How Supply Chain Managers Can Mitigate Cyber-Attack Risk

Air and ocean cargo shippers can also play a proactive role in the war against cyber crime and terrorism, says Suzanne Richer, Director, Trade Advisory Practice, Amber Road. At the same time, she says, logistics managers can protect themselves and their supply chains.

“Ensuring electronic data is accurate is critical to ensuring on time delivery,” says Richer. “You can't get anything in or out of a country without data.”

Richer notes that Customs and Border Protection (CBP) captures data on importers and exporters today that trigger a compliance or cargo security review. The information shared electronically through carriers, forwarders and customs brokers is electronically evaluated based on CBP's risk model, and anomalies may result in a shipper's air or ocean cargo being held.

“Our greatest security issues revolve around understanding that terrorism evolves and changes, and acts of future terrorism are undeterminable,” she says.

According to Richer, one of the difficulties in all cargo security programs is that government validations of a company's security program are infrequent – at a minimum once every three or four years.

“Most people let things go until the next validation. Thus the program becomes ineffective, unmanaged and not part of the key metrics of validation,” she says. Part of the issue regarding security is it has to be ongoing in nature.”

Richer maintains that shippers aggregate a number of programs at once, including role-playing. This will enable the entire shipping staff to identify and react to a cyber attack.

“For example, when reporting an incident a trained person will look at the time, where they are, document who was involved and what happened,” she says. “At the same time, importers, exporters and service providers must work to diligently to see that their programs are current and continuous.”

There are many cargo security programs that have collectively reduced the risk of terrorism occurring in the supply chain: C-TPAT, AEO, PIP, J-AEO, C-AEO – the list of acronyms is extensive, observes Richer.

“All these programs have effectively addressed improving transparency in the supply chain and reducing the risk of attack,” she says, “But the new world of cyber attacks adds to the complexity of remaining secure.”

SC
MR