© mit 2002 [email protected] supply chain response to global terrorism: a situation scan corporate...
Post on 20-Dec-2015
221 views
TRANSCRIPT
© MIT 2002 [email protected]
Supply Chain Response to Global Terrorism: A Situation Scan
Corporate Response
A Research Project Update to
ISCM Sponsorsby
The SC Response to GT Team
October 16, 2002
© MIT 2002
Outline
• Work done so far• Security:
• Transports• Information• Infrastructure?
• Resilience• Supply Chain strategies after 11/9• Public and private initiatives• Open Issues from Sheffi’s work• Next steps• Discussion
© MIT 2002
Work done so farLiterature review through more than 150 papers, articles and documents from
different sources. The most relevant are:• Academic Journals:
• International Journal of Logistic Management, International Journal of Physical Distribution & Logistics Management, The Journal of Supply Chain Management, Harvard Business Review
• Industry Journals: • Supply Chain Management Review, Journal of Commerce, World Trade, Traffic
World, Computerworld, Material Handling Management , Informationweek• Newspapers and magazines:
• The Economist, Business Week, The NY Times, The Wall Street Journal, Observer • Governmental agencies and committees:
• The President’s Critical Infrastructure Protection Board, D.o.T. Federal Transit Administration
• Conferences:• Forum on Intermodal Freight Transport, Federal Forecasters Conference
• Universities and research centers:• Central Michigan University (for CLM), Carnegie Mellon University
• Consulting firms:• The McKinsey Quarterly, Strategy+Business (Booz, Allen and Hamilton)
© MIT 2002
Security: The Transportation Issue• Stricter controls at the borders:
• More work for Customs, and also longer clearance time, resulting in delays and extra costs.
• Changes in supply and distribution patterns:• E.g. Emery Worldwide reported a shift towards lower cost modes
of transportation to compensate the cost of security.• Who is going to pay for it?
• The answer so far has been “make the user pay”…• …but security is a national issue, shippers say, thus the
government should pick up the cost.• Does the general public want to pay for security in form of a tax or
as part of the cost of goods?• Advantages exist for major, well known carriers
• Carriers with both resources to provide higher security and good reputation are better positioned in the market.
• E.g. Michelin and Unilever rely on established relationships with carriers to ensure security in their imports.
© MIT 2002
Security in Transportation: the Technological Answer
The most common answer to security concerns so far seems to be the use of technology.
Many applications developed to prevent people from stealing goods from a container also can work to prevent people from putting inside anything else:
• Supply chain software (e.g. asset management tools and logistics portals)• Can be tuned to accommodate security applications
• Radio frequency identification (RFID)• Allows Automatic Equipment Identification, thus enhancing
visibility
• Electronic seals• Allow full-time monitoring, in order to detect any attempt of
cargo tampering
© MIT 2002
Security in Transportation: the Technological Answer
• Security sensors• Can monitor cargo and conveyance conditions (e.g. contraband
“sniffers”)
• Wide area communications and tracking• Platform that can exploit condition sensors, transaction
confirmation tools and GPS-like geo-location information to provide complete real-time monitoring
• Biometrics and smart cards• Fingerprints, hand geometry, eye-retinal, eye-iris, facial
recognition, voice recognition and dynamic signature, combined with smartcards, can increase security
…but the lack of standards limits their use!
© MIT 2002
Security: the Information Issue
7%
8%
12%
15%
66%
0% 10% 20% 30% 40% 50% 60% 70%
% of the 4500 companies surveyed
fraud
identity theft
unauthorizednetwork access
denial of service
viruses
Cyber Attacks (Informationweek 2001)
• Already a major concern before 9/11…
© MIT 2002
Information Security: National Priority
• …Today it’s a national priority• 3,700 attacks reported in 1998*
• Expect more than 110,000 in 2002 at current rates• The real dimension of the problem is still
underestimated• Due to both the limited information available and the
difficulties in evaluating the cost that companies are facing.
• The President’s Critical Infrastructure Protection Board takes action
• Prepared The National Strategy to Secure Cyberspace.
* Per Carnegie Mellon University’s Computer Emergency Response Team’s Coordination Center
© MIT 2002
Information Security: New Vulnerabilities• ….And new vulnerabilities include:
• Borderless networks: New vulnerabilities are created when partners are granted access to the company network. Collaborative solutions imply new threats.
• Mainframe computers: They received limited attention for security so far, but their connection to the Internet expose them to new risks.
• Instant messaging: This tool can bypass both firewalls and anti-virus, thus creating breaches in the security apparatus.
• Insider threats: Approx. 70% of all cyber attacks are believed to be perpetrated by trusted “insiders”, i.e. authorized personnel with access to the information system.
© MIT 2002
Information Security ToolsThe National Strategy to Secure Cyberspace suggests a range of A.C.T.I.O.N.S.:• Authentication:
• Processes, procedures and devices to ensure the identity of network users.• Configuration management:
• Plan network architecture and manage hardware, software and responsibilities with security in mind.
• Training: • Train employees on information security practices and foster an enterprise security
culture.• Incident response:
• Develop capabilities to respond to incidents, mitigating damages and recovering systems.
• Organization network: • Have security, IT, and risk management functions working together.
• Network management: • Assess, remediate and monitor network vulnerabilities.
• Smart procurement: • Ensure that security is embedded in the systems.
Not only hardware and software tools then, but a comprehensive approach to information security.
© MIT 2002
Resilience: a New Issue?• Resilience is the ability to bend and bounce back from hardship.
• As a personal characteristic, it has been studied for 40 years by psychologists and psychoanalysts.
• Today, this word is widely used for companies:• In this case, it refers to the ability of a company to react to an unexpected
disruption and restore its normal operations.
• A new concept or just a new word for flexibility, agility or adaptability?• Resilience refers to a major disruption in the firm’s facilities, infrastructure
or environment, due to factors that are external to market, economic or technological dynamics.
• Examples:• Morgan Stanley immediately evacuated the WTC on 9/11, losing “only” 7
of its 2,700 employees, and continued business in its three pre-arranged recovery-sites.
• UPS was delivering packages in southeast Florida just one day after Hurricane Andrew, even to customers living in cars.
© MIT 2002
How can Resilience be acquired?• Assessing current vulnerabilities and risks faced by the
company.• From a supply chain perspective, i.e. considering customers, suppliers
and other partners.• Developing or adapting contingency plans.
• In light of the magnitude of disruption that today is considered possible.
• Building a continuity management infrastructure and training people.• The first ingredient for resilience is people, how they are organized
and trained, and clear responsibilities in case of emergency.• Involving strategic partners.
• A supply chain is as strong only as its weakest link.• How can resilience be measured?
• Is resilience something you can measure only after a disruption has occurred?
• An indirect measure could be the extent to which your company is prepared to face disruption.
© MIT 2002
Supply Chain Strategies after 9/11
• Bringing suppliers closer to the factory:• Ford is building a supplier park near Chicago, to concentrate a
large number of its tier 1 and tier 2 suppliers.
• Alternative transportation modes as backup:• Chrysler used expedited truck service to backup air freight for
parts from Virginia to Mexico immediately after 9/11.
• Continental Teves used existing contingency relationships with carriers such as Emery to supplement air cargo delivery after 9/11.
• Pfizer built strong relationships with carriers to be able to arrange fast ground transport in case the air system is shut down.
© MIT 2002
Supply Chain Strategies after 9/11
• Decentralized distribution:• Abbott Labs is expanding its distribution of some products that
were previously concentrated, due to high value and handling requirements.
• Automation in material handling:• Hewlett Packard is increasing automation to increase both
efficiency and security
• Electronic seals and sensors on cargo:• Dell is using smart seals on containers to indicate if they were
opened during transport.• Wal-Mart adopted temperature monitors on trailers to ensure meat
safety.
• Corporate & Corporate-Government Alliances
© MIT 2002
Initiatives Currently in Place• Customs (Department of the Treasury):
• Customs-Trade Partnership Against Terrorism (C-TPAT):• Certified companies assume responsibility for cargo security and are
granted “fast lanes” at Customs.• Container Security Initiative (CSI):
• Identify and pre-screen high-risk containers before they arrive in the U.S., exploiting the latest technologies.
• Automated Commercial Environment (ACE):• Information technology system to process goods and merchandise
imported in the U.S.• Business Anti-Smuggling Coalition (BASC):
• A business-led, U.S. Customs-supported alliance created to combat narcotic smuggling via commercial trade.
• Carrier, Land Border Carrier and Super Carrier Initiatives:• Anti-drug smuggling training to air, sea and land commercial
transportation companies.• The Treasury Advisory Committee on the Commercial Operations of
the US Customs Service (COAC):• Representatives of the trade industry at large, including importers, ports,
customhouse brokers, trade attorneys and carriers.
© MIT 2002
Initiatives Currently in Place• Department of Transportation:
• Marine Transportation System National Advisory Council (MTSNAC):• 30 senior-level representatives from transportation-related organizations.
• National Infrastructure Security Committee (NISC):• Officials from the DoT and US Customs.
• Joint initiative of the Customs and the Coast Guard (DoT):• Operation Safe Commerce:
• Tracking goods from the source to the destination in the U.S.
• Homeland Security• Homeland Security Advisory Council:
• A group of 21 leaders from business, academia and state and local government that advise the Bush administration.
• National Infrastructure Protection Center (NIPC):• Representatives from U.S. federal, state, and local Government agencies, and
the private sector housed at FBI HQ, focused on protecting IT infrastructure.
• DoC – Technology Administration• National Institute for Standards and Technology (NIST)
• Computer Security Division (CSD)
© MIT 2002
Initiatives Currently in Place
• Industry• Smart and Secure Tradelanes (SST):
• A seaport operators driven initiative to deploy the Total Asset Visibility (TAV) network (pioneered by the DoD), in order to improve tracking and security of shipments.
• Strategic Council on Security Technology (SCST)• Council of Security & Strategic Technology Organizations
(COSTO)• Technology Asset Protection Association (TAPA) • Business Executives for National Security (BENS)• Advanced Medical Technology Association (AdvaMed)• National Petrochemicals & Refiners Association (NPRA)• American Chemistry Council (ACC)• National Industrial Transportation League (NITL)• …
© MIT 2002
Open Issues from Sheffi’s work
• Efficiency Vs. Redundancy: • Evidence so far shows that efficiency is sacrificed only when the risk is
very high.• Many claim for improving both efficiency and security, but solutions
are still lacking.
• Collaboration Vs. Secrecy:• Evidence so far shows an increase in collaboration aimed at improving
security, within both the private and the public sectors.• Higher attention is given to choosing and monitoring partners, since
they can introduce vulnerabilities.
• Centralization Vs. Dispersion:• Evidence so far does not show clear patterns.• The decision driver is the risk perceived (i.e. whether vulnerability is
linked more to facilities or to transportation).
© MIT 2002
Open Issues from Sheffi’s work
• Lowest Bidder Vs. Known Supplier:• Evidence so far shows a shift towards the second.• The cost of security, in terms of both risk and prevention, often
outbalances the savings offered by the lowest bidder.
• Security Vs. Privacy:• Evidence seems to show a general shift of attention towards
security, even if privacy is at a stake.• The issue needs to be managed at regulatory level, anyway the
trend today is towards allowing higher freedom to public agencies, while private subjects are still limited.
© MIT 2002
Next Steps
• Situation scan through phone interviews• The goal is identifying leading practices and
spotting out new approaches.• Approx. 20 leading companies.
• In depth analysis of interesting cases• The goal is obtaining a detailed picture of strategic
and operational rationale behind advanced security strategies
• A few case studies
© MIT 2002
Discussion
• What compromises has your company made to increase security?
• Who is in charge of security within your organization?
• What are you doing to assess the vulnerability of your supply chain?
• Is your company resilient? How do you measure it?• Is your company participating in any public or
private security initiative? In which way?
© MIT 2002
Suggested References
• Sheffi, Y. (2001), “Supply Chain Management under the Threat of International Terrorism”, The International Journal of Logistics Management, Vol. 12, No. 12, pp. 1-11.
• Martha, J., Subbakrishna, S. (2002), “Targeting a just-in-case Supply Chain for the Inevitable Next Disaster”, Supply Chain Management Review, September/October, pp. 18-23.
• Coutu D.L. (2002), “How Resilience Works”, Harvard Business Review, May.
• Andel. T. (2002), “The new world of global distribution”, Material Handling Management, Vol. 57, No. 1, pp. 24-26.
• Hulme, G.V. (2001), “Management takes notice”, Informationweek, September 3, pp. 28-34.
• Hulme, G.V. (2002), “In Lockstep On Security”, Informationweek, March 18, pp. 38-52.