Stepping up Security: An Interview with James Williams
-- Supply Chain Management Review, 11/1/2008
Risk management and supply chain security have always been a concern for supply chain managers. Even before the concept of “supply chain management” had its name, corporate leaders worried about natural disasters, accidents or labor problems bringing their operations to a grinding halt.
Today, the potential for supply chain disruption is higher than ever. From threats of terrorist attacks to thieves stalking vulnerable shipping lanes, today's supply chain manager must run a proverbial, and sometimes literal, tight ship to prevent security weaknesses from damaging company profits and reputation.
No one knows this better than Retired Lt. General James Williams. A graduate of the U.S. Military Academy at West Point, Williams has served in multiple security-related capacities. He was the Deputy Assistant Chief of Staff for Intelligence in the Department of the Army and Deputy Chief of Staff for Intelligence for U.S. Army Europe. He also spent more than ten years in the Defense Intelligence Agency (DIA), which culminated with four years as that agency's director. Williams is a distinguished member of the Military Intelligence Hall of Fame and the Military Attaché Hall of Fame, and has been awarded the National Intelligence Distinguished Service Medal and French Legion of Honor among other honors. Until recently, Williams was president of Direct Information Access Corporation, a research and investigative company specializing in patent infringement, intellectual property theft, litigation support, and mergers and acquisitions.
Today, the retired general is an advisor to the MIKOH Corporation, a company that provides supply chain-related security technology and consulting services. He recently spoke to Supply Chain Management Review Associate Editor Sean Murphy on what supply chain managers need to focus on the most when it comes to security risk management.
Q: Everybody's worried about risk, everybody's worried about security, whether it's intellectual property or other issues. Are some industries more at risk than others?
A: Pharmaceuticals would be one. Because of the amount of money they spend on research and development, they have to protect their information to the utmost degree. If a patent or basic research gets away from them, they've wasted all that money, they've lost their investment. I also think that various parts of the electronic industry, including computers and IT, are at risk because those things develop so quickly. Before you can bring products to market your competitor has passed you, especially if he has been able to siphon off some of your expertise or some of your thinking. Those two industries, I think, are key. In the defense industry, communications move so quickly, people are always trying to find an edge so they can provide better communications, smaller, lighter. As you're moving ideas around or as you're moving samples around, you want to protect them.
Q:
Does the size of the corporation or the size of the supply chain matter when you're assessing risk?
A: Maybe in the pharmaceutical industry, but in so many of these other industries the bright ideas come out of small companies, which makes them equally vulnerable. Sometimes those small firms don't pay a lot of attention to the refinements of security. They'll pay lip service to it and maybe put some rudimentary security in place, but they fail to understand what the overall threat might be.
Q: Ok, and you're talking about international supply chains in addition to domestic?
A: Certainly.
Q:Particularly in regard to international transportation, does the mode of transportation change risk? Are any particular modes more at risk than others?
Click Play to listen to General Williams talk about tracking shipments.
A: Not specifically. But I would suggest that if you're going to ship a container, you want to secure it at the time it leaves your facility and you want to know that it's secure until it reaches its destination, your consumer. I don't care whether it goes on a rail car and is trans-shipped to an airplane or to a ship, you want to make sure you know that if anybody tampered with it—where it was, what happened, the time—you have as much information as you can so the subsequent investigation is easier. Now, with international shipments—especially in the time of Homeland Security, where we're putting customs agents in foreign ports to open a small percentage of the containers and make sure what's in them—if you can guarantee when the container is put on the dock or at the manufacturer's point of origin, that it's not opened until it reaches its destination, that takes a tremendous burden off the security people.
Q:
That leads into my next question. Where are the most critical vulnerability points in the typical global supply chain?
Click Play to listen to Gen. Williams talk about vulnerability points.
A: I always look at trans-shipment points. You hear stories in this country about groups along the border boarding railroad trains and throwing stuff off. But any time you have a trans-shipment point where a container, whether it be big or small, has to move from one mode to another there's an opportunity for someone to steal. My experience in that goes back to World War II when I was a young man in New Jersey. You could see stuff disappearing off the docks every day.
Q: In North America, do you think the corporate community in general is taking security seriously, and taking supply chain risks seriously?
A: In general, no. There are some industries that have recognized their losses—and their losses are huge, so they've taken some steps. I'm not familiar enough to make a definitive statement in general, but I get very uneasy about whether or not they have taken the steps, or whether they write off the losses against profit and loss and charge it to the consumer.
Q:
How can technology, and RFID in particular, enhance supply chain security?
A: RFID is very valuable because you can not only apply it to individual pieces of equipment, you can furnish it to containers. One example that comes to mind is an agreement that MIKOH has with Pelican Terminal Corp. to secure containers so that documents or electronics or anything put in a Pelican case is pretty much guaranteed to be secure because it's sealed. If it's broken, you know the time, the date, and therefore you can probably check back to where it was at the time. You can check large containers and MIKOH has an agreement now with the National Security Agency regarding a technology for larger shipments. It's taken a long time, but I believe the addition of RFID in conjunction with other technologies is finally being accepted.
Q:Beyond RFID, what other kinds of emerging technologies do you see that are particularly effective in minimizing supply chain risk?
Click Play to hear Gen. Williams talk about emerging technology.
A: Any technology that improves supply chain management—but you've got to do it as a system. You can't just keep adding individual pieces of technology to your process and hope that's going to be adequate. One of the things that I was very impressed with—and I have some firsthand information on this—is the addition of a system involving RFID to inventory control in a warehouse. It used to be the individual with a clipboard strolling down the aisle with his pen checking off pallets, not knowing what was in them or exactly how many there were. But now by doing this electronically you have a better idea of where your inventory is, how complete it is, and how secure it is as well. I love that idea.
Q: Beyond technology, what other initiatives would improve security? What about the addition of personnel?
A: Well, you come to a point where you just don't add any more manpower to it because they get in each other's way. You have to give people the tools to be effective, and manufacturers and shippers appreciate that. The more we can do electronically, rather than by manual labor, then you can do it faster, you can accomplish more in an eight-hour shift than you ever could by doing it all manually.
Q: Can you cite one or two important steps that shippers can take today to enhance their security and protect against risk?
A: I would want to make sure that before you ship anything you have a really accurate inventory of what is being shipped, and that you put it in containers which can be identified, whether it be by symbols, bar code, RFID or some other way. In addition, the container should be sealed to the satisfaction both of the shipper and the customer, that it wasn't opened en route.
Q: Your military and defense experience is extensive. What practices on the government side of the supply chain could be effectively applied in the public sector?
A: For one thing, the shipment of classified equipment, the shipment of high-value cargo is protected to a much higher degree by the government than it is outside the government, The controls sometimes involve just two men, for example, but they are coming more and more to involve electronic inventory, tamper-proof seals with RFID, a hardened container. All of this is put into a package designed specifically for the kinds of shipments moved by that particular agency.
Q:A lot of corporations are trying to cut costs by outsourcing, by using 3PLs. What sorts of supply chain risks do you see inherent in that practice?
Click Play to listen to Gen. Williams talk about third-party sourcing.
A: As with anything, you risk losing control by giving it to somebody else unless you have vetted that outsource thoroughly as to its honesty, its technological capability, and the capabilities of its people. Across the board, you're going to see the good, the bad and the indifferent. So my only warning would be make sure of the honesty of the company with which you're dealing and to which you've outsourced. It's sort of like the security business that we've been reading about with the government in Iraq. They let out billions of dollars in contracts and in some cases they got good service and in some cases they didn't. I'm not sure that, in the bad cases, they did a good job of vetting the outsource.
Q: Companies are outsourcing all the time to many other nations—some smaller nations, as well as large ones like China and India. How do you think the governments are treating security in those countries?
A: I wouldn't depend upon the government of any country to completely ensure your security. Now, in the U.S., the basis of our whole system is entrepreneurship. Entrepreneurship involves figuring out how you're going to run your company, how you're going to make money, how you're going to deliver a product. The whole theory was that you weren't going to rely on government to do that. At Direct Information Access Corporation, we used to do some risk analysis overseas, and that included the quality of the workforce, the technological capability, and the honesty of security. Companies that want to relocate overseas to take advantage of lower costs had better take all of those things into consideration before they make their move.
Q: Obviously, you're an advocate of making sure security is tight, that risk is properly assessed. The immediate benefits to this are obvious, but are there other benefits that might be overlooked or underestimated?
A: Well, if you tighten security, you won't have as many losses. Therefore your bottom line is going to increase, maybe only a little, maybe a lot, depending upon the nature of your loss. You can gain marketing capital by the fact that you have lowered your costs but you can deliver rapidly. You can deliver what you say you're going to deliver in the quantities that you guarantee, because you're not going to suffer losses. So there are public relations as well as practical bottom-line aspects.
Q:What's most important for a supply chain manager to remember when it comes to security and risk management today?
Click Play to hear Gen. Williams' final thoughts on risk.
A: First, they should sit down and ask themselves, “In the supply chain that I operate, what weak points leap out to me, the manager?” Without expending a lot of money to have some investigators go out and look at it, before I do that, I want to say, if I were to look at this from the other side, and I would like to siphon off my product, what do I see as the points of vulnerability? Because it's not rocket science. Wherever there's a vulnerability, somebody's going to try and penetrate you—even if it's only to throw cartons off a railroad car, or to take inventory off of a pallet as it goes on a ship bound for overseas. If you yourself can identify those weak spots, other people are going to be after you. Then you can start taking action.
View All On-Demand Webcasts
