Long supply chains and inadequate or nonexistent product evaluation before deployment make companies vulnerable to a wide variety of insecurities. These problems can be exploited by others during design, production, delivery and post-installation servicing, according to Brookings scholar Darrell West, who wrote a white paper outlining Twelve Ways to Build Trust in the ICT Global Supply Chain.
Procurement, transportation and management come with many risks associated with everything from raw materials and natural disasters to market forces, national laws, and political conflict. West says problems in one area can cascade elsewhere and magnify risks dramatically for the system as a whole.
In this paper, West discusses twelve ways to build trust in the global supply chain through Information and Communications Technology (ICT). With the assistance of a group of experts brought together at the Brookings Institution in February, 2013 plus follow-up interviews, he explores the operational threats and technological vulnerabilities companies face, and makes recommendations to identify best practices, standards, and third-party assessment for supply chain assurance.
West argues that vulnerabilities in the supply chain and product development can facilitate a myriad of attack and exploitation techniques. He suggests that developing agreed-upon standards, using independent evaluators, setting up systems for certification and accreditation and having trusted delivery systems will build confidence in the global supply chain as well as the public and private sector networks that sustain them.
Specifically, West recommends the following policy solutions:
- Recognize that most of the supply chain is owned by businesses and solutions require public-private partnerships;
- Use labeling and tracking chips to improve metrics;
- Deploy identity verification systems;
- Rely upon independent assessments;
- Develop integrated management tools;
- Improve information sharing;
- Safeguard software;
- Develop standards to improve performance;
- Certify promising procedures and processes;
- Accredit strong performers;
- Conduct audits to identify special problems; and
- Distinguish low, moderate, and high risk problems and devise remedies appropriate for those threat levels.