may be the bigger threat

By ·

Editor’s Note: The following column by Dennis Omanoff, Chief Supply Chain Officer for McAfee, is part of Modern’s new Other Voices column. The series, published on Wednesdays, will feature ideas, opinions and insights from end users, analysts, systems integraters and OEMs. Click on the link to learn about submitting a column for consideration.

                                                                        ***  ***  **
Before Sept. 11, 2001, most supply chain professionals focused their security measures on preventing the theft of valuable goods in their manufacturing and transportation operations.  After 9/11, greater emphasis was placed on preventing weapons of mass destruction – or disruption – from being placed in cargo containers or other conveyances headed to the United States.

Today, there’s an even more potentially destructive threat to the supply chain community that’s often overlooked.  The volume and sophistication of cyber threats from totalitarian governments or nefarious individuals are increasing exponentially.  This 21st-century threat jeopardizes not only our information infrastructure, including in the supply chain community, but also all levels of high-tech software and hardware products that connect with local or enterprise-wide networks, either hardwired or wirelessly.
Concerns continue to rise about the “injection of viruses” into high-tech hardware products during their journey from manufacturing sources to customer delivery, especially to government agencies.  More than natural disasters, financial instability or political upheavals, what keeps me up at night is the fear that bad guys are injecting bad stuff into products that can disrupt, bring down or steal confidential information from networks.

For example, McAfee reviews about 100,000 potential malware samples per day, identifies over 55,000 new, unique pieces of malware per day and identifies about 2,000,000 new malicious web sites per month.  In the past two years, persistent and highly organized cyber attacks such as STUXNET, AURORA, WIKILEAKS, ShadyRAT and NIGHT DRAGON point out how cleverly the bad guys can worm their way into the world’s most protected networks and either sabotage them, steal intellectual property or compromise government trade or military secrets.

Given these examples, how safe are our networked products – from software to computers and servers—and how can we protect their security from component sourcing to the factory to assembly and delivery to the customer?

First, supply chain professionals charged with manufacturing and delivery processes should look beyond traditional threats such as tsunamis, demand volatility or financial degradation and take extra precautions to ensure that technology products in particular are safeguarded from viral attacks.

At McAfee, the largest dedicated information security company, we have put in place a number of strict measures to protect and prevent the infection of our products, especially hardware-assisted security systems such as firewalls, mail and web security network appliances, risk and compliance, cloud-based networks and intrusion detection and prevention.

For example, all of McAfee’s suppliers must have an information security policy in place for data loss prevention and system control that provides complete protection of both network and host leakage.  Today, the adulteration of data or the loss of Intellectual Property should be center to every company’s core risk program, and that includes the supply chain community.

Compromising a company’s IP can jeopardize an entity’s competitive advantage, cut into market share and even endanger our customers’ reputations, not to mention the vulnerabilities to top secret government information.  The sharing of data from McAfee to our suppliers is important for new product development, continuous improvement of our product, elimination of customer issues and the ongoing growth of product lines.

In addition to strict qualifying standards for its suppliers, we have architected a global supply chain operation where component parts are secured via distribution partners from multiple locations and then assembled, converted into finished products and shipped by trusted sources chosen by customer preference.  Any of our products can be made or assembled from any of our strategic locations in Europe, North America or Asia and also shipped to any other locations, almost at a moment’s notice.

The final assembly and hardware conversion, whether it’s software, adaptor cards or some type of interface card, and final shipment can be done very quickly – we aim for 20 minutes from the time an un-forecasted order comes in (aim for 30-day lead time on predictable orders).  With this type of Sense and Respond network, we’re able to obfuscate the trail of the quickly assembled final product so that it’s nearly impossible to know beforehand where it’s headed, whether it’s an energy grid, nuclear power plant or government agency.

Further, it’s critical to keep as low an inventory and backlog as possible – as the saying goes, “Inventory at rest is inventory at risk”.  This not only makes good security sense, but also good business sense.
By having a geographically dispersed supply chain and trusted partners that can operate as a single unit, professionals can satisfy the unique requirements of customers in various regions.  For example, “Assembled in the USA” verification helps meet stringent U.S. government (and some European government) requirements, but similar in-nation rules and incentives are imposed in other parts of the world, which punctuate the need for highly flexible and segmented supply chains.

These different security requirements can be met with what Dr. Hau Lee at Stanford University calls “multi-polar, differentiated supply chains.”  In other words, complete regionalized supply chains working either independently or as a unified operation can meet localized and globalized customer demands while also creating an operation that protects products from being sabotaged with the latest cyber virus somewhere along the way.

About the Author

Bob Trebilcock
Bob Trebilcock, editorial director, has covered materials handling, technology, logistics and supply chain topics for nearly 30 years. In addition to Supply Chain Management Review, he is also Executive Editor of Modern Materials Handling. A graduate of Bowling Green State University, Trebilcock lives in Keene, NH. He can be reached at 603-357-0484.

Subscribe to Modern Materials Handling Magazine!

Subscribe today. It's FREE!
Find out what the world’s most innovative companies are doing to improve productivity in their plants and distribution centers.
Start your FREE subscription today!

Article Topics

Security · Supply Chain Management · · All Topics
Latest Whitepaper
Hydrogen, the Future of Materials Handling
Large, successful organizations are integrating hydrogen fuel cell technology into their lift truck fleets and benefiting from lower operational costs, reduced emissions and improved reliability.
Download Today!
From the October 2016 Issue
Brownells’ new Iowa distribution center has taken touches—and miles—out of the order fulfillment process and increased throughput with near 100% accuracy.
System Report: Brownells new DC is flexible and responsive
Pallet Usage Report: Pallets Remain Critical in the Modern-Day Warehouse
View More From this Issue
Subscribe to Our Email Newsletter
Sign up today to receive our FREE, weekly email newsletter!
Latest Webcast
Pallets: Supporting Product, Processes and the Enterprise
The smallest leak in performance or cost can bring a lean, nimble and speedy supply chain to a halt. During this 30-minute webcast we'll examine how Modern's readers use pallets to keep the wheels turning as they maneuver a road filled with sharp edges and potholes.
Register Today!
Modern Materials Handling’s 2017 Casebook Collection
The 2017 Casebook features more than 35 case studies that put the spotlight on successful innovation...
Brownells: Designing for Efficiency and Growth
Brownells’ new Iowa distribution center has taken touches—and miles—out of the order...

Industry celebrates National Manufacturing Day
Fourth annual Manufacturing Day is a grassroots effort by U.S. manufacturers to improve the public...
American Eagle Outfitters’ omni-channel journey
The fashion retailer has used warehouse execution software and automation to create a true...