The views expressed here are solely those of the author and do not necessarily represent the views of FreightWaves or its affiliates.
Reports about the extent of the hacking of Microsoft Exchange Server are alarming. This article from KrebsOnSecurity suggests that at least 30,000 organizations in the United States are known to have been directly affected. Moreover, the article’s author(s) state, “The espionage group is exploiting four newly discovered flaws in Microsoft Exchange Server email software and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.”
A thread I have noticed in conversations that The Supply Chain Technology Collective hosts on Clubhouse is that the users of supply chain technology wonder, “Why isn’t the technology I need to get my work done better integrated across technology vendors? Why do I still have to create manual processes in order to go from one technology platform to another?”
I am paraphrasing, but you get the idea. This sentiment has been expressed in one form or another each time I have hosted our recurring room on Clubhouse every Monday evening since early January.
Reports about the vulnerability of software systems and products to intrusions such as the one described in the article by KrebsOnSecurity raise the logical question, “Is tight and complete integration of digital technology and platforms desirable for the supply chains businesses depend on to drive their operations?”
Readers of FreightWaves might remember that in June 2017, Maersk was hit hard by a cybersecurity attack. The incident had a significant impact on Maersk’s operations and also affected its financial results.
The desire for supply chain software and technology that is tightly integrated and that works in tandem, through platforms and ecosystems, raises the specter of cybersecurity incidents that can very quickly metastasize from one device or one node into a networkwide incident that affects an entire supply chain platform or ecosystem.
I am thinking about this quite a bit in the context of my past writing in this column about the unfolding shift toward supply chain platforms and ecosystems.
In this June 2019 article, Adam Banks, who was group CTO of Maersk from January 2017 to July 2020, discusses industrywide lessons he believed the incident offered. On Tuesday, I was part of a discussion that members of Thematiks’ Supply Chain and Logistics Channel had with Stephanie Krishnan, research director for IDC Manufacturing Insights in the Asia Pacific region.
During that conversation, Krishnan raised the subject of empathy between large corporations and smaller companies that exist within the same supply chain network. For example, think of a large automotive company and the relationship it has with its Tier 2, Tier 3 and even Tier 4 suppliers. The idea being that the large automotive company would be more empathetic and collaborative with the smaller organizations in its supply chain or value chain, with the goal of mutual benefit.
That made me wonder, in the context of cybersecurity, for instance, does this form of empathy mean that the large company subsidizes the cost of securing the entire network? Or, does it mean that once a security incident has occured, then the large company subsidizes the cost of fixing the mess across the entire platform or ecosystem?
As I write this article, I do not yet know the answer — since the question occurred to me between 8 and 9 a.m. local time in New York on Tuesday, and I am writing this article between 2:30 and 3 p.m. on the same day.
What do you think?
If you are a team working on innovations that you believe have the potential to significantly refashion global supply chains, we’d love to tell your story in FreightWaves. I am easy to reach on LinkedIn and Twitter. Alternatively, you can reach out to any member of the editorial team at FreightWaves at firstname.lastname@example.org.
Author’s disclosure: I am not an investor in any early-stage startups mentioned in this article, either personally or through REFASHIOND Ventures. I have no other financial relationship with any entities mentioned in this article.