The challenges of 2020 were many – none more dramatic than the disruption to consumers’ daily lives or businesses’ operations because of a cyber-attack or global supply chain issue. In their 2021 Data Breach Investigations Report, Verizon counted 5,272 data breaches, up 33% from 3,950 just a year earlier. Malware incidents grew by over 350%. Meanwhile, global shortages of everything from microchips to automobiles started to increase and continue to this day.
What 2020 amply demonstrated was that protecting supply chains and critical infrastructure have much in common — not only because supply chains are a “key target” for cyber criminals according to PwC that won’t diminish anytime soon. The pandemic further exposed that equal attention needs to be paid to securing both our software and physical supply chains. Both are global, complex, and intertwined with much of the world’s hardware, most of which has software from other supply chains embedded into it. Both share weaknesses that resulted from globalization and the overreliance on unvetted and out-of-sight commercial and foreign vendors.
Despite their similarities, however, there is no single or simple solution. Every industry will have its own challenges. For the sake of the highly targeted manufacturing industry and our nation, it’s critical that we zero in on real solutions that can be implemented quickly.
Typically, organizations only have information about other parties in their supply chain to whom they’re directly connected, making it easier for third parties to find a way to infiltrate a supply chain of any type. The longer the supply chain, the lower the level of visibility, and the greater the risk. Geographic proximity matters, too. If the critical component for your fighter jet or enterprise network is being made halfway around the world, who’s making sure it is being built in a way to ensure you will both received it when you need it, like a time of conflict or global disruption, and with confidence of the software found inside of it?
A number of countries have been notorious for building their competitive advantage by stealing others’ software, infiltrating third-party systems, and attempting to grow monopolies on the production of critical technical components. While national security is clearly an issue, intellectual property is stolen for many reasons. And there are a wide variety of countries and bad actors that pose serious threats.
There’s also a stunningly wide array of tactics. According to a Bloomberg investigation, Chinese operatives placed extraneous chips in hardware made in China by U.S. companies for the express purpose of communicating back to China. That hardware has been used both in private industry and in federal agencies, both civilian and military. “The Chinese government has been doing this for a long time, and companies need to be aware that China is doing this,” said Jay Tabb, the former executive assistant director of the FBI’s national security branch, speaking with Bloomberg. “And Silicon Valley, in particular, needs to quit pretending that this isn’t happening.”
Cyber events impacting the supply chain can have global ramifications. For example, the pandemic has given us a window into just how damaging supply chain disruptions can be. Carmakers such as Toyota, Nissan, and General Motors have all had to cut production, and the shortages are seeping into other corners of the economy. In July, Apple said chip shortages would affect sales of its phones and tablets. With chips in everything from coffeemakers to electric toothbrushes, analysts are predicting that holiday shopping may not offer the variety and bounty we take for granted. And of course, chips are integral to every part of the nation’s defense –the F-35 fighter jet is known as a “flying computer,” more likely to be taken down by hackers than missiles.
The concentration of manufacturing in just a few huge plants exacerbates the problem. A single plant in Japan makes almost one-third of the world’s chips, and in March it was damaged by a fire lasting five hours. TSMC, Taiwan’s giant chipmaker, is dealing with drought and water shortages in cities where it operates. There are only a few chip plants located in the United States, and storms in Texas forced some of those to close temporarily.
So, what is to be done about all of this? We can start by learning from other industries. The data center industry has learned to do a few things really well — secure and automate their operations, monitor their assets and operations at all times, and build a distributed infrastructure. Why not manufacturing?
Unfortunately, in security, people are often the weak link — not just as targets in phishing scams but as active agents, acting from the inside. Edward Snowden didn’t have to do anything fancier than socially engineer his way to the access he needed, and then download documents onto a thumb drive. Why not automate your production operations more thoroughly? Today, intelligent software enables the automation of many rote processes and repetitive, potentially dangerous work. These operations can be secured and encrypted, and enable manufacturers to become less reliant on labor, thereby delivering a higher level of security.
Once automated, software-enabled production lines can provide much-needed visibility, transparency, and traceability into manufacturing processes. With manufacturing lines equipped to emit data, that data can help detect anomalies or an attempt to compromise any part of the production. Computer vision can detect counterfeit or compromised components introduced into the production line.
Finally, advanced manufacturing technologies can help us build a more secure supply chain by enabling distributed, localized manufacturing. Software enables a “copy exactly” way of making to ensure that production operations are equipped to make the same product while enabling responsiveness to the local market demands. Because distributed localized manufacturing moves away from concentrating production in just a few large, distant locations, they’re more resilient and able to recover from disruptions.
Together, these innovations – already in use at the most forward-thinking companies – help protect the security of individual organizations and the entire nation. With increasing global uncertainty on numerous fronts, from climate events to pandemics, trade wars, and even military activity, it’s our responsibility to protect and harden our supply chains, contributing to predictability and stability both at home and abroad.