Enabling Resilience in National Critical Infrastructure

Growing concerns related to dependencies on software-reliant information communications technology (ICT) and Internet of Things (IoT) devices are pushing changes in governance associated with supply chain risk management (SCRM). The possibility of disruption of critical infrastructure exists because the software that enables these capabilities is vulnerable and exploitable.

Exploit potential is often more about the vulnerability of assets in target organizations than the ingenuity of the attackers. Several breach reports show that the source vectors of attack are in software. Consequently, organizations expanding the use of network-connectable devices need comprehensive software security initiatives to address weaknesses resulting from technological vulnerabilities and a lack of “cyber hygiene” (lack of caution) among those who develop and use software applications and software-reliant IoT devices.

Exploitable weaknesses, known vulnerabilities, and even malware can be embedded in software without malicious intent. Indeed, sloppy manufacturing hygiene is more often the cause of exploitable software. Such poor hygiene can be attributed to the lack of due care exercised by supply organizations with developers, integrators and testers who are often unaware of or untrained on software security, compounded by inadequate testing tools and the failure of suppliers to prioritize addressing the risks associated with the poor security of the software they deliver to the organizations that use it.

How do organizations proactively protect critical infrastructure from being the victim of software provided by others? As a start, they use contracts to set supply chain expectations for their suppliers. Sample software procurement language is available for free to assist organizations in developing their contracts and establishing test criteria as part of software SCRM due diligence. Procurement criteria should contain these specifications, at a minimum:

  1. Software composition analysis of all compiled code found in the supplier product to identify all third-party open source components via a software bill of materials and to identify all known vulnerabilities listed in Common Vulnerabilities and Exposures (CVE) in publicly available databases, such as the NIST-hosted National Vulnerability Database (NVD);
  2. Static source code analysis of all available source code found in the supplier product to identify weaknesses listed in Common Weakness Enumeration (CWE);
  3. Malware analysis of supplier-provided software to determine whether any known malware exists in that software, along with a risk assessment of mitigation controls;
  4. Validation of security measures described in the product’s design documentation to ensure they are properly implemented and have been used to mitigate the risks associated with use of the component or device.

Read more at Software Supply Chain Risk Management: Enabling Resilience in National Critical Infrastructure

Share your opinion below or send us a message for further information. Subscribe to get updates.

10 Ways Machine Learning Is Revolutionizing Supply Chain Management

Machine learning makes it possible to discover patterns in supply chain data by relying on algorithms that quickly pinpoint the most influential factors to a supply networks’ success, while constantly learning in the process.

Discovering new patterns in supply chain data has the potential to revolutionize any business. Machine learning algorithms are finding these new patterns in supply chain data daily, without needing manual intervention or the definition of taxonomy to guide the analysis. The algorithms iteratively query data with many using constraint-based modeling to find the core set of factors with the greatest predictive accuracy. Key factors influencing inventory levels, supplier quality, demand forecasting, procure-to-pay, order-to-cash, production planning, transportation management and more are becoming known for the first time. New knowledge and insights from machine learning are revolutionizing supply chain management as a result.

The ten ways machine learning is revolutionizing supply chain management include:

  1. Machine learning algorithms and the apps running them are capable of analyzing large, diverse data sets fast, improving demand forecasting accuracy.
  2. Reducing freight costs, improving supplier delivery performance, and minimizing supplier risk are three of the many benefits machine learning is providing in collaborative supply chain networks.
  3. Machine Learning and its core constructs are ideally suited for providing insights into improving supply chain management performance not available from previous technologies.
  4. Machine learning excels at visual pattern recognition, opening up many potential applications in physical inspection and maintenance of physical assets across an entire supply chain network.
  5. Gaining greater contextual intelligence using machine learning combined with related technologies across supply chain operations translates into lower inventory and operations costs and quicker response times to customers.
  6. Forecasting demand for new products including the causal factors that most drive new sales is an area machine learning is being applied to today with strong results.
  7. Companies are extending the life of key supply chain assets including machinery, engines, transportation and warehouse equipment by finding new patterns in usage data collected via IoT sensors.
  8. Improving supplier quality management and compliance by finding patterns in suppliers’ quality levels and creating track-and-trace data hierarchies for each supplier, unassisted.
  9. Machine learning is improving production planning and factory scheduling accuracy by taking into account multiple constraints and optimizing for each.
  10. Combining machine learning with advanced analytics, IoT sensors, and real-time monitoring is providing end-to-end visibility across many supply chains for the first time.

Read more at 10 Ways Machine Learning Is Revolutionizing Supply Chain Management

If you find this article interesting, consider sharing it with your network, and share your opinions with us in the comment box.

How LLamasoft Is Designing Success For Customers’ Supply Chains

Ann Arbor, Michigan-based supply chain design software business LLamasoft is considered one of the fastest growing technology companies in North America. The company was founded by Don Hicks and Toby Brzoznowski in the late 1990s, and offers a number of innovative solutions that help some of the world’s best-known brands make smarter, faster decisions about their supply chain operations.

Its flagship software, Supply Chain Guru, is used for optimizing and simulating supply chain network operations and modeling potential changes based on performance, costs and risks. Last year, LLamasoft released Supply Chain Guru X, the newest generation of its software, which enables companies to build living models of their end-to-end supply chains. Customers can easily visualize inefficiencies, optimize for significant improvements in cost, service and risk, and test hundreds of potential scenarios for continuous supply chain improvement and innovation. Also released was Demand Guru, a new solution that empowers companies to improve their supply chain design and strategic business initiatives by incorporating powerful causative demand modeling.

In 2012, LLamasoft raised $6 million in funding, led by MK Capital. Nike also became a strategic investment partner that year, taking a minority share in October. Jumping forward to 2015, LLamasoft had a big year – acquiring IBM’s LogicTools supply chain applications business, raising $50 million in Series B funding from Goldman Sachs to fund expansion and R&D, and acquiring South Africa-based Barloworld.

Several months ago, TPG Capital, the investment group behind companies like Uber, McAfee and Airbnb, invested over $200 million in LLamasoft after seeing great promise in the company and fully understanding the value its technology delivers to customers.

Today, LLamasoft counts among its 700 customers companies such as Michael Kors, Land O’ Lakes, Johnson & Johnson, and Wayfair. The company estimates that it signs 30 to 40 new clients per quarter. When I asked Brzoznowski if he could share some of LLamasoft’s customer success stories, he pointed out a few recent examples of customer use cases including Michael Kors, U.S. Silica, Hewlett-Packard and Johnson & Johnson.

Read more at How LLamasoft Is Designing Success For Customers’ Supply Chains

What do you think about this topic? If you want to discuss anything, please send us your questions or write it in the comment box. Subscribe us to be the first one to get updates.