Lone wolf hackers, rogue nation-states and cybercrime syndicates are in a position to disrupt the global supply chain.
"Cybersecurity really is a supply chain problem" that encompasses the telecom carriers that are used by businesses, the hardware and software that supports organizational workflow, and the cloud assets that so many organizations are leveraging today, Richard George, former National Security Agency technical director of information assurance and current senior advisor for cybersecurity at Johns Hopkins University Applied Physics Laboratory, recently said in a speech to cybersecurity professionals.
"It's not just the government that's a target, everybody's a target," he added.
Part of the problem is that "there is no risk aversion" for these bad actors. No one stands trial for their behavior while the Chinese deny their role in this activity and say, "not us, not us," George said.
Kevin O'Marah, former manufacturing and supply chain contributor to Forbes, wrote, "Where once we worried about localized mistakes or oversights upstream, now we worry about cataclysm, potentially at the hands of actors bent on destruction. The new world of supply chain risk means preparation for widespread, systemic disruption in our immediate future."
He continued: "As with war and natural disasters, cyber threats have the potential to kick off systemic failure, meaning a sort of domino effect whereby ordinary preparedness fails to overcome infrastructure, communication and human breakdowns."
To defend against cyber criminal intent to disrupt and "own" the global supply chain, George observed that corporations must be on guard, be careful of untrustworthy entities within the supply chain, ensure transparency throughout the supply chain, force strategic partners to prove their cybersecurity posture, and limit entanglement with companies/countries that don't respect intellectual property rights.
"People today are putting those holes in because they want easy access to the targets, and we are the targets," said George. He noted that every aspect of the global supply chain must be put under the microscope of cybersecurity, including distribution, processes, people, reputation, manufacturing, research and development, transportation, logistics and facilities.
Leading cybersecurity researchers are in line with what George and O'Marah have said. In fact, Zac Rogers, assistant professor of supply chain management at Colorado State University, said...