I spoke on Supply Chain Risk Management at an aerospace defense industry conference this week. While my fellow panelists focused on component and pen testing, I focused on the use of business intelligence (BI) to secure the supply chain. The audience included technical managers, business developers for cloud services for manufacturing companies, and other business managers. The business people were curious about how predictive analytics based on available open source information could help with SCRM.
A cloud service provider understood the use of BI immediately, and asked how to work with customers when they inquire about his company’s cybersecurity practices and how their data is protected. Of course, they already have practices in place to protect any data loss across their entire customer base. As always, my response is ‘once you’ve put the basics in place for your business as a cloud service, once your customers can define, to themselves, where they are additionally vulnerable, only then can you have a response. Until then, it will be difficult to have a panacea for the marketplace. There is no one-size-fits-all when it comes to cybersecurity.’ That seemed to provide him some solace.
Others in the audience were curious about future requirements from the US Federal Government as to the use of BI. I advised them it was coming: ‘The US Federal Government is taking an increased interest in due diligence within its supply chain. Knowing the provenance of the commercial products they’re buying has become a major initiative within certain agencies.’
The remaining audience questions were centered around data collection and analytics. I stressed that the BI can never be the ONLY supply chain risk mitigation action any organization takes. Instead it serves as a complement to other efforts and should help an organization focus where it spends its money on mitigations.