The challenge with modern supply chains is one of multiple pressures hitting all at once. These include pandemic-induced disruptions, cyber attacks targeting supply chains and the effect that financial and trade sanctions are having on Russia for its war in Ukraine. To be more resilient, many companies have opened the spigot on enterprise investment and technology innovation for supply chain modernization. But these efforts must be well-coordinated to be effective.
Let’s examine how enterprises can sharpen the strategic focus in these modernization initiatives by putting a close lens on cyber asset management. We’ll see how a holistic cyber asset management strategy can serve as a powerful road map—a way to thread the needle in optimizing value while, at the same time, minimizing risk from new technology implementations designed to cope with modern supply chain disruptions.
Two Sides of the Transformation Coin: New Technologies Bring Benefits… and Risk
As companies seek to be more resilient in their supply chains, the priority is to modernize across the whole service value chain—including one’s own operations and externally among the many vendors and partners involved in the supply chain. Across these extended, connected ecosystems, technology modernization initiatives can help in many ways.
Powerful use case examples include AIOps for production automation and auto resolution of issues, and digital thread for operational modeling and traceability across supply chain networks. In addition, smart contracts in private blockchain networks can be leveraged for agility around contracting and partner agreements—providing maximum flexibility and minimal red tape in adjusting supplier and transportation agreements to match shifting conditions in component availability and distribution options.
For all their promise and value, however, new capabilities come with new risks, including added vulnerabilities across broader attack surfaces. To manage these risks, companies need a coherent cyber asset management strategy—a master blueprint for visibility, control and interoperability of assets across the entire supply chain ecosystem.
Given that supply chain disruptions are becoming an enduring new normal, an organization’s cyber asset management strategy must be long-term— aiding in resilience now, while also supporting an innovation ecosystem in the future that’s designed to remain agile and flexible even in the face of ongoing disruptions to supply chains.
Use Case: Cyber Asset Management for Smart Contracts
A good cyber asset management strategy must take an advanced approach to asset tagging and dependency mapping – giving supply chain managers a more complete picture across the entire spectrum of assets, including all asset characteristics, behaviors and organizational policies they may be subject to. This level of classification streamlines prioritization of threats, allowing the organization to cut through the noise of fast moving cloud infrastructure and changing configurations within the supply chain.
Let’s talk through the use case we mentioned of smart contracts as an example. The technical issues alone are significant. Security and access are different with smart contracts because the nature of the asset is different; for instance, smart contract authentication is likely to be more token-based. Transparency remains a central issue in that the same distributed ledger technology that aids in verification and fraud prevention could also be problematic when trying to protect smart contracts from being improperly scrutinized for clues about a company’s IP or proprietary process information.
A highly-secure private blockchain would almost certainly be needed in this scenario, and the cyber asset management strategy would also have to factor in the people and process implications of a smart contract deployment. As a Harvard Law report on smart contract best practices illustrates, enterprise-grade smart contracts often require a hybrid approach of text and code to help with adoption; training and system access for code-literate parties so they can sign off on the validity and propriety of smart contracts; and procedures for identifying coding errors and risk allocation for any effect such errors may have on the legally-binding document.
All these considerations have cyber asset implications, and their breadth means that the cyber asset management strategy to support the implementation must be comprehensive to include asset management for IT teams’ hardware, networking and connectivity; as well as asset management for OT-related machine data and machine software.
For smart contracts or any other modernization use case, a strong cyber asset management strategy should include data standardization, automation across platforms, traceability, automated reporting and other modernization must-haves. Throughout, the organization must ensure—with the help of ISO, CMMI, SOC and other certifications—that its many supply chain partners follow similarly strong protocols. Such continuity is particularly critical in specialized supply chain environments, like pharmaceutical cold chain, in which $35 billion is lost annually from failures in temperature control logistics.
Cyber Asset Management is Key
Digital transformation is helping supply chains adapt to disruptions, but only if cyber assets are configured correctly and securely. A well-designed, holistically implemented cyber asset management is the key to ensuring companies get the benefits of new technologies for supply chain resilience, while minimizing any drawbacks that could pose a threat to security, operations and value generation.