Resilience 2023: Explore our Annual Supply Chain report today.  

Filter by Categories
Interview
News
Filter by Tags
survey
Filter by Resources Categories
Report
White Papers

Month: October 2019

Beef Grief: Taco Bell Recall Leaves Customers Pining for Meat

Posted on by Harris Allgeier

Photo by sarayut from Getty Images Pro

Where’s the beef?! Not at many taco bell locations in the Midwest, northeast, and southeast United States. The Mexican fast food giant has had to recall a staggering 2.3 million pounds of seasoned ground beef from restaurant and distribution centers. The reason for the recall? Ground metal shavings appearing in tacos and burritos, according to the Department of Agriculture.

Um. Ouch.

The beef was traced back to a single producer, Ohio-based company Kenosha Beef, which recalled a “underdetermined amount of seasoned beef products” produced between late September and early October. The beef had been sent to distribution centers in Michigan, New Jersey, New York, Ohio and Virginia.

Total Recall

The recall was prompted by three customer complaints and the food chain has discarded the beef used by all the restaurants that received it. According to the USDA, there have been no reports of injury or illness stemming from Taco Bell beef consumption.

“Nothing is more important than our customers’ safety, and nothing means more to us than their trust,” said Julie Masino, North American president for Taco Bell. “As soon as we received the first consumer complaint, we immediately acted to remove the product from the affected restaurants and proactively worked with the supplier to inform the USDA of our steps to protect our guests.”

Chain Chain Chain…Chain of Beef?

The beef recall isn’t Taco Bell’s first brush with supply chain issues: just this year the company found itself running short of tortillas due to a supplier issue, temporarily denying customers the pleasure of a Crunchwrap Supreme (the undisputed best item on Taco Bell’s menu). Both these challenges illustrate the complex nature of supply chains and the potential pitfalls of relying on a single supply source. Had Taco Bell identified contingency suppliers for the regions reliant on Kenosha beef, they may have been able to mitigate the ensuing disruption to consumers.

How to become “Recall Ready”

Preparedness for a food recall begins with understanding your supply chain. For example, Taco Bell definitively knows who’s providing them with beef, but what about the companies and individual farms behind companies like Kenosha Beef? Knowing of a labor or manufacturing issue that affects a sub-tier supplier, could help companies like Taco Bell proactively address issues before they impact consumers. You should also:

  • Create a recall plan of action in advance, one that specifies contingencies, and helps logistics partners understand their responsibilities in the eventuality a recall occurs
  • Create a preemptive strategy for recalled product disposal. Where are you putting it and whose responsibility is it?

Recall-preparedness also means understanding supplier concentration/resiliency, i.e. how dependent your businesses is on a single vendor, and how resilient that vendor is to things like natural disasters, machinery failures, labor issues, and so on.

But how?

A total supply chain monitoring solution that contextually evaluates and scores the health of your supply chain AND updates those scores in near-real time while notifying you of disruptive events would fit the bill. Which is a huge coincidence because we just so happen to have one of those.

Interos, the world’s leading (and only) AI-powered supply chain risk management platform. Check out the rest of our site to learn more.

5G presents opportunity and risk for American businesses and federal agencies

Posted on by Harris Allgeier

Photo by sarayut from Getty Images Pro

As the long-awaited 5G standard makes its commercial rollout across the country, businesses, and federal agencies are reckoning with matching security, legal, and supply chain concerns. While 5G will ultimately bring significantly faster speeds, it will also exponentially increase avenues for cyber-attack and fuel supply chain concerns. This isn’t just due to faster speeds or the typical unknowns associated with new technology, there’s also significant concern over China’s central role in developing the new network standard.

But why is the world rushing pell-mell into the eye of the 5G storm? What benefits is the technology expected to bring?

Speed & Volume

5G is going to be fast. Like, really, really fast. Possibly 10X as fast as the zippiest 4G connections you’ll find today. It’s also going to move larger quantities of data than ever before, as much as 10 terabytes per kilometer.

Better Coverage (In some areas)

5G is fast but that speed comes at the cost of signal strength. The radio frequencies being used by 5G technology will have a harder time penetrating buildings and deplete over distance much more rapidly. To compensate for this shortfall, network providers are building many more cellular base stations. This should, in in theory, ensure much more even coverage for those in highly urban areas (which are the first targets for any new technology support).

Smart Vehicles and IoT

One of the areas 5G is expected to make the biggest splash in is IoT. The ubiquitous Internet of Things (an umbrella term referring to internet-connected devices outside of cell phones/computers) is about to get a whole lot more internet. The throughput capability of 5G means things like smart cars, intelligent medical equipment, logistics sensors, and whole lot more will be able to send and receive more data and more kinds of data than previously possible. 5G will also support connectivity to devices traveling at 500km per hour, substantially increasing the ability for connectivity-dependent smart-devices in high-speed transit.

5G sounds great! What’s to worry about?

Well, you’ll need to get a new phone to take advantage of the technology, you’re unlikely to realize the benefits any time soon if you live in a rural area and, oh yes, a complex web of international trade disputes and security concerns may make adopting the technology near-impossible for some American businesses.

Um…What?

It’s all about China, mostly. The Chinese government and Chinese firms have a much larger stake in 5G development than they had in 3G and 4G-LTE, having secured greater leadership positions in both the International Telecommunication Union (ITU) and the Third Generation Partnership Project (3GPP).

Chinese entities (specifically Huawei and ZTE) have made large strides in patenting ICT innovations, making China the de-facto industry leader in this technology. Chinese companies account for 34% of global patent applications related to essential 5G technology, a 50% increase compared to their share of 4G patents. China’s dominant 5G position isn’t only reflected in the number of patents they control; they have also played a much greater part in developing the 5G standard: the industry governance approved by the 3GPP that essentially defines what is and isn’t 5G with respect to various technologies. According to IPlytics, Huawei leads the pack on submitted technical contributions to 5G standards, ahead of Ericsson, Nokia, and Qualcomm, with ZTE coming in 5th. Huawei also holds the lead for most approved contributions to the standards.

So, China’s taking the lead. Why is that a problem for me?

Perhaps not you personally, but it certainly presents challenges to American companies and federal agencies looking to leverage the technology. There’s two reasons for that: the ongoing (and seemingly ever-escalating) trade dispute between the two countries and the potential security threat posed by adopting technology dependent on innovations from Chinese companies.

Trade war, you say?

In case you missed it, the American government and the Chinese Government have spent the past year slapping tariffs on one another, with telecommunications equipment being some of the hardest-hit products. The Trump administration has also specifically issued bans on the largest Chinese telecom company, Huawei, prohibiting their products from use in American communications networks and banning US agencies from doing business with Huawei. The landscape is constantly changing though. As recently as September 12th, Huawei’s founder Ren Zhengfei has offered to sell the company’s technology to western buyers with no strings attached, theoretically enabling a buyer to use the technology with assurance that the Chinese government would not be watching.

But is 5G a security risk?

Whether or not China’s investment in 5G constitute a material risk to US security is up for debate. Many officials certainly believe so. According to Ashley Ford, the assistant secretary of state for international security and non-proliferation, “If a Chinese technology giant has access to your technology, your information, or your networks and the party comes asking, the only answer the company can give is ‘Yes.’”

The US government has plenty of legislative tools designed to protect against the insecure use of foreign technology through economic pressure, such as the Buy American Act or ITAR. However, measures like these can only protect against known affiliates of foreign companies. A third or fourth tier supplier with compromising ties to the Chinese government could still slip through if their connections are not reported or well-documented. Organizations looking to capitalize on 5G technology without falling afoul of federal law will have to use tools like intelligent technology to vet their supply chains.

To learn more about the potential pitfalls of pending technologies like 5g or the Internet of Things (IoT) and about potential solutions click here. And check out Interos’ eBook on the subject which discusses measures organizations and agencies can take to protect themselves while making use of emerging technology.

Six degrees of Kevin Bacon: why multi-tier business relationships matter to you

Posted on by Harris Allgeier

We live in an increasingly connected world. Globalization, the gradual shift towards a borderless economy, is ever-increasing and seemingly inevitable. This broadening scope and increased openness brings plenty of opportunity and of course, plenty of risk. Businesses and entities that previously had to worry about dealing with a handful of local suppliers must now contend with, and manage, scores of internationally located suppliers, who in turn are dependent on disparate and diverse suppliers, and so on down the line.

Awareness of this interconnectivity pays dividends, just as ignorance surely has a price. Sophisticated bad actors won’t just target your organization directly, they’ll attempt take-downs and incursions across your entire supply chain. 80% of all security breaches originate in the supply chain. With 45% of all cyber breaches being attributable to past partners. According to William Evanina with the National Counterintelligence Center (in testimony to the Senate Intelligence Committee on Intelligence in 2018)  “A growing set of threat actors are now capable of using cyber operations to remotely access traditional Intelligence targets, as well as a broader set of US targets including critical infrastructure supply chains.”

But where is this threat originating from?

Cyber supply chain threats come from many directions. But it’s helpful to break them down into four primary categories.

  • International Organized Crime – The perpetrators of infamous hacks like WannaCry, NotPetya, and similar attacks. International hacking groups are one of the greatest and most consistent threats facing businesses today. Whether they’re holding systems for ransom, stealing credit card info, or conducting a thousand other nefarious schemes, they’ll target almost any and every institution with a vulnerability.
  • Nation States – State based hacking groups form another pillar of the cyber threat gazebo. Nation states are turning to hacking with increasing frequency, using supply chain cyber attacks to steal national secrets, disrupt economic activity, influence elections, and more.
  • Hacktivists – A broad term applied to those conducting hacking activities not motivated by profit or aligned with the interests of a specific nation-state. This category could include jihadist groups as well as Anonymous.

What nations are the most active hackers and why?

From a western perspective, the biggest threats are doubtlessly China, Russia, North Korea, and Iran. They’re easily some of the most cyber-aggressive nations out there and are traditionally opposed to western interests. These nations devote considerable effort into hacking because it’s simply more bang for their buck. Cyber-enabled supply chain attacks can now result in vastly disproportionate economic harm compared to the minimal resources required to execute the attack, thanks in part to the exponentially growing global digital supply chain. This is called Cyber-Enabled Economic Warfare.

What now?

Cyber-Enabled Economic Warfare (CEEW) is best-defined as “A hostile strategy involving attack(s) against a nation using cyber technology with the intent to weaken its economy and thereby reduce its political and military power.” To be considered CEEW, an attack must fit the following criteria:

  • Cyber Enabled
  • Intended to cause economic harm
  • Damage must be enough to degrade a nation’s security capabilities
  • Motivated by strategic intent

A threat is considered to be “motivated by strategic intent” if it is done both at the behest of a sate entity and is in alignment with that nation’s strategic goals. Some common cybersecurity supply chain threats include:

  • Computer hardware delivered with malware installed
  • Malware that is inserted into software or hardware post-delivery
  • Software vulnerabilities in supply chain software applications
  • Counterfeit computer hardware
  • Loss of intellectual property shared with supply chain partners
  • 3rd party access to IT networks, customer information or operational control systems
  • Poor information security practices by lower-tier suppliers
  • Rogue, malicious, or naïve inside employees

To get an idea of the damage a single supply-chain cyber-attack can cause, one need look no further back than 2017, to the days of NotPetya. NotPetya is, confusingly, the name of a specific variant of malware in the “Petya” family of ransomware. The software targets windows-based systems, infecting the master boot record, sending a payload that encrypts a hard drive’s file system table and stops windows from booting. In 2017 this variant was used to initiate a global cyber attack that primarily targeted the Ukraine. The attack quickly rippled throughout the global supply chain, shutting down businesses around the globe. The following list illustrates the cost of NotPetya:

  • Pharmaceutical company Merck – $870,000,000
  • Delivery company FedEx (European subsidiary TNT Express) – $400,000,000
  • French construction company Saint-Gobain – $384,000,000
  • Danish shipping company Maersk – $300,000,000
  • Snack company Mondelēz (parent of Nabisco and Cadbury) – $188,000,000
  • British manufacturer Reckitt Benckiser – $129,000,000

The attack left global shipping magnate Maersk, who represent 20% of the world’s shipping capacity, dead in the water, unable to read ship’s inventory files or accept orders. Making them unable to move freight or conduct even basic commerce. While the company has publicly stated that the attack cost them $300 million, that estimate is believed to be even lower than actual numbers. Moreover, those don’t reflect the costs borne by the many suppliers and logistics companies dependent on Maersk. The unreimbursed costs for affected trucking companies alone were estimated to be in the tens of millions

Wired’s report on the incident effectively characterizes the attack and what it illustrated about the interconnectedness of the global economy, stating that NotPetya was “…the story of a nation-state’s weapon of war released in a medium where national borders have no meaning, and where collateral damage travels via a cruel and unexpected logic: Where an attack aimed at Ukraine strikes Maersk, and an attack on Maersk strikes everywhere at once.”

Staying Secure

So how can you proactively defend your supply chain? It all starts with knowing your vendors. We recommend taking the following steps to start securing your supply chain. Remember, there’s a 0% chance your supply chain hasn’t been compromised. You need to know where, when, and what your level of risk exposure is. That means you should:

  • Map your supply chain and identify your most important vendors
  • Identify your sub-tier suppliers with critical IT components or software embedded in your products and systems
  • Know, WITHOUT A DOUBT, what information or IT systems your vendors can access
  • Review vendor personnel practices
  • Ensure the CISO’s team is integrated into the procurement process, vendor assessments and vendor management
  • Conduct regular briefings on the threat environment and track the reporting and remediation of vulnerabilities