220 likes | 609 Views
Supply Chain Response to Global Terrorism: A Situation Scan Corporate Response A Research Project Update to ISCM Sponsors by The SC Response to GT Team October 16, 2002 Outline Work done so far Security: Transports Information Infrastructure? Resilience
E N D
Supply Chain Response to Global Terrorism: A Situation ScanCorporate Response A Research Project Update to ISCM Sponsors by The SC Response to GT Team October 16, 2002
Outline • Work done so far • Security: • Transports • Information • Infrastructure? • Resilience • Supply Chain strategies after 11/9 • Public and private initiatives • Open Issues from Sheffi’s work • Next steps • Discussion
Work done so far Literature review through more than 150 papers, articles and documents from different sources. The most relevant are: • Academic Journals: • International Journal of Logistic Management, International Journal of Physical Distribution & Logistics Management, The Journal of Supply Chain Management, Harvard Business Review • Industry Journals: • Supply Chain Management Review, Journal of Commerce, World Trade, Traffic World, Computerworld, Material Handling Management , Informationweek • Newspapers and magazines: • The Economist, Business Week, The NY Times, The Wall Street Journal, Observer • Governmental agencies and committees: • The President’s Critical Infrastructure Protection Board, D.o.T. Federal Transit Administration • Conferences: • Forum on Intermodal Freight Transport, Federal Forecasters Conference • Universities and research centers: • Central Michigan University (for CLM), Carnegie Mellon University • Consulting firms: • The McKinsey Quarterly, Strategy+Business (Booz, Allen and Hamilton)
Security: The Transportation Issue • Stricter controls at the borders: • More work for Customs, and also longer clearance time, resulting in delays and extra costs. • Changes in supply and distribution patterns: • E.g. Emery Worldwide reported a shift towards lower cost modes of transportation to compensate the cost of security. • Who is going to pay for it? • The answer so far has been “make the user pay”… • …but security is a national issue, shippers say, thus the government should pick up the cost. • Does the general public want to pay for security in form of a tax or as part of the cost of goods? • Advantages exist for major, well known carriers • Carriers with both resources to provide higher security and good reputation are better positioned in the market. • E.g. Michelin and Unilever rely on established relationships with carriers to ensure security in their imports.
Security in Transportation: the Technological Answer The most common answer to security concerns so far seems to be the use of technology. Many applications developed to prevent people from stealing goods from a container also can work to prevent people from putting inside anything else: • Supply chain software (e.g. asset management tools and logistics portals) • Can be tuned to accommodate security applications • Radio frequency identification (RFID) • Allows Automatic Equipment Identification, thus enhancing visibility • Electronic seals • Allow full-time monitoring, in order to detect any attempt of cargo tampering
Security in Transportation: the Technological Answer • Security sensors • Can monitor cargo and conveyance conditions (e.g. contraband “sniffers”) • Wide area communications and tracking • Platform that can exploit condition sensors, transaction confirmation tools and GPS-like geo-location information to provide complete real-time monitoring • Biometrics and smart cards • Fingerprints, hand geometry, eye-retinal, eye-iris, facial recognition, voice recognition and dynamic signature, combined with smartcards, can increase security …but the lack of standards limits their use!
Security: the Information Issue • Already a major concern before 9/11…
Information Security: National Priority • …Today it’s a national priority • 3,700 attacks reported in 1998* • Expect more than 110,000 in 2002 at current rates • The real dimension of the problem is still underestimated • Due to both the limited information available and the difficulties in evaluating the cost that companies are facing. • The President’s Critical Infrastructure Protection Board takes action • Prepared The National Strategy to Secure Cyberspace. * Per Carnegie Mellon University’s Computer Emergency Response Team’s Coordination Center
Information Security: New Vulnerabilities • ….And new vulnerabilities include: • Borderless networks: New vulnerabilities are created when partners are granted access to the company network. Collaborative solutions imply new threats. • Mainframe computers: They received limited attention for security so far, but their connection to the Internet expose them to new risks. • Instant messaging: This tool can bypass both firewalls and anti-virus, thus creating breaches in the security apparatus. • Insider threats: Approx. 70% of all cyber attacks are believed to be perpetrated by trusted “insiders”, i.e. authorized personnel with access to the information system.
Information Security Tools The National Strategy to Secure Cyberspace suggests a range of A.C.T.I.O.N.S.: • Authentication: • Processes, procedures and devices to ensure the identity of network users. • Configuration management: • Plan network architecture and manage hardware, software and responsibilities with security in mind. • Training: • Train employees on information security practices and foster an enterprise security culture. • Incident response: • Develop capabilities to respond to incidents, mitigating damages and recovering systems. • Organization network: • Have security, IT, and risk management functions working together. • Network management: • Assess, remediate and monitor network vulnerabilities. • Smart procurement: • Ensure that security is embedded in the systems. Not only hardware and software tools then, but a comprehensive approach to information security.
Resilience: a New Issue? • Resilience is the ability to bend and bounce back from hardship. • As a personal characteristic, it has been studied for 40 years by psychologists and psychoanalysts. • Today, this word is widely used for companies: • In this case, it refers to the ability of a company to react to an unexpected disruption and restore its normal operations. • A new concept or just a new word for flexibility, agility or adaptability? • Resilience refers to a major disruption in the firm’s facilities, infrastructure or environment, due to factors that are external to market, economic or technological dynamics. • Examples: • Morgan Stanley immediately evacuated the WTC on 9/11, losing “only” 7 of its 2,700 employees, and continued business in its three pre-arranged recovery-sites. • UPS was delivering packages in southeast Florida just one day after Hurricane Andrew, even to customers living in cars.
How can Resilience be acquired? • Assessing current vulnerabilities and risks faced by the company. • From a supply chain perspective, i.e. considering customers, suppliers and other partners. • Developing or adapting contingency plans. • In light of the magnitude of disruption that today is considered possible. • Building a continuity management infrastructure and training people. • The first ingredient for resilience is people, how they are organized and trained, and clear responsibilities in case of emergency. • Involving strategic partners. • A supply chain is as strong only as its weakest link. • How can resilience be measured? • Is resilience something you can measure only after a disruption has occurred? • An indirect measure could be the extent to which your company is prepared to face disruption.
Supply Chain Strategies after 9/11 • Bringing suppliers closer to the factory: • Ford is building a supplier park near Chicago, to concentrate a large number of its tier 1 and tier 2 suppliers. • Alternative transportation modes as backup: • Chrysler used expedited truck service to backup air freight for parts from Virginia to Mexico immediately after 9/11. • Continental Teves used existing contingency relationships with carriers such as Emery to supplement air cargo delivery after 9/11. • Pfizer built strong relationships with carriers to be able to arrange fast ground transport in case the air system is shut down.
Supply Chain Strategies after 9/11 • Decentralized distribution: • Abbott Labs is expanding its distribution of some products that were previously concentrated, due to high value and handling requirements. • Automation in material handling: • Hewlett Packard is increasing automation to increase both efficiency and security • Electronic seals and sensors on cargo: • Dell is using smart seals on containers to indicate if they were opened during transport. • Wal-Mart adopted temperature monitors on trailers to ensure meat safety. • Corporate & Corporate-Government Alliances
Initiatives Currently in Place • Customs (Department of the Treasury): • Customs-Trade Partnership Against Terrorism (C-TPAT): • Certified companies assume responsibility for cargo security and are granted “fast lanes” at Customs. • Container Security Initiative (CSI): • Identify and pre-screen high-risk containers before they arrive in the U.S., exploiting the latest technologies. • Automated Commercial Environment (ACE): • Information technology system to process goods and merchandise imported in the U.S. • Business Anti-Smuggling Coalition (BASC): • A business-led, U.S. Customs-supported alliance created to combat narcotic smuggling via commercial trade. • Carrier, Land Border Carrier and Super Carrier Initiatives: • Anti-drug smuggling training to air, sea and land commercial transportation companies. • The Treasury Advisory Committee on the Commercial Operations of the US Customs Service (COAC): • Representatives of the trade industry at large, including importers, ports, customhouse brokers, trade attorneys and carriers.
Initiatives Currently in Place • Department of Transportation: • Marine Transportation System National Advisory Council (MTSNAC): • 30 senior-level representatives from transportation-related organizations. • National Infrastructure Security Committee (NISC): • Officials from the DoT and US Customs. • Joint initiative of the Customs and the Coast Guard (DoT): • Operation Safe Commerce: • Tracking goods from the source to the destination in the U.S. • Homeland Security • Homeland Security Advisory Council: • A group of 21 leaders from business, academia and state and local government that advise the Bush administration. • National Infrastructure Protection Center (NIPC): • Representatives from U.S. federal, state, and local Government agencies, and the private sector housed at FBI HQ, focused on protecting IT infrastructure. • DoC – Technology Administration • National Institute for Standards and Technology (NIST) • Computer Security Division (CSD)
Initiatives Currently in Place • Industry • Smart and Secure Tradelanes (SST): • A seaport operators driven initiative to deploy the Total Asset Visibility (TAV) network (pioneered by the DoD), in order to improve tracking and security of shipments. • Strategic Council on Security Technology (SCST) • Council of Security & Strategic Technology Organizations (COSTO) • Technology Asset Protection Association (TAPA) • Business Executives for National Security (BENS) • Advanced Medical Technology Association (AdvaMed) • National Petrochemicals & Refiners Association (NPRA) • American Chemistry Council (ACC) • National Industrial Transportation League (NITL) • …
Open Issues from Sheffi’s work • Efficiency Vs. Redundancy: • Evidence so far shows that efficiency is sacrificed only when the risk is very high. • Many claim for improving both efficiency and security, but solutions are still lacking. • Collaboration Vs. Secrecy: • Evidence so far shows an increase in collaboration aimed at improving security, within both the private and the public sectors. • Higher attention is given to choosing and monitoring partners, since they can introduce vulnerabilities. • Centralization Vs. Dispersion: • Evidence so far does not show clear patterns. • The decision driver is the risk perceived (i.e. whether vulnerability is linked more to facilities or to transportation).
Open Issues from Sheffi’s work • Lowest Bidder Vs. Known Supplier: • Evidence so far shows a shift towards the second. • The cost of security, in terms of both risk and prevention, often outbalances the savings offered by the lowest bidder. • Security Vs. Privacy: • Evidence seems to show a general shift of attention towards security, even if privacy is at a stake. • The issue needs to be managed at regulatory level, anyway the trend today is towards allowing higher freedom to public agencies, while private subjects are still limited.
Next Steps • Situation scan through phone interviews • The goal is identifying leading practices and spotting out new approaches. • Approx. 20 leading companies. • In depth analysis of interesting cases • The goal is obtaining a detailed picture of strategic and operational rationale behind advanced security strategies • A few case studies
Discussion • What compromises has your company made to increase security? • Who is in charge of security within your organization? • What are you doing to assess the vulnerability of your supply chain? • Is your company resilient? How do you measure it? • Is your company participating in any public or private security initiative? In which way?
Suggested References • Sheffi, Y. (2001), “Supply Chain Management under the Threat of International Terrorism”, The International Journal of Logistics Management, Vol. 12, No. 12, pp. 1-11. • Martha, J., Subbakrishna, S. (2002), “Targeting a just-in-case Supply Chain for the Inevitable Next Disaster”, Supply Chain Management Review, September/October, pp. 18-23. • Coutu D.L. (2002), “How Resilience Works”, Harvard Business Review, May. • Andel. T. (2002), “The new world of global distribution”, Material Handling Management, Vol. 57, No. 1, pp. 24-26. • Hulme, G.V. (2001), “Management takes notice”, Informationweek, September 3, pp. 28-34. • Hulme, G.V. (2002), “In Lockstep On Security”, Informationweek, March 18, pp. 38-52.