Securing the Supply Chain with Security Policy Management

With the latest BCI Supply Chain Resiliency Report revealing that some of the top causes of supply chain disruption are cyberattacks and data breaches, and with global supply chains becoming bigger and harder to manage, it’s never been more important to get security in place to protect the supply chain.

Securing the Supply Chain and Preventing Disruptions

Attackers are hunting for intellectual property in the rich data sets woven into supply chain operations. This data is the crown jewel of any manufacturer, distributors and logistics firms – designs, processes, plans and techniques – the necessary insights for a competitive advantage in global supply chain. Cyber criminals are well-resourced and proactively aiming to harvest any data to sell on the Dark Web.

In manufacturing, for example, there is a global distribution network creating billions of connections. Each of these connection points becomes a new exposure or exploitation waiting to happen. Furthermore, mergers, acquisitions and partnerships are defining characteristics of manufacturing enterprises. This causes a ripple effect throughout the organization’s reach with new connections begetting even more connections. In addition, each new connection point has an asymmetry to them, making it difficult to plan for the future permutations of any new supplier, distributor, fabricator and others.

This matter is not confined to traditional computing assets. The Internet of Things (IoT) and operating technology (OT) only serve to add complexity and potential cyber hazards as supply chain systems automate and digitize their work. Supply chain operations is rooted in decision-making with communications that wrap the globe and bring real-time sharing for better decisions. Rapid network changes, interconnected communications and collaborative supply chains all meet together to create new challenges in a global economy.

Technology and security investments are scrutinized in this competitive and lean sector – extracting the highest ROI is imperative. A single, one-hour outage disrupting fabrication or logistical stall can mean millions in lost revenue. Global supply chains are meeting the security challenge with automation, orchestration and risk analysis to bring effectiveness to their security operations.

The Role of Security Policy Management

Any effort to curtail these risks begins with security policy. Security policy says, “This can do this, that cannot do that,” and within this framework, we can begin to see the protection flourish even in a rapidly changing supply chain.

It begins with a baseline understanding of your security configurations and the policies that govern what could happen. Seeing how systems are configured with business and functional requirements front-and-center allows organizations to adapt to changes. But you cannot know where to go, if you do not currently know where you are. Benchmarking your policies against regulatory standards and optimal security is a necessary first steps for long-term security in the supply chain.

Next, organizations can select the tools and operating models that fit their overall risk appetite in the context of their supply chain. Let’s face it, no two supply chains look alike. This requires an awareness of the combinatorial mixing of various suppliers, distributors and fabricators involved in the supply chain. Each of these entities carries attributes around with them, much like a person carries components of an identity that makes them, them. Understanding these defining attributes is the best way to see how the models will interact with various parts as they change within the security formula.

We are now heading in the direction of security intent. Rather than creating security controls devoid of context, we are commanding the end-state we seek with the intention of protecting assets and the moving parts within the supply chain.

Finally, we must repeat the process in an ongoing manner. Rather than reestablishing a new baseline and beginning the process each time a change comes to the supply chain, we can have continuous reviews of security policies and the intentions we’ve placed into the assets we’re called to protect. This requires a real-time view of what’s happening as it is happening. We live in an algorithmic world. We must see the inputs as they change and the effects from those changes with all our security intent adjusting to fit the latest combination of variables.

This may all sound a bit starry-eyed or fanciful. But I see it every day. Supply chain leaders are beginning to take this approach and embedding security intent into their security policies and controls. They are viewing their assets in real-time and adjusting with automation to meet whatever new system comes into the mix. Remember: just one hiccup in manufacturing or logistics can cost millions in lost revenue, not to mention regulatory compliance failures that can shut down an organization and cyberattacks that can derail the whole system.