Supply chain security
Supply chain security (also "supply-chain security") activities aim to enhance the security of the supply chain or value chain, the transport and logistics systems for the world's cargo and to "facilitate legitimate trade".[1] Their objective is to combine traditional practices of supply-chain management with the security requirements driven by threats such as terrorism, piracy, and theft. A healthy and robust supply chain absent from security threats requires safeguarding against disturbances at all levels such as facilities, information flow, transportation of goods, and so on. A secure supply chain is critical for organizational performance.[2]
Typical supply-chain security activities include:
- Credentialing of participants in the supply chain
- Screening and validating of the contents of cargo being shipped
- Advance notification of the contents to the destination country
- Ensuring the security of cargo while in transit, for example through the use of locks and tamper-proof seals
- Inspecting cargo on entry
Overview
According to the Office of the Director of National Intelligence in the United States, "adversaries exploit supply chain vulnerabilities to steal America’s intellectual property, corrupt our software, surveil our critical infrastructure, and carry out other malicious activities. They infiltrate trusted suppliers and vendors to target equipment, systems, and information used every day by the government, businesses, and individuals."[3]
Local police departments often lack the resources to properly address supply chain security.[4]
Transit theft
Theft and shrinkage can take place anywhere in the logistics chain: from the shipper, carrier, or consignee. It may be packages, pallet loads, and full truck loads. It can involve individuals with an opportunity to take cargo or can involve organized crime. Security systems involving surveillance systems, tracking systems, and broader corporate security are needed to reduce the theft of material. [5]
History
The terrorist attacks of 9/11 were the defining event for modern supply chain security. Before 9/11 supply chain security was primarily the concern of the insurance and risk management industries; after the attacks more structured approaches were implemented. Early efforts were dominated by concerns over the use of maritime shipping to deliver weapons of mass destruction. From 2001 to 2006 efforts focused on the physical security of goods and shipments but from 2012 on focus shifted to cybersecurity as the awareness of cyber threats grew.[6]
In February 2021 US President Joe Biden made supply chain security one of his administration's priorities.[7]
Key initiatives
There are a number of supply-chain security initiatives around the world, including:
- The Customs Trade Partnership against Terrorism (C-TPAT), a voluntary compliance program for companies to improve the security of their corporate supply chains.[8]
- Operation Safe Commerce (OSC), a U.S. federal program designed to test and evaluate practices, policies and procedures aimed at improving the security of international containerized shipping.[9]
- The World Customs Organization (WCO) adopted the Framework of Standards to Secure and Facilitate Global Trade in 2005, which consists of supply-chain security standards for Customs administrations including authorized economic operator (AEO) programs.
- The Container Security Initiative (CSI), a program led by U.S. Customs and Border Protection in the Department of Homeland Security (DHS) focused on screening containers at foreign ports.
- The Global Container Control Programme (CCP), a joint United Nations Office on Drugs and Crime (UNODC)/World Customs Organization (WCO) initiative working to establish effective container controls at select ports across the globe with the aim to prevent trafficking of drugs, chemicals and other contraband and to facilitate trade by strengthening cooperation between the customs, trade and enforcement communities.
- The Global Trade Exchange, a DHS data-mining program designed to collect financial information about shipments, with the objective of determining the safety of cargo shipments.
- Pilot initiatives by companies in the private sector to track and monitor the integrity of cargo containers moving around the world using technologies such as RFID and GPS.
- The BSI Group undertakes an annual survey of supply chain risk exposure, identifying and updating the main supply chain security concerns. In its 2020 report, drug smuggling, cargo theft of pharmaceuticals and medical supplies and increasing warehouse and facility theft were identified as particular concerns.[10]
- The International Organization for Standardization (ISO) has released a series of standards for the establishment and management of supply-chain security. ISO/PAS 28000 Specification for Security Management Systems for the Supply Chain, offers public and private enterprise an international high-level management standard that enables organisations to utilize a globally consistent management approach to applying supply-chain security initiatives. ISO/IEC 20243 is The Open Trusted Technology Provider Standard (O-TTPS) (Mitigating Maliciously Tainted and Counterfeit Products) that addresses supply-chain security and secure engineering.
- The EU-US Summit held in Lisbon in November 2010, highlighting the need for their international "partnership to bring greater prosperity and security" for citizens on both sides of the Atlantic,[11] provided a foundation for the Transatlantic Economic Council to build on, announcing at its December 2010 meeting an agreement "to deepen transatlantic cooperation in supply chain security policies".[12]
- The Common Criteria offers with EAL 4 an opportunity to include necessary evaluations that assure supply chain security for IT products
International agreements
- Efforts for countries around the world to implement and enforce the International Ship and Port Facility Security Code (ISPS Code), an agreement of 148 countries that are members of the International Maritime Organization (IMO).
- The European Union and the Government of Canada entered into an Agreement on Customs Cooperation with Respect to Matters Related to Supply-Chain Security in March 2013.[1]
Supply chain cyber security
Supply chain cyber security is a subset of supply chain security which focuses on the digital aspects of the traditional supply chain as well as the supply chain for electronic and digital goods.[6]
See also
- Authorized economic operator
- Hardware Trojan
- Container Security Initiative
- Counterfeit consumer goods
- Counterfeit electronic components
- Customs Trade Partnership against Terrorism
- Global Trade Exchange
- James Giermanski
- Denise Krepp
- ISO 28000
- ISO 31000
- The Open Trusted Technology Provider Standard (ISO/IEC 20243)
- Package pilferage
- Package theft
- Security risk
- Supply-chain management
- Track and trace
- Trade facilitation
References
- Government of Canada, Agreement between Canada and the European Union on Customs Cooperation with Respect to Matters Related to Supply-Chain Security, signed 4 March 2013, accessed 18 August 2021
- P.N., Sindhuja (August 3, 2021). "The impact of information security initiatives on supply chain robustness and performance: an empirical study". Information & Computer Security. 29 (2): 365–391. doi:10.1108/ICS-07-2020-0128. ISSN 2056-4961.
- "Supply Chain Risk Management". www.dni.gov. Office of the Director of National Intelligence. Retrieved March 7, 2021.
- Zalud, Bill. "The Daily Challenges of Supply Chain Security". www.securitymagazine.com. Security Magazine. Retrieved March 7, 2021.
- Mayhew, C (2001), "The Detection and Prevention of Cargo Theft", Trends & Issues in Crime and Criminal Justice, retrieved January 25, 2023
- Hayden, Ernie. "How supply chain security has evolved over two decades". searchsecurity.techtarget.com. Tech Target. Retrieved March 7, 2021.
- Starks, Tim (February 24, 2021). "Biden signs executive order demanding supply chain security review". www.cyberscoop.com. CyberScoop. Retrieved March 7, 2021.
- "Operation Safe Commerce". Office of the Federal Register. Federal Register (Daily Journal of the United States Government). November 20, 2002. Retrieved July 17, 2016.
- Operation Safe Commerce passes Round 1, Inside Logistics, published 8 September 2004, accessed 28 July 2022
- BSI Group, Cargo theft and labor exploitation incidents increase risk to supply chains, published 21 October 2020, accessed 1 January 2021
- Council of the European Union, EU-US Summit: Joint statement, published 20 November 2010, accessed 23 December 2020
- U.S.-EU Transatlantic Economic Council, Joint Statement, 17 December 2010, accessed 23 December 2020
External links
- ICAO-WCO: Moving Air Cargo Globally - Air Cargo and Mail Secure Supply Chain and Facilitation Guidelines
- IMO FAQ on the ISPS Code
- MIT Project on Supply Chain Response to Terrorism
- Supply Chain Risk Management Maturity Model
- Stanford Global Supply Chain Management Forum
- Supply chain security: adding to a complex operational and institutional environment, A Grainger (2007)
- World Customs Journal: special issue on supply chain security
- Port and Maritime Security Online
- Chain of Perils: Hardening the Global Supply Chain and Strengthening America's Resilience
- ISO 28002 supply chain security and resilience
- CSA Cargo Security Information
- Global Supply Chain Security, James Giermanski, Scarecrow Press, 2012 - 218 Pages
- Implementing a Robust Supply Chain Security & Risk Management