Supply Chain Cyber Security : Challenges and Solutions

Introduction

We all know how important cyber security is now that technology powers commerce in such a significant way. But if you perform work as part of a supply chain, you know that the stakes are especially high. Given that you’re part of a network of providers, vendors, transporters and managers, the impact of just one weak link in the supply chain cyber Security “chain of custody” can be significant.

Why Supply Chain Cyber Security Is Essential

It doesn’t matter which type of service you perform or which varieties of product you manufacture or help to move. Cyber security is everybody’s problem and everybody’s responsibility. As technology cements its place in our industrial and personal lives, the security of our networks, as well as our personal and corporate data, has become central to several sectors:

·         Military contractors must abide by guidelines like Traffic in Arms Regulations and others, which help vouch safe sensitive military data in third-party hands.

·         Healthcare providers are bound by Medical Regulations, which helps ensure the ever-more-digital world of patient records is kept safe and away from prying eyes.

·         Some service- and commodity-based organizations are required to, or can at least benefit from, requiring partners to keep Standards for Attestation and Organization Control reports, which is especially helpful for maintaining compliance, availability, privacy and confidentiality for supply chain partners who store data in the cloud.

Taking cyber security risks seriously in supply chain is imperative because what’s really at risk isn’t necessarily something with a fixed, one-time value. Merchandise can be replaced. What’s at stake is quite often the key to your remaining profitable at all. You stand to lose vital organizational and client data, intellectual property and trade secrets. In some cases, you’ll be held responsible for damages if formal laws and guidelines apply.

The primary mission when it comes to hardening the supply chain in any industry against cyber-threats is a three-pronged attack: “Anticipate, Mitigate, Improve” Critically, each of these three parts must happen in concert and, ideally, before you actually have to deal with a loss of data.

Here’s a crash course in holding the supply chain partners, and ourselves, to higher security standards.

1.     Familiarize ourselves with Industry-Specific Regulations

It is mentioned that some of the official guidelines and regulations that have appeared in recent years, but our supply chains have regulations of their own — particularly when you operate in critical areas like foods, beverages, medicines and vaccines, medical devices and other biotechnological and pharmaceutical interests. The integrity of the data associated with these goods is critical, which is why cloud providers find themselves bound by ever-stricter guidelines.

These guidelines give you a good basic benchmark for supply chain cyber security in your specific industry and might make you ware of threat vectors you didn’t know about. But it’s up to you to go above and beyond.

2.     Determine Which Vendors Have Access to Your Network

Simply doing business with multiple parties at once opens you to certain types of risk, but one of the most preventable is unauthorized or unnecessary access to your network and assets. Vendors and other actors within the supply chain naturally share digital properties and call upon much of the same data, but your supply chain can’t be hardened against supply chain cyber security risks until you’ve first determined which parties have access, and the level of their credentials and privileges.

Malicious — even unintentionally malicious — actors within your organization might have unsecured or unlimited privileges, too, which is a risk vector which has contributed to substantial financial losses for private enterprise over the years.

Think of this as the industrial equivalent of leaving the password to your home PC’s administrator account on a post-it note on your desk. You’ll likely have to share that credential with another party at some point, but revoking access from parties who no longer need it closes a vulnerable backdoor you might’ve otherwise forgotten to close.

3.     Create Cross-Functional Roles and Teams to Oversee Risk

Believe it or not, we’re already in the process of moving beyond one-size-fits all Security Officers or Risk Managers. Instead, we call for the creation of cross-organizational teams and specialists who know how to answer specific risks as they apply to each of our business partners and processes.

For example, some parties within the supply chain might have a greater likelihood of encountering counterfeit products or might have stricter requirements for the on boarding of new vendors and contractors. As risk becomes more uniformly dispersed across the organization, so we too must use our capabilities to respond when the worst should happen.

4.      Be Explicit About Security Requirements in Your Contracts

The importance of proactive measures cannot be overstated — and outlining your expectations as you enter into business with new supply chain partners is an obvious first one to take.

We should not be afraid to use specific language and even create legally-binding documents with the help of an expert to make sure each of your partners knows exactly what is expected of them when it comes to how they access and handle your data and that there’s legal recourse in place if they fall short.

5.     Monitor Your Technology Providers and Other Partners

None of the supply chain best practices out there are particularly useful without some old-fashioned checks and balances. To put it another way, you don’t just need expectations and guidelines — you need a way to make sure each of your third-party partners is following-through by continually monitoring their performance.

There are ready-made solutions out there as well as best practices as described by Govt. Regulation bodies. The ultimate goal of each continuous monitoring solution is the same:

·         Maintain awareness of emerging threats and vulnerabilities.

·         Establish communication protocols between partners within the supply chain.

·         Analyze organizational risk on a sufficient-enough frequency to guard against new risks as they appear and to make changes as needed.

·         Proactively evaluate the likely effectiveness of your risk responses to new threats.

·         Evaluate recent changes, and propose new ones, for physical and digital infrastructure.

Naturally, continuous monitoring of your operations and those of your supply chain partners will help keep you measure your performance against regulatory action at the state and federal levels as well as new requirements within your specific industry.

Seek Constant Improvement

We’ve talked about some of the “top-down” fixes for mitigating supply chain cyber security risks, including Central regulation and industry-specific guidelines. But each company is unique and has its own needs, which might make your particular approach unique. For instance, some companies are exploring Block chain-powered solutions such as “smart contracts,” which aren’t contracts at all but rather bundles of code that automatically execute commands when requirements are met by one or both parties.

The point is, the future holds all kinds of exciting solutions for the problems we’ve gone over here. Keep yourself aware, knowledgeable and up-to-date on the wider world of supply chain.

Read More

Disaster at Sea: SS Vaitarna - India’s Forgotten ‘Titanic’

SS Vaitarna popularly known as Vijli (Literally electricity) or Haji Kasam ni Vijli, was a steamship owned by A J Shepherd & Co, Bombay that disappeared on 8 November 1888 (24 years earlier to RMS Titanic sinking) off the coast of Saurashtra region of Gujarat in cyclonic storm during a crossing from Mandvi to Bombay. More than 740 people on board went missing in the disaster. The incident resulted in the creation of nautical lores and songs.

SS Vaitarna was the first steamship built by Grangemouth Dockyard Co. Ltd., Grangemouth and launched in 1885. She was schooner made of steel and took three years to complete. This screw steamer had three floors and twenty five cabins. She had a single funnel, two masts and a fore-and-aft rigged sail furled against the forward mast. The engines were built by Dunsmuir & Jackson, Glasgow. She was owned by A J Shepherd & Co, Bombay and was registered in Glasgow. She was 170.1 feet long, 26.5 feet broad and 9.9 feet deep. It was brought to Karachi by traveling around Africa for a maiden trip to Bombay.

She traded between Mandvi, Cutch State and Bombay ferrying passengers and goods. She took 30 hours to travel from Mandvi to Bombay at a fare of Rs8/-. The ships of the region were not designed to mitigate storms as they generally travel along the coast from port to port during calm seasons and were laid up in harbor during stormy monsoon sea.

The Incident SS Vaitarna was anchored on Mandvi port on 8 November 1888, Thursday), at noon and she left for Dwarka after taking 520 passengers on board. She reached Dwarka and had some more passengers on board, reaching 703 in number. She left for Porbandar. Though according to lores, Porbandar port administrator Lelie told the Captain not to venture into the sea, but later research did not supported the claim. Due to bad weather she did not stop at Porbandar and directly headed for Bombay. At evening, she was seen off the coast of Mangrol, and later at night some people claimed that she was seen wrecking near Madhavpur (Ghed) amid severe storm. The next day she was declared missing.

No bodies or debris of the ship was found. She was assumed to be wrecked in a cyclonic storm in the Arabian Sea. Though the folklores states casualty of 1300 people, there were 746 people (703 passengers and 43 crew members) on board who went missing in the disaster. The other numbers reported are 798. 741 (38 crew member and 703 passengers) and 744. There were thirteen wedding parties and several students who headed for Bombay to appear in the matriculation examination of Bombay University in December.

Kasam Ibrahim or Haji Kasam was the captain of the ship. He was an aristocrat from Kutch holding tracts of land between in Borivali and Dahisar in Bombay. He had his office at Abdul Rehman Street and he lived at Malabar Hill. It is also believed that he was blessed by Fakir that he will own 99 ships and Vijli was his last. Haji Kasam Chawl in Bombay Central is named after him.

Following the disappearance of the ship, the Bombay Presidency formed a committee, Marine Court of Inquiry, to probe the matter. It pointed out that Vaitarna was ill-equipped with safety measures. It did not have enough lifeboats and life jackets aboard. She was overwhelmed by the heavy storm. The aneroids used on board the other steamers of the line of the ships to which Vaitarna belonged were checked and found erroneous. Bombay Presidency and Shipping companies sent steamers to find the shipwreck but were unsuccessful.

Lores The incident resulted in formation of many nautical Lores, Myths, Legends and Songs over the years and became popular in folklore of Gujarat. The ship was popularly referred to as Vijli in folklore and is chiefly associated with its captain Kasam Ibrahim.

(a) Poet from Jamnagar, Durlabhrai V. Shyamji Dhruv published a collection of songs titled Vijli Vilap.  

(b) Bhikharam Savji Joshi also published another collection in the same name. 

(c) Jhaver chand Meghani collected and published one of such songs in his folk song collection, Radhiyali Raat, titled "Haji Kasam, Tari Vijli Re Madhdariye Veran Thai". 

(d) Gujarati author Gunvantrai Acharya wrote a fiction titled, Haji Kasam Tari Vijli (1954) based on the incident.

(e) Y. M. Chitalwala, a researcher based in Dhoraji researched the incident and documented it in Vijli Haji Kasamni published by Darshak Itihas Nidhi in 2010.

(f) A film based on the incident, Vijli: Mystery of the Phantom Ship, directed by Dhwanil Mehta and starring Rana Daggubati, was announced in 2017 with story written by Yogesh Joshi.

Read More

Perennial problems India faces & possible solutions

Reforming the political/bureaucratic system (to eliminate corruption) will be on almost everyone’s list of top problems India faces today, but not mine. I am not saying that they are not one of our biggest problems, but by targeting the political/bureaucratic class (as if they are the only corrupt people in India), we are only attempting to cut the leaves and are not focusing at the root of the problem.

Which is, The people of India….

A society that believes and indulges in corruption/favoritism at every available opportunity will only produce corrupt leaders. That’s one of the principle flaws of democracy, but then democracy ensures that people get the leaders they deserve.

1. Corruption – The first problem I identify in India is corruption/favoritism, but the way to solve it would be to change people’s ideas/attitude about corruption. Stricter laws, punishments can help, but these are not sufficient. We know that corrupt society will find ways to bypass rules/laws.

I can write on why corruption is bad, but such articles get a very limited reach. And besides, majority of our people still don’t have access to Internet or even basic education. But, there is one medium that has enormous reach – TV/Cinema. If directors/movie makers/Tele-serial makers could come forward to make good movies/serials that make people rethink about their corrupt ways and still make it interesting with a gripping story-line, the message might spread faster.

The Leads to corruption can be multi-faceted, and not necessarily only money oriented. Corruption in morality, in competition and attitude are of the same generic form of corruption.

One of the solutions could be to come up with a crowd-sourced funding platform (a site maybe) where prospective movie directors showcase stories/ideas and people vote/fund (not donate) for best of such ideas/concepts. The revenue from the movie should be shared with the funding bodies. Awareness is the first step to solving any problem.

2. Sustainable Living – Well, sustainable living is the solution, not the problem! In our quest towards success, wealth, happiness, etc. we forget that we are over-exploiting the resources available to us. Want wood? Destroy forests. Want energy/mobility? Pollute environment. Want connectivity? Make non-recyclable products and destroy the earth. Want space? Occupy marsh-lands. Want food? Kill animals. Want enjoyment? Drink alcohol, smoke, eat unhealthy food and risk diseases (The current COVID19 pandemic is a manifestation of the same unsatiable appetite of human beings). This list could go on…

Sustainable living is a wonderful concept that let’s us enjoy life without over-exploiting worldly resources. It’s a concept that encourages inclusive growth, for us as well as all the creatures living around us. We need sustainable living ambassadors to promote this wonderful concept in all medium (blogs, FB, newspapers, TV, movies, etc.) that can take the message to its beneficiaries (people). Though Indian culture and traditions have been majorly focused towards sustainable living but needs to be reinvented through movements like SUSTANIA.

3. Education – The kind of education we get is one of our biggest problems. Of course, it is much better than not getting education at all, but we are struck with an education system that produces imitators and not innovators/inventors. We have parents/teachers who are content with the current system and focus only on marks, and don’t much care about knowledge transfer/unlocking the true potential of students.

If our previous generations were blind to this problem, it’s understandable – they were the first generation to receive any proper education. But how can we be blind to it? Why do we want our children (also) to become back-office processing agents? Why is a Google or Microsoft not coming out of India, despite high proficiency in coding abilities and English?

I have written on this extensively in my previous blogs but whatever we do, we should eliminate the concept of memorization/mugging up for exams quickly. Examinations should not be a one day affair and should much largely focus on grasping the overall fundamentals of the specific domain. Moreover the curriculum must trigger thought processes and counter questions.

4. Neighborhood Cleanliness – Yes, we are all experts in keeping our homes/offices clean. But when it comes to the neighborhood, we give it scarce respect. We notice excessive waste that get accumulated around waste-bins and empty plots being used as dump yards.

Of course, first we should make sure that there are enough waste-bins in each locality. Corporation should appoint a coordinator from within each community, who would give them feedback on the no. of waste-bins required etc. Secondly, our Government should look at innovative methods like this solar-powered compressing waste-bins that can not only accommodate more waste (per bin), but can also message authorities when full.

5. Economic independence – Each and every person in our society (except minors) should be economically independent. Especially, women. That will prevent subjugation and crimes (esp. against women). I guess we have come a long way in educating girls, and in cities women equal men in the work-force. But, in small towns and villages, women are not given equal rights to work. We need more SHG’s(Self Help Groups) for women in rural areas that will impart skills and create a dependable income stream for them. Economic independence also triggers education and incubates business ideas for future small start-ups for building the village Eco system of India.

Overall all of the above needs a deterministic approach towards execution and constant metrics driven follow up and monitoring…. It is immaterial as to who holds the helm of power, the citizens of our country should ask sticky questions to their chosen leaders, related to the achievement of the above metrics.

Read More

Block chain Technology in Supply Chain & Logistics and the Potential Application.

Prelude

Block chain technology has been at the heart of economic topics since the inception of the Bitcoin Craze. Bitcoin, the digital currency that saw record-breaking growth last year, is built on block chain technology, providing an endless ledger of transactions. Block chain technology in supply chain and logistics is believed to be the end-all solution to renowned transparency and end-to-end visibility, not to mention accountability. The interest in block chain technology in supply chain and logistics is simply irresistible, and supply chain executives need to know a few things about it.

Block chain Technology in Supply Chain & Logistics Is Still a New Topic

Part of the reason behind the fear and uncertainty around block chain is the novelty of the technology; it is still a new technology, regardless of what experts may say. The technology is available for use in the supply chain and logistics sectors in limited supply, and the most influential aspects of applications were developed for supply chains with mandated asset tracking and accountability, such as the pharmaceutical industry. Yet, broad applications of block chain technology are still in infancy.

Supply Chain Leaders Should Consider Block chain Technology’s Current Applications

Before looking into applications, it’s important to understand what Block chain technology is and is not. Block chain technology involves the creation of data “blocks,” detailing actions for a given transaction or actions, and such information is finalized and locked into a chain. The chain is only added to with each transaction, so the origin of transaction details, such as financial records, product details, and location, can be traced. Thus, all subsequent transactions can be verified and tracked, enhancing transparency and visibility into the transaction. In addition, block chains may be public or private, granting or denying access to the chain details based on authorization, so private information can be protected, while allowing addresses to authorized parties.

There are real ways to use block chain technology today. The development of crypto currencies has a great opportunity for payment processing and financial management of the supply chain. Swiss port has already developed a platform, which is currently in the pilot phase, for using block chain to manage cargo handling.

Other applications of block chain technology in the supply chain include Microsoft’s joint venture project (Ardents NovaTrack), used to track pharmaceuticals while in transport, but the potential application of the technology may quickly rise to be a leading soldier in the battle against the opioid epidemic. The recent developments regarding Walgreens’ presumed impact on the epidemic could have been identified earlier through block chain technology, reducing the company’s exposure to the risk of legal proceedings and remuneration.

Another excellent example of block chain in the supply chain of today includes limited access networking. Although these networks are not necessarily block chain in the literal sense, they bear remarkable similarities to the technology. If the technology tracks all actions, it is a form of block chain, but the key lies in eradicating the ability to edit past Transactional details. This is where many of today’s applications fall short, allowing for edits, but block chain in the truest forms is a complete record, making compliance virtually self-sustaining. As a result, the ability to track and manage the supply chain through block chain may be among the greatest sustainable practices to arise in the next decade, especially in an age where every dollar spent comes under the scrutiny of the public eye.

How Will Block chain Technology Affect the Future of Supply Chain & Logistics Management?

The future of the supply chain is limitless with the power of block chain technology, and paired with the potential of the Internet of Things (IoT), block chain will bring a new level of visibility and insight into supply chain management. Automated identification and data capture (AIDC), including RFID tags, will make block chain technology more efficient, empowering informed decisions and helping supply chain managers move more product, spend less on freight, and create positive customer experiences.

Need to Understand Block chain to define the Value of the Technology Now

Block chain technology will continue to be a defining characteristic of supply chain management in the future. Supply chain leaders that take the time to understand block chain technology and its potential applications can position their organizations to reap the greatest benefit when the technology becomes readily available. Since the best-laid plans for success in supply chain management require education, supply chain leaders must work to reduce inefficiency and move into digital-driven supply chain management. This is the only way to prepare for a future filled with “blocks” of transparency.

Read More