You’ve probably read your fill about the wonders of supply chain information technologies as empowered by cloud platforms and data and device mobility. You may even have employees who use their own i-phones for business applications—a phenomenon that now has its own acronym: BYOD, for bring your own device. These trends have one problem associated with them: security vulnerability. According to a new study from PwC, detected security incidents have increased dramatically among the businesses whose executives they surveyed recently—9,600 of them. Much of the problem is tied to the fact that those technologies and policies are often deployed before being secured.
Another problem is, although these executives know this is a potential problem, they are hesitant to share security intelligence with others in their industry, fearful it would put them at a competitive disadvantage. PwC says that by not sharing security intelligence to deal with security breaches in a collective way, companies deprive themselves of a powerful offensive tool against targeted, dynamic attacks.
PwC’s report, The Global State of Information Security Survey 2014, does indicate, however, that executives in the global industrial products industry are in the process of funding enhanced security activities and have substantially improved their own technology safeguards, processes, and strategies.
They’re apparently driven by the fact that loss or damage of internal records almost doubled over 2012. The report states it’s the people you know who are most likely to be the problem. They include current and former employees, as well as other insiders. But the researchers also conclude that manufacturers must ensure that suppliers, partners, and other third parties know—and adhere to—security practices.
I had this report in mind when I interviewed Rick Green the other day. He’s senior business analyst for Sypris Electronics, a subsidiary of Sypris Solutions, providers of electronics, manufacturing and engineering services for government agencies, the U.S. Department of Defense, the avionics and aerospace community, and defense prime contractors. His organization is in the midst of integrating a manufacturing execution system (MES) with its Enterprise Resource Planning system (Infor’s LN). He said one of the security issues his organization is most sensitive to is keeping counterfeit components out of its supply chain. In their high-reliability business, Sypris must be able to track and account for materials and costs at every step in order to meet customer compliance demands.
“Some of the distributors we buy from will source from different countries and there are challenges there,” he said. “One of the things that has come up in the last couple years has been fake material. We have to be constantly vigilant for that and make sure it doesn’t go into our product. The government isn’t too patient with that kind of thing. If a counterfeit material goes into your product they come back at you pretty hard. That’s why we do a great deal of inspection of products coming in the back door. We have certification and our suppliers write certifications as well.”
This is an important aspect of security and it must be part of the manufacturing process. Product is put through conformance tests at various points and if it fails it must go back to diagnostics so this supplier can find out why. It then goes through repair and is moved back into the production stream. All of this has to be documented and tracked so Sypris can account for what was corrected and why.
Integrating its MES with the ERP will add to Sypris’s level of security.
“The challenge for IT is when you have a lot of systems not talking to each other,” Green added. “With our manufacturing execution system we’re better able to track things on the plant floor and we have better information for people on the floor to deal with. They can spot non conformances and see where things are.”
Green’s next challenge will be tying the intelligence from their MES into the same data stream as his company’s engineering system and rolling out their new Microsoft project server. Sypris is not only a manufacturer but it takes on many design engineering projects for clients, as well. He believes this will improve his company’s handle on conformance issues.
And for a company like Sypris, which sells to government agencies, quality conformance is a security issue— not only for itself and its customers, but for all of us who fund those agencies through our taxes.