Supply Chain Management Photo: BlueOceanAcademy

Cybersecurity: How to secure your cyber-physical supply chains

*Experts say secure supply chains are a cost of doing business, given the propensity of cyberattacks around the world, and the significant costs associated with such malware attacks are issues indicividual, businesses and governments should accord attention

Isola Moses | ConsumerConnect

The propensity of cyberattacks and significant costs associated with such attacks, especially in regard to the latest cyberattack on the iconic gasoline Colonial Pipeline in the United States (US) and the wide-ranging consequences is now central to modern discourses on protection of supply chains from devastating disruptions.

ConsumerConnect gathered the integration of digital with physical domains is a central part of the digital transformation organisations, businesses and governments are going through as part of the 4th industrial revolution around the globe.

A cybercriminal

These cyber-physical systems combine computation, networking, and physical processes, CyberNews report said.

They cover a wide range of areas, including industrial control systems in utilities, smart grids, and nuclear power stations.

Such systems usually work alongside the physical environment via a communication channel that receives inputs and feedback.

Cyber-physical systems typically present a number of challenges from a cybersecurity perspective, including: the distributed nature of control and management of cyber-physical systems makes it hard to effectively secure the system.

Others are the speed and fluidity of readings and the status of the system can create doubts; that they may involve real-time control loops with specific performance requirements; and they can be geographically spread over a large area, with components in locations that lack physical security

In terms of securing supply chains, report indicates nowhere are the challenges of securing cyber-physical systems more prevalent than in supply chains.

COVID-19 has underlined the importance of having robust supply chains, with the pandemic prompting organisations to increase redundancy to ensure continuity of supply even in the midst of disruptions.

In his recent book, ‘Cyber Strong’, cybersecurity expert Ajay Singh highlights the growing difficulty associated with securing such supply chains.

The expert illustrates the challenge via the hack undertaken against aerospace giant Airbus, which was compromised after hackers targeted their supply chain.

The hackers, who used VPNs to access systems, managed to obtain crucial technical information about components used by Airbus in their A350 model.

The company was reported to have said in response to the attack: “As a major high tech and industrial player, Airbus is like any other company, a target for malicious actors. “Airbus continuously monitors activities on its systems, has detection mechanisms in place, and takes immediate and appropriate actions when needed.”

Singh believes there are a number of lessons we can take from the Airbus attack to ensure our own supply chains are not compromised by malware or ransomware attacks:

Cybersecurity defences are not infallible in the sense that if organisations start with the premise that a breach is inevitable, it changes the way you implement your cybersecurity as a process.

According to Singh, “the focus then becomes not just on how a breach can be prevented, but also on other aspects, such as mitigation of the hackers’ ability to misuse the information they may have got access to, and also planning for a recovery from the breach.”

It is also noted that businesses, organisations and governments should understand how hackers operate.

The modern world is likely to see companies using a wide range of vendors, so it’s important to understand just what hackers will look to exploit in the supply chain in order to access sensitive information, report stated.

It’s not enough to focus cybersecurity efforts on just your own systems, as the security of the supplier network is only as strong as its weakest links, experts said.

On the need to define minimum security requirements, it has been stated that it is rare for cybersecurity to be a part of supplier contracts, but Singh argues that companies can only establish control if they define minimum security requirements as part of the contracts companies have with their supply chain.

He noted: “Raising supplier awareness with respect to cybersecurity and helping them maintain minimum standards is essential.

“Providing support in the aftermath of an attack or breach can help recovery and in minimising the damage.”

Another measure is companies should monitor compliance among suppliers, given the complexity of supply chains.

It is unquestionably cumbersome to monitor cybersecurity compliance among such a complex web of vendors, report said.

It is, however, a necessity if supply chains are to remain secure. How?

Singh further explained: “Vendors must understand that their vulnerabilities can lead to hackers getting an opening into their partner network and make them liable for losses, fines, and potentially even damages from a lawsuit.”

Secure supply chains are a cost of doing business. Against the backdrop of  Given the propensity of cyberattacks around the world, and the significant costs associated with such attacks, cybersecurity is no longer something that can be viewed as a luxury that can only be considered in good times.

Instead, it should be viewed as very much a standard cost of doing business in our modern and interconnected world.

Doing so is, after all, in the interests of the parent firm and all of their suppliers.

At the forefront of such efforts are German industrial giant Siemens, which has developed a Charter of Trust to facilitate a collaborative approach to cybersecurity among their supplier network.

The charter began with nine key partners and has since grown to include a wide range of companies, such as Airbus, Atos, Daimler, Cisco, Deutsche Telekom, Total, and IBM.

Siemens said: “In the age of the internet of things, the Charter of Trust is a very important first step.

“We’re open to many more partners, making the real and digital worlds safer places for all of us.

Cybersecurity is the key enabler for successful digital businesses. We hope that this initiative will lead to a lively public debate on cybersecurity and, ultimately, to binding rules and standards.”

Therefore, with the threat posed to supply chains growing in recent times, it’s an initiative that will hopefully show the way in ensuring cybersecurity is front and centre of all practices within supply chains globally.

Kindly Share This Story