Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Industrial Engineering
  3. Supply Chain Management

Corporate Response to Global Terrorism

advertisement 
Supply Chain Response to Global Terrorism:
A Situation Scan
Corporate Response
A Research Project Update to
ISCM Sponsors
by
The SC Response to GT Team
October 16, 2002
© MIT 2002 jrice@mit.edu
Outline
• Work done so far
• Security:
• Transports
• Information
• Infrastructure?
•
•
•
•
•
•
Resilience
Supply Chain strategies after 11/9
Public and private initiatives
Open Issues from Sheffi’s work
Next steps
Discussion
© MIT 2002
Work done so far
Literature review through more than 150 papers, articles and documents from
different sources. The most relevant are:
• Academic Journals:
• International Journal of Logistic Management, International Journal of Physical
Distribution & Logistics Management, The Journal of Supply Chain Management,
Harvard Business Review
• Industry Journals:
• Supply Chain Management Review, Journal of Commerce, World Trade, Traffic
World, Computerworld, Material Handling Management , Informationweek
• Newspapers and magazines:
• The Economist, Business Week, The NY Times, The Wall Street Journal, Observer
• Governmental agencies and committees:
• The President’s Critical Infrastructure Protection Board, D.o.T. Federal Transit
Administration
• Conferences:
• Forum on Intermodal Freight Transport, Federal Forecasters Conference
• Universities and research centers:
• Central Michigan University (for CLM), Carnegie Mellon University
• Consulting firms:
• The McKinsey Quarterly, Strategy+Business (Booz, Allen and Hamilton)
© MIT 2002
Security: The Transportation Issue
• Stricter controls at the borders:
• More work for Customs, and also longer clearance time, resulting
in delays and extra costs.
• Changes in supply and distribution patterns:
• E.g. Emery Worldwide reported a shift towards lower cost modes
of transportation to compensate the cost of security.
• Who is going to pay for it?
• The answer so far has been “make the user pay”…
• …but security is a national issue, shippers say, thus the government
should pick up the cost.
• Does the general public want to pay for security in form of a tax or
as part of the cost of goods?
• Advantages exist for major, well known carriers
• Carriers with both resources to provide higher security and good
reputation are better positioned in the market.
• E.g. Michelin and Unilever rely on established relationships with
carriers to ensure security in their imports.
© MIT 2002
Security in Transportation: the Technological Answer
The most common answer to security concerns so far
seems to be the use of technology.
Many applications developed to prevent people from
stealing goods from a container also can work to
prevent people from putting inside anything else:
• Supply chain software (e.g. asset management tools and
logistics portals)
• Can be tuned to accommodate security applications
• Radio frequency identification (RFID)
• Allows Automatic Equipment Identification, thus enhancing
visibility
• Electronic seals
• Allow full-time monitoring, in order to detect any attempt of
cargo tampering
© MIT 2002
Security in Transportation: the Technological Answer
• Security sensors
• Can monitor cargo and conveyance conditions (e.g. contraband
“sniffers”)
• Wide area communications and tracking
• Platform that can exploit condition sensors, transaction
confirmation tools and GPS-like geo-location information to
provide complete real-time monitoring
• Biometrics and smart cards
• Fingerprints, hand geometry, eye-retinal, eye-iris, facial
recognition, voice recognition and dynamic signature, combined
with smartcards, can increase security
…but the lack of standards limits their use!
© MIT 2002
Security: the Information Issue
• Already a major concern before 9/11…
Cyber Attacks (Informationweek 2001)
66%
viruses
15%
denial of service
unauthorized
network access
12%
8%
identity theft
7%
fraud
0%
10%
20%
30%
40%
50%
% of the 4500 companies surveyed
© MIT 2002
60%
70%
Information Security: National Priority
• …Today it’s a national priority
• 3,700 attacks reported in 1998*
• Expect more than 110,000 in 2002 at current rates
• The real dimension of the problem is still
underestimated
• Due to both the limited information available and the
difficulties in evaluating the cost that companies are
facing.
• The President’s Critical Infrastructure Protection
Board takes action
• Prepared The National Strategy to Secure Cyberspace.
* Per Carnegie Mellon University’s Computer Emergency Response Team’s Coordination Center
© MIT 2002
Information Security: New Vulnerabilities
• ….And new vulnerabilities include:
• Borderless networks: New vulnerabilities are created when
partners are granted access to the company network.
Collaborative solutions imply new threats.
• Mainframe computers: They received limited attention for
security so far, but their connection to the Internet expose
them to new risks.
• Instant messaging: This tool can bypass both firewalls and
anti-virus, thus creating breaches in the security apparatus.
• Insider threats: Approx. 70% of all cyber attacks are
believed to be perpetrated by trusted “insiders”, i.e.
authorized personnel with access to the information
system.
© MIT 2002
Information Security Tools
The National Strategy to Secure Cyberspace suggests a range of A.C.T.I.O.N.S.:
• Authentication:
• Processes, procedures and devices to ensure the identity of network users.
• Configuration management:
• Plan network architecture and manage hardware, software and responsibilities with
security in mind.
• Training:
• Train employees on information security practices and foster an enterprise security
culture.
• Incident response:
• Develop capabilities to respond to incidents, mitigating damages and recovering
systems.
• Organization network:
• Have security, IT, and risk management functions working together.
• Network management:
• Assess, remediate and monitor network vulnerabilities.
• Smart procurement:
• Ensure that security is embedded in the systems.
Not only hardware and software tools then, but a comprehensive approach to
information security.
© MIT 2002
Resilience: a New Issue?
• Resilience is the ability to bend and bounce back from hardship.
• As a personal characteristic, it has been studied for 40 years by psychologists
and psychoanalysts.
• Today, this word is widely used for companies:
• In this case, it refers to the ability of a company to react to an unexpected
disruption and restore its normal operations.
• A new concept or just a new word for flexibility, agility or
adaptability?
• Resilience refers to a major disruption in the firm’s facilities, infrastructure
or environment, due to factors that are external to market, economic or
technological dynamics.
• Examples:
• Morgan Stanley immediately evacuated the WTC on 9/11, losing “only” 7 of
its 2,700 employees, and continued business in its three pre-arranged
recovery-sites.
• UPS was delivering packages in southeast Florida just one day after
Hurricane Andrew, even to customers living in cars.
© MIT 2002
How can Resilience be acquired?
• Assessing current vulnerabilities and risks faced by the
company.
• From a supply chain perspective, i.e. considering customers, suppliers
and other partners.
• Developing or adapting contingency plans.
• In light of the magnitude of disruption that today is considered
possible.
• Building a continuity management infrastructure and training
people.
• The first ingredient for resilience is people, how they are organized
and trained, and clear responsibilities in case of emergency.
• Involving strategic partners.
• A supply chain is as strong only as its weakest link.
• How can resilience be measured?
• Is resilience something you can measure only after a disruption has
occurred?
• An indirect measure could be the extent to which your company is
prepared to face disruption.
© MIT 2002
Supply Chain Strategies after 9/11
• Bringing suppliers closer to the factory:
• Ford is building a supplier park near Chicago, to concentrate a
large number of its tier 1 and tier 2 suppliers.
• Alternative transportation modes as backup:
• Chrysler used expedited truck service to backup air freight for
parts from Virginia to Mexico immediately after 9/11.
• Continental Teves used existing contingency relationships with
carriers such as Emery to supplement air cargo delivery after
9/11.
• Pfizer built strong relationships with carriers to be able to
arrange fast ground transport in case the air system is shut down.
© MIT 2002
Supply Chain Strategies after 9/11
• Decentralized distribution:
• Abbott Labs is expanding its distribution of some products that
were previously concentrated, due to high value and handling
requirements.
• Automation in material handling:
• Hewlett Packard is increasing automation to increase both
efficiency and security
• Electronic seals and sensors on cargo:
• Dell is using smart seals on containers to indicate if they were
opened during transport.
• Wal-Mart adopted temperature monitors on trailers to ensure meat
safety.
• Corporate & Corporate-Government Alliances
© MIT 2002
Initiatives Currently in Place
• Customs (Department of the Treasury):
• Customs-Trade Partnership Against Terrorism (C-TPAT):
• Certified companies assume responsibility for cargo security and are
granted “fast lanes” at Customs.
• Container Security Initiative (CSI):
• Identify and pre-screen high-risk containers before they arrive in the U.S.,
exploiting the latest technologies.
• Automated Commercial Environment (ACE):
• Information technology system to process goods and merchandise
imported in the U.S.
• Business Anti-Smuggling Coalition (BASC):
• A business-led, U.S. Customs-supported alliance created to combat
narcotic smuggling via commercial trade.
• Carrier, Land Border Carrier and Super Carrier Initiatives:
• Anti-drug smuggling training to air, sea and land commercial
transportation companies.
• The Treasury Advisory Committee on the Commercial Operations of
the US Customs Service (COAC):
• Representatives of the trade industry at large, including importers, ports,
customhouse brokers, trade attorneys and carriers.
© MIT 2002
Initiatives Currently in Place
• Department of Transportation:
• Marine Transportation System National Advisory Council (MTSNAC):
• 30 senior-level representatives from transportation-related organizations.
• National Infrastructure Security Committee (NISC):
• Officials from the DoT and US Customs.
• Joint initiative of the Customs and the Coast Guard (DoT):
• Operation Safe Commerce:
• Tracking goods from the source to the destination in the U.S.
• Homeland Security
• Homeland Security Advisory Council:
• A group of 21 leaders from business, academia and state and local
government that advise the Bush administration.
• National Infrastructure Protection Center (NIPC):
• Representatives from U.S. federal, state, and local Government agencies, and
the private sector housed at FBI HQ, focused on protecting IT infrastructure.
• DoC – Technology Administration
• National Institute for Standards and Technology (NIST)
• Computer Security Division (CSD)
© MIT 2002
Initiatives Currently in Place
• Industry
• Smart and Secure Tradelanes (SST):
• A seaport operators driven initiative to deploy the Total Asset
Visibility (TAV) network (pioneered by the DoD), in order to
improve tracking and security of shipments.
• Strategic Council on Security Technology (SCST)
• Council of Security & Strategic Technology Organizations
(COSTO)
• Technology Asset Protection Association (TAPA)
• Business Executives for National Security (BENS)
• Advanced Medical Technology Association (AdvaMed)
• National Petrochemicals & Refiners Association (NPRA)
• American Chemistry Council (ACC)
• National Industrial Transportation League (NITL)
• …
© MIT 2002
Open Issues from Sheffi’s work
• Efficiency Vs. Redundancy:
• Evidence so far shows that efficiency is sacrificed only when the risk is
very high.
• Many claim for improving both efficiency and security, but solutions
are still lacking.
• Collaboration Vs. Secrecy:
• Evidence so far shows an increase in collaboration aimed at improving
security, within both the private and the public sectors.
• Higher attention is given to choosing and monitoring partners, since
they can introduce vulnerabilities.
• Centralization Vs. Dispersion:
• Evidence so far does not show clear patterns.
• The decision driver is the risk perceived (i.e. whether vulnerability is
linked more to facilities or to transportation).
© MIT 2002
Open Issues from Sheffi’s work
• Lowest Bidder Vs. Known Supplier:
• Evidence so far shows a shift towards the second.
• The cost of security, in terms of both risk and prevention, often
outbalances the savings offered by the lowest bidder.
• Security Vs. Privacy:
• Evidence seems to show a general shift of attention towards
security, even if privacy is at a stake.
• The issue needs to be managed at regulatory level, anyway the
trend today is towards allowing higher freedom to public agencies,
while private subjects are still limited.
© MIT 2002
Next Steps
• Situation scan through phone interviews
• The goal is identifying leading practices and
spotting out new approaches.
• Approx. 20 leading companies.
• In depth analysis of interesting cases
• The goal is obtaining a detailed picture of strategic
and operational rationale behind advanced security
strategies
• A few case studies
© MIT 2002
Discussion
• What compromises has your company made to
increase security?
• Who is in charge of security within your
organization?
• What are you doing to assess the vulnerability of
your supply chain?
• Is your company resilient? How do you measure it?
• Is your company participating in any public or
private security initiative? In which way?
© MIT 2002
Suggested References
• Sheffi, Y. (2001), “Supply Chain Management under the
Threat of International Terrorism”, The International Journal
of Logistics Management, Vol. 12, No. 12, pp. 1-11.
• Martha, J., Subbakrishna, S. (2002), “Targeting a just-in-case
Supply Chain for the Inevitable Next Disaster”, Supply Chain
Management Review, September/October, pp. 18-23.
• Coutu D.L. (2002), “How Resilience Works”, Harvard
Business Review, May.
• Andel. T. (2002), “The new world of global distribution”,
Material Handling Management, Vol. 57, No. 1, pp. 24-26.
• Hulme, G.V. (2001), “Management takes notice”,
Informationweek, September 3, pp. 28-34.
• Hulme, G.V. (2002), “In Lockstep On Security”,
Informationweek, March 18, pp. 38-52.
© MIT 2002
Related documents
MIT`s Training Delivery Guide
MIT`s Training Delivery Guide
Abstract
Abstract
MIT_EmailTemplate_HackshopCompanies
MIT_EmailTemplate_HackshopCompanies
MIT Ed Tech Retreat
MIT Ed Tech Retreat
Coping in Difficult Circumstances---Some Ideas
Coping in Difficult Circumstances---Some Ideas
At a time of change and challenges, leadership becomes an
At a time of change and challenges, leadership becomes an
View judge bios
View judge bios
Download
advertisement