datasheets.com EBN.com EDN.com EETimes.com Embedded.com PlanetAnalog.com TechOnline.com TMWorld.com  
Events
UBM Tech
UBM Tech
VELOCITY     Accelerating Your Supply Chain Success
The leader in global supply chain solutions

Cyberwarfare & the Battle to Protect Supply Chain Data

NO RATINGS

It would not surprise me if high-tech supply chain executives tasked with protecting valuable supply chain data said they are on pins and needles as they evaluate news reports that technology companies, including Apple Inc., have suffered cyberattacks.

In a rare disclosure explaining the widest known attack of its computers, Apple officials said Tuesday that hackers infected Macintosh machines belonging to some employees when they visited a software development website. Reuters reported that the malware, which manipulates a flaw in a version of Oracle's Java software used as a plug-in web browser, was designed specifically to attack Macs.

Facebook revealed a similar attack last week, and Twitter announced in early February that it had reset the passwords of 250,000 users whose information was compromised after hackers attacked it. At the end of January, The New York Times revealed that Chinese hackers had spent four months trying to infiltrate its computer systems to steal the passwords of reporters and other employees.

Cyberattacks are targeting corporate data more frequently. This doesn't bode well for an electronics industry battling to secure sensitive information.
Cyberattacks are targeting corporate data more frequently. This doesn't bode well for an electronics industry battling to secure sensitive information.

Stepped-up attacks
These attacks and others show that hackers are attacking corporate data more frequently. This doesn't bode well for an electronics industry battling to secure product designs, intellectual property, supplier agreements, and data associated with manufacturing and business processes across the supply chain.

Keeping sensitive supply chain data safe is even more challenging in the face of the ongoing cyberwar allegedly being conducted by the People's Liberation Army (PLA), a group supported by the Communist Party of China. According to a report published last week by the American computer security firm Mandiant Corp., the PLA conducts cyberwarfare from its base on the outskirts of Shanghai. The APT1 group has systematically stolen hundreds of terabytes from at least 141 organizations, including high-tech companies.

Remarkably, we have witnessed APT1 target dozens of organizations simultaneously. Once the group establishes access to a victim's network, they continue to access it periodically over several months or years to steal large volumes of valuable intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, emails and contact lists from victim organizations' leadership. We believe that the extensive activity we have directly observed represents only a small fraction of the cyber espionage that APT1 has committed.

This is a chilling revelation, as well as a reminder that the high-tech industry must be on guard. Such threats can interrupt business planning, stall growth, and lower revenue.

Getting worse
Undoubtedly, supply chain executives face a daunting task, which becomes more difficult when we consider the increasing number of component suppliers, the quest to add manufacturing locations, and the demands of managing transportation, logistics, and other segments of the supply chain.

In mid-2012, Deloitte Consulting surveyed 600 executives about the supply chain. Forty-eight percent of respondents said "the frequency of risk events that had negative outcomes" had increased over the past years. "Executives from high-tech companies were most likely to report an increase, with roughly two thirds saying that was the case."

Things may very well get worse before they get better. Executives in the high-tech, industrial product, and diversified manufacturing industries (which all have complex supply chains) were most likely to report an increase in costs associated with supply chain risk, Deloitte found. It seems inevitable that companies in the electronics industry will see more cyberattacks. I agree with the Deloitte report's conclusion that companies need to think beyond simply preventing attacks and craft a plan to reduce their impact.

Deloitte outlined four key critical attributes of supply chain resilience.

  • Visibility: The ability to monitor supply chain events and patterns as they happen, which lets companies proactively -- and even preemptively -- address problems. Critical enablers include people capabilities and analytics capabilities.
  • Flexibility: Being able to adapt to problems quickly, without significantly increasing operational costs, and make rapid adjustments that limit the impact of disruptions. Critical enablers include people capabilities and governance processes.
  • Collaboration: Having trust-based relationships that allow companies to work closely with supply chain partners to identify risk and avoid disruptions. Critical enablers include people capabilities and analytics capabilities.
  • Control: Having policies, monitoring capabilities, and control mechanisms that help ensure that procedures and processes are actually followed. Critical enablers include governance processes and analytics capabilities.

    • What are you doing to protect your supply chain from breaches? What is your plan for dealing with the challenges after a cyberattack? And how are you collaborating with your supply chain partners to formulate a comprehensive data protection plan?

    Related posts:

    View comments: newest first | oldest first | threaded
    Page 1 of 2   Next >   Last >>
    mfbertozzi
    User Rank
    Supply Network Guru
    Re: Why protect only supply chain data?
    mfbertozzi   3/4/2013 12:53:42 PM
    NO RATINGS

    @The Source: it is true, for now it seems concerns regarding privacy and similar matters, are responsible for the slowly adoption of the cloud services, but sooner or later any companies will migrate towards that paradigm due to the need of ensure an urgent capex reduction.

    mfbertozzi
    User Rank
    Supply Network Guru
    Re: Why protect only supply chain data?
    mfbertozzi   3/4/2013 12:51:05 PM
    NO RATINGS

    @The source: I see the point and I am sorry because in my mind, it should be the time for planning a jointly effort in order to be stronger in front of new possible threats.

    hash.era
    User Rank
    Stock Keeper
    Re: Why protect only supply chain data?
    hash.era   2/28/2013 8:59:02 AM
    NO RATINGS

    @ The Source: Yes indeed. Any data set has a price tag on it and it differs fromrequirement to requirement. So loosing data means a very serious issue since its priceless.

    The Source
    User Rank
    Blogger
    Re: Why protect only supply chain data?
    The Source   2/27/2013 10:55:39 AM
    NO RATINGS

    hash.era

    The issue of blame is a very serious one.  Companies that have sensitive data stolen from their computer systems stand to lose millions of dollars,  I wouldn't want to be the person that is partially responsible for such an incident.    

     

    hash.era
    User Rank
    Stock Keeper
    Re: Why protect only supply chain data?
    hash.era   2/27/2013 10:38:49 AM
    NO RATINGS

    The Source: Even if you do a proper risk assesment, its difficult to prevent the damage that might cause from un-expected scenarios. Anyway its always better to have the best ready so no one can blame on the damage.

    The Source
    User Rank
    Blogger
    Re: Why protect only supply chain data?
    The Source   2/27/2013 9:44:37 AM
    NO RATINGS

    mfbertozzi,

    With regard to cloud computing, survey after survey shows that company executives are concerned about security and privacy issues, and many companies have decided to manage their sensitive information on their own data systems while using the cloud for non-essential data. Still, there are many high-tech companies that use the cloud to manage supply chain data.       

    The Source
    User Rank
    Blogger
    Re: Why protect only supply chain data?
    The Source   2/27/2013 9:33:11 AM
    NO RATINGS

    mfbertozzi,

    One of the difficulties here is that many companies don't want to admit that they've been attacked by cybercriminals, even though that might be changing.  Here's a New York Times article about that subject:

    http://www.nytimes.com/2013/02/21/technology/hacking-victims-edge-into-light.html?pagewanted=all&_r=0

    mfbertozzi
    User Rank
    Supply Network Guru
    Re: Why protect only supply chain data?
    mfbertozzi   2/27/2013 4:05:18 AM
    NO RATINGS

    @_hm: I agree; speaking for myself, I think that electronic data means automatically security issues to address, it doesn't matter the process or the specific area of business chain we are telling about. Cloud could be a way for moving forward, but it brings are issues and concern on security, than there's still a long path to run.

    The Source
    User Rank
    Blogger
    Re: Why protect only supply chain data?
    The Source   2/26/2013 2:01:40 PM
    NO RATINGS

    hash.era,

    There's no doubt about it, a successful malware attack can have a devastating effect on a company's data systems.  You've noted that what is needed is a risk assessment across the data network, and I would contend high-tech companies must include their partners, third party suppliers and other business associates across the supply chain in any risk assessment program. 

     

    Brian Fuller
    User Rank
    Blogger
    Finding balance
    Brian Fuller   2/26/2013 1:18:16 PM
    NO RATINGS

    Key question is how do we as countries find balance between cyber-security and civil liberties/human rights. 

    It's clearly a tension that is increasing. Thoughts?

    Page 1 of 2   Next >   Last >>


    More Blogs from At the Source
    On the hunt for a demand-driven maturity model for companies that are looking at ways to optimize their supply chains.
    Removing harmful electronic products in a responsible way is not only the right thing to do, but a smart business move.
    While some parts of the high-tech supply chain network can be improved by implementing policies and procedures, other parts of the network are beyond the control of even the most skilled supply chain executive.
    As Intel improves its chip technology and deals with a declining PC market, the company is still making a concerted effort to improve its supply chain.
    Civil engineers give US transportation infrastructure embarrassingly poor grades. We've got work ahead of us.
    Latest Poll
    Webinars
    Archived Webinars
    Date: 4/30/2013
    You've heard the saying "the No. 1 supply chain risk is your people." That hasn't always been the case. But today's complex global supply chain requires a new type of multitalented employee. It's one who understands, finance, marketing, economics, is savvy with technology, graceful with relationships and can think analytically. Where are these people? Are universities properly preparing the next generation supply chain professionals? How do train your existing workforce for these new, demanding positions? Brian Fuller, editor-in-chief of EBN, will lead a 60-minute Avnet Velocity panel discussion that will ask and answer these and other questions swirling around today's supply-chain talent challenges.
    EBN Newswire
    SAN FRANCISCO   1/8/2013
    Vallee Appointed to Reserve Bank Board
    PHOENIX   12/12/2012
    Avnet EMA Adds Digi International
    PHOENIX   9/26/2012
    Avnet Express Appoints Exec
    Resources
    sponsored content
    MORE WHITE PAPERS
    Avnet Video Resources
    The Velocity Report Archive
    Click here to see our newsletter archive.
    Twitter Feed
    EBN Online Twitter Feed
    Like Us on Facebook