The Battle for The Digital Supply Chain

Article by Malcolm Warr OBE

Churchill said of the Battle of the Atlantic: New Zealand “The only thing that ever really frightened me during the war was the U-boat peril…for a long time we could not track and trace our adversaries”

Why did Churchill say that? Well, the UK’s lifeline was dependent on the supply of goods, materiel, and people from North America. It was a tenuous but crucial supply chain across the sea — The United Kingdom and its Empire would not have survived without it.

There are lessons we can learn from history which can be applied now within the Cyber community especially as we move from traditional supply chain management to digital supply chain operations.

Fast forward to now

The supply chain challenges that we are facing in the digital age are often relegated as low priority both by cyber professionals and by businesspeople. It is not glamorous. Yet it sits astride all part of business and society. The intricacy and tenuousness of the digital supply change can be difficult for the lay person to comprehend until problems occur.

Supply chain attacks often occur when a company’s data is compromised via the hacking of a third- party supplier which has legitimate access to its customers’ systems. Hackers can insert malicious code into trusted hardware or software at the source, compromising the data of its customers – and their customers – spreading infection throughout that chain.

Where traditional supply chains function in a linear fashion, digital supply chains function more like networks. And unlike traditional supply chains, digital supply chains can provide real-time visibility into the performance of each step along the chain. This visibility into supplier performance and customer needs, allows a business to develop more relationships with more suppliers, and better protects the company against disruptions when they occur.

Digital supply chains work by integrating internal systems and data with external information, both structured and unstructured. Using new technologies to collect, monitor, and analyse data, a digital supply chain can help you make much better predictions and recommend remedial actions in real- time.

However, this can place an unsustainable burden on a small company which simply does not have the resources or expertise to join the digital supply chain club.

So how do we deal with this?

Good supply chain management is about four things:

1. reducing complexity

2. reducing uncertainty

3. learning lessons

4. visibility of process and transactions across the whole supply chain built on trust.

At the heart of digitisation is the fundamental requirement to know who you are dealing with and to “track and trace” along the chain.

The principles of good risk management drive the need to understand the risks inherent in both traditional and digital supply chains. A full understanding of the network of suppliers is crucial so that cyber risks can be managed efficiently, and that due diligence can be carried out effectively.

Digital identity

As previously discussed, maintaining, and safeguarding digital supply chains is made easier and more effective with new technologies. However, this can place an unsustainable burden on a small company which simply does not have the resources or expertise to join the digital supply chain club.

For small businesses already burdened with all sorts of business challenges, digital identity offers a good assurance.

Digital identity is information used by computer systems to represent an external agent – a person, organisation, application, device, or supply chain flow.

So, this can be applied to material, commodities and goods

Digital identities allow access to services provided by computers to be automated and make it possible for computers to verify relationships by identity proofing.

Identity proofing is the process of verifying a user’s identity: confirming that they are who they say they are. This may sound like ordinary authentication, the kind based on a username/ password combination, but identity proofing actually comes into play before users get their credentials to access an application or alongside the traditional authentication process.

The aim of identity proofing is to ensure that a user’s claimed identity matches their actual identity: in other words, that their identity is real and not fictitious. An excellent first step on the digital high road.

In other words knowing exactly who you are dealing with

In New Zealand, the Trust Alliance (TANZ) has pioneered a trusted data sharing arrangement for New Zealand’s agricultural industry. In practice it is a Supply Chain digital assurance approach applicable to all industries world-wide.

As TANZ Executive Director Klaeri Schelhowe has said, “We found there was no easy mechanism for farmers and food producers to easily and directly input their farm’s data in a trustworthy way and into the agricultural food chain. The existing data exchange models were inefficient and time wasting, which is why we have acted now to create a smarter way of collecting and sharing this important data.”

Their ‘digital compliance product passport’ is configured to an international standard, data sharing technology where everyone across the sector is able to securely contribute, control, collate and protect their crucial data.

The new OSP Cyber Academy course will raise awareness of supply chain cyber security. The course includes a segment on how businesses can make the transition to a digital supply chain, with a focus on how can they use the data generated to solve problems.

It talks about the need to get everyone else on board. This involves developing a supply chain message and assuring that it reaches everyone in the organisation.

The aim is to develop digital supply chain management strategies and practicalities that embeds the right technologies and digital protections for clients’ businesses.

To sum up

Digital identity is playing a foundational role in our digital economy. Start with easy goals and have a project plan which maps your approach and can be scrutinised. Remember a key component is proving that suppliers are who they say they are!

To sumarize with a quote from Winston Churchill, “Success is not final, failure is not fatal, it is the courage to continue that counts.”