Companies today face potential attacks from a variety of sources: computer hackers with destructive or disruptive viruses, thieves who want your product, smugglers who want to use your supply chain to slip contraband past inspectors officials, and terrorists who may want to use your supply chain to smuggle in weapons or materials to be used in an attack — or even use your supply chain itself as an instrument of attack.
The terrorist attacks in Madrid, Spain, have sparked renewed interest in examining security readiness at many venues in Europe and the U.S. You should be doing the same with your supply chain.
In Secrets and Lies (John Wiley & Sons, 2004), a book on data security, Bruce Schneier observes, “Understanding the objectives of likely attackers is the first step toward figuring out what countermeasures are going to be effective.” That’s a very basic premise in operations security as well.
You mount different efforts to protect proprietary or sensitive data from falling into the hands of competitors than you do to protect your data systems from intrusion. Yet, the protective measures are often similar or overlap in providing a benefit to both efforts.
Protecting data can also help the physical security of your product. Knowing when, where and how high-value shipments will move is a key piece of information for thieves and hijackers. It’s also important for smugglers or terrorists who want to take advantage of the efficiency of your supply chain to move their contraband.
Physical controls and security steps taken to comply with the Customs-Trade Partnership Against Terrorism (C-TPAT) can also help reduce losses from theft.
The term in current use is “custody chain.” It applies to process: information security, physical assets — plant and vehicle security, employees. It applies equally to both human security and supply chain security (the latter covering material and component suppliers, employee and supplier security). C-TPAT recognizes you are in the best position to examine and identify vulnerabilities along your supply chain and to plug those gaps. That’s one reason it’s not prescriptive — it doesn’t tell you how to put in effective security.
Self assessment does have its limits, but it’s a good place to start. In addition to identifying areas that require attention, a thorough security self assessment should help identify the areas where you will require additional expertise in analyzing and addressing risks.
Logistics Today is cooperating with Iowa State University to conduct a survey of security management that will provide a general view of where logistics professionals need to focus their attention by collecting more detailed, anonymous data on what individual companies are doing to address security vulnerabilities. Participating in the study has an added benefit of providing a convenient checklist to assess your own security. You can use that information to benchmark against the general findings when they are released.
Security is a sensitive issue, but you can help the logistics profession respond to the need to reduce our vulnerability by completing the survey at: www.logisticstoday.com/ securitymgt.asp.
Perry A. Trunick