According to Bloomberg, the National Counter-Intelligence and Security Center is launching a new effort focused on the intersection of cyber-threats and supply chain vulnerabilities.
U.S. intelligence officials are planning to provide information including classified threat reports to companies about the risks of hacking and other crimes tied to the supplies and services they buy... The program will be targeted toward U.S. telecommunications, energy and financial businesses, so government threat reports may soon be offered to companies such as Verizon Communications Inc., Duke Energy Corp. and Bank of America Corp.Several years ago -- well before all the well-publicized corporate hack-attacks -- the supply chain lead for a huge player in the health care sector told me that what he feared most was an intrusion that did not take down his systems, but corrupted data exchange. Plans were in place for total failure. But maliciously manipulating the system could have much more insidious results and seriously complicate recovery.
Some details are available from the NCSC here and here. The FBI also has some recommendations here (PDF).
It is also worth mentioning: About four years ago another member of the US intelligence community -- NOT NCSC -- assigned a team to assess risks to the global supply chain with a particular focus on US economic security. I was one of several private sector folks who received their first brief. We were then divided into small groups of five or six to talk through suggestions.
As soon as the door closed to the conference room for my small group the guy from US Steel started laughing, joined enthusiastically by the guy from Boeing. The rest of us merely smiled or shook our heads. "What a joke," one of us finally said. "I know undergraduate interns that have a better handle on supply chain risk."
Supply and demand networks are complex adaptive systems. This is not a reality easy to understand, much less defend. While we can welcome the help, we should not assume quick sophistication.
No comments:
Post a Comment