Supply Chain Standouts: July 31st – Sustainability

The COVID-19 pandemic has made clear that building resiliency for future supply chain risks is no longer optional. Enterprises are not only prioritizing resilience and agility against future pandemics, they are preparing their supply chains for a broad range of shocks, including anticipated disruptions caused by climate change. 

As part of their broader supply chain resilience strategies, many companies are collaborating and creating initiatives to minimize their environmental footprint. For example, nine companies—Maersk, Danone, Mercedes-Benz AG, Microsoft, Natura & Co., Nike, Starbucks, Unilever, and Wipro—joined with the Environmental Defense Fund and BSR, two nonprofit advocacy groups to form the “Transform to Net Zero” initiative. Each member has promised to have net zero emissions by 2050, enabled by sharing best practices with one another and across their respective industries. The ultimate goal is not only to reduce their own greenhouse gases but to lead other companies to join in and commit to net zero emissions. In fact, “working with partners across supply chains” is one of their mission objectives to help all organizations achieve net zero emissions. 

This kind of collaboration across supply chains is essential, as is innovation toward more eco-friendly energy sources. French container and shipping company, CMA CGM, similarly is making strides to reduce pollutants. After reducing emissions 50% between 2005-2015, CMA CGM aims to reduce emissions an additional 30% by 2025. Most of the progress so far has been achieved by transitioning their fleet to liquid natural gas-powered vessels. Now, the company is working with Ikea Transport and Logistics and the GoodShipping Program to create a biofuel from vegetable oil and recycled forest products to be used as a replacement on their Heavy Fuel-Oil vessels. The GoodShipping Program is another example of collaboration across supply chains to minimize the environmental footprint of companies and their partners with a focus on sea freights and the container shipping industry. 

For land transportation, the Corporate Electric Vehicle Alliance is helping shift company fleets to electric vehicles (EVs) in order to reduce emissions and costs. Although on paper EVs are generally cost-efficient in the long term with lower operational costs and greater safety, the current array of vehicles doesn’t meet the needs of industry. Vehicle manufacturers need more information and feedback on the scale of corporate demand. The Corporate Electric Vehicle Alliance aims to address this gap by joining companies—such as Amazon, DHL, and Siemens—with resources and best practices for transitioning fleets to EVs. Meanwhile, joining the alliance specifically communicates to auto manufacturers and policymakers the vast demand for a wider selection and greater production of EVs tailored for commercial use.  

Companies across the Atlantic are also working together to minimize the footprint across their supply chain ecosystem. The European alliance for a Green Recovery was formed to rebuild the economies of over a dozen nations with renewable investments. Among the founding signatories are 37 CEOs, ranging from L’Oreal to the LEGO Group, who pledged to invest in decarbonizing buildings, mobility, and energy alongside 28 business associations, 10 trade union federations, 7 NGOs, and dozens of government officials. While still in its initial planning phase, the group hopes to establish a European Green Deal to revitalize the economy after the pandemic while achieving a net zero emission Europe by 2050. Many members seek to convince officials to shift government incentives away from fossil fuels and towards replacing old infrastructure with zero-carbon buildings and renewable energy. 

Making global supply chains sustainable is a monumental task, but it will be necessary to build up resilience for the next disruption. Through collaboration, companies can demonstrate to customers, policymakers, and each other how to best prepare for and reduce the anticipated effects of climate change. This is not just convenient, it is pragmatic. Positive change can be multiplied by joint research and action and requires collaboration across entire supply chain ecosystems. 

Check out our previous Supply Chain Standouts or learn more about increasing resiliency.

Success on the Gridiron and in the Boardroom – Harris Barton

Episode 9: Success on the Gridiron and In the Boardroom

When you think of a 3 time Super Bowl champion offensive tackle, you probably don’t also think of a fund manager, philanthropist, investor, and Broadway theater lover.

But our guest on this episode of What Lies Beneath, Harris Barton, is not your typical retired NFL player.

Harris got interested in the investment world during his tenure with the San Francisco 49ers, because the Bay area was where all the venture capital was located in the late ‘80s and ‘90s, and it led him to a career as a philanthropist, fund manager, & investor.

Join us for this fabulous interview where Harris talks all about:

-Starting a charity geared at bringing the magic of Broadway to young people impacted by cancer

-His entrance into the world of venture capital while living in the Bay area

-The difficulty of restarting a career after over a decade in the NFL

-His go-to favorite football story (hint: the 1989 Super Bowl)

Listen & Subscribe!

To learn more, check out the podcast above, or on Stitcher, Apple Podcasts, Google Play, Spotify, or wherever you listen to podcasts. If you like what you hear, please rate and review the show, or share it with a friend! New episodes air every other Tuesday.

To learn more about Interos, visit Interos.ai.

New Chinese Restrictions Part of Broader Trend Disrupting Supply Chains

In 2014, the Western District of Pennsylvania indicted five People’s Liberation Army (PLA) members, charging the Chinese military officials with corporate espionage. This was the first nation-state indictment for cyber-espionage and served as an inflection point after years of intellectual property (IP) and personally identifiable information (PII) theft. Since then, the U.S. has increasingly relied on indictments, bringing what had been classified discussions into boardrooms and to the public’s attention. This “name and shame” strategy is but one piece of the puzzle in countering digital espionage and malicious activity. Over the last year, the U.S. government and democracies across the globe have increasingly relied on another strategic tool: blocking and sanctioning entities with links to foreign adversaries.

Following on the heels of sanctioned Russian and Iranian entities, Chinese companies and individuals are increasingly ostracized from the U.S. economy for a range of violations. The Department of Commerce’s addition of eleven more excluded entities on Monday expands the growing list of Chinese firms and individuals linked to human rights violations in Xinjiang. The increased prominence of restricted entities not only highlights evolving national security challenges, but also introduces a range of security and compliance risks into enterprise supply chain ecosystems.

The Growing List of Restricted Entities

There is a long history of corporations carrying out state-sponsored or state-backed activities. Today, this manifests in three core areas: the competition in emerging technologies, artificial intelligence (AI), and national security playing out between democracies and authoritarian regimes; human rights violations enshrined in government policy; and digital attacks on critical infrastructure. As the chart below (focused on China) illustrates, the number of restricted entities continues to grow.

"Number of Chinese entities added to the U.S. Entity List," including 42 in 2019 and 35 in 2020.

 

The 5G race best exemplifies the technology and national security focus on restricted entities, with growing distrust about security and data access. Huawei and ZTE are the most prominent companies to come under public scrutiny and government sanction. Huawei has drawn particular scrutiny due to its marketshare as the world’s top telecom supplier and second largest phone manufacturer. The fines, sanctions, development restrictions, and inclusion on entity lists aim to surface and address digital and national security risks posed by these companies. The related chip wars similarly reflect the desire to secure digital supply chains with trusted components. Federal organizations have been banned from using Huawei and ZTE equipment, while the private sector is growing vocal in their distrust as well.

Just as the 2014 PLA indictments ushered in the growing deployment of indictments in response to digital attacks, restrictions similar to those imposed on Huawei and ZTE are increasingly applied to other companies deemed security risks. In May, the Department of Commerce’s Bureau of Industry and Security added two dozen Chinese companies linked to weapons of mass destructions and military activities. In June, the Pentagon named twenty companies with alleged links to the PLA. Huawei is included in this list, as is video surveillance firm Hikvision, and telecom and mobile companies. The focus on trusted technologies is not limited to China. Russian cybersecurity company, Kaspersky, is also banned from use by both U.S. civilian and military agencies.

An image of a toy globe, centered on China.

The second group of restricted entities focuses on those linked to human rights violations. The U.S. recently imposed new restrictions against 33 companies for human rights violations, many of which are tech companies (i.e. facial recognition tech) following the June passage of the Uighur Human Rights Policy Act. This is part of a broader U.S. government effort to investigate companies that knowingly benefit from the human rights violations in Xinjiang. Last month, Chinese officials were similarly sanctioned for human rights violations, a response both to protest suppression in Hong Kong as well as human rights violations against the Uighur population.

Finally, the naming and shaming and blocked entity strategy is increasingly employed against foreign entities targeting critical infrastructure, especially through cyber-enabled activities. In addition to election interference, sanctions have targeted Russian entities for conducting cyberattacks on the U.S. energy grid. The financial services sector is another critical industry frequently targeted by foreign adversaries, resulting in subsequent additions to the restricted entities list. For example, Iranian entities and the company, ITSec Team, were sanctioned for a series of attacks on banks and stock markets.

Many lines of code on a screen.

 

Chinese Restrictions Bring Compliance Challenges & Reputational Risks

As the examples above highlight, there is a growing whole-of-government approach across the Departments of State, Defense, Treasury, and Commerce to block, sanction, and name entities linked to foreign adversaries. These restricted entities add national security, reputational, and compliance challenges that propagate throughout a supply chain ecosystem. The compliance requirements for each are distinct and reflect the increasing challenges of ensuring global supply chains are disentangled from restricted entities.

This issue continues to grow in scope and complexity. Section 889 of the National Defense Authorization Act further restricts any federal contractors from using Chinese telecommunications products and services. The Office of Foreign Assets Control (OFAC) lists over a dozen countries on its blocked entities list as well as a growing list of individuals and organizations. For example, Iran’s Mobarekeh Steel Company has been a restricted entity since 2018 due to linkages to the Iranian military, but OFAC recently expanded the restrictions to include their subsidiary companies, including one based in Germany. This latest restriction prohibits “U.S.-based companies and individuals from transacting with them and expose anyone doing business with them to potential penalties.” For financial institutions, this restriction on the metals trade may not be on the radar, but due to a January executive order, financial institutions risk sanctioning if they facilitate this trade.

The Huawei logo.

Internationally, other democracies are also blocking entities linked to authoritarian regimes. The United Kingdom introduced a sanctions regime aimed at penalizing entities linked to human rights abuses, including those in Saudi Arabia and Myanmar. Last week’s Huawei ban by the United Kingdom in 5G networks builds upon broader U.S. efforts to secure 5G networks and illustrates the global nature of these restrictions. The Russian oil giant, Rosneft, was sanctioned earlier this year due to ties to Venezuela’s Maduro regime. India recently banned 59 Chinese apps.

These are dynamic geopolitical times, not just for U.S.-China relations but for a growing range of global challenges. China’s recent sanctions and restrictions targeting U.S. entities and the U.S. executive order ending Hong Kong’s special status further illustrates how corporations and their supply chains are increasingly entangled in geopolitics. While compliance considerations must be top of mind when it comes to restricted entities, governance and cyber risk assessments must similarly account for whether these entities are present within a global supply chain ecosystem. The externalities of these geopolitical tensions will continue to disrupt supply chains in multiple ways and reinforce the urgency for a holistic approach to risk, as well as the necessity for agility and visibility across supply chains for greater resilience and security.

To learn more about how sanctions, geopolitical events, and impending regulations will impact your global supply chain, and how to get ahead of supply chain risk, visit interos.ai.

Dr. Andrea Little Limbago is a computational social scientist specializing in the intersection of technology, national security, and society. As the Vice President of Research and Analysis at Interos, Andrea leads the company’s research and analytic work regarding global supply chain risk with a focus on governance, cyber, economic, and geopolitical factors. She also oversees community engagement and research partnerships with universities and think tanks and is a frequent contributor to program committees and mentorship and career coaching programs. She has presented extensively at a range of academic, government, and industry conferences such as RSA, SOCOM’s Global Synch, BSidesLV, SXSW, and Enigma. Her writing has been featured in numerous outlets, including Politico, the Hill, Business Insider, War on the Rocks, and Forbes. Andrea is also a Senior Fellow and Program Director for the Cyber and Emerging Technologies Law and Policy Program at the National Security Institute at George Mason and a Fellow at the Atlantic Council’s GeoTech Center. She is an industry advisory board member for the data science program at George Washington University, and is a board member for the Washington, DC chapter of Women in Security and Privacy (WISP). She previously was the Chief Social Scientist at Virtru and Endgame. Prior to that, Andrea taught in academia and was a technical lead at the Joint Warfare Analysis Center, where she earned the Command’s top award for technical excellence. Andrea earned a PhD in Political Science from the University of Colorado at Boulder and a BA from Bowdoin College.

Interos and RiskRecon Identify Vulnerable and Hidden Third, Fourth, and Fifth Party Suppliers

Partnership will enable companies to identify, continuously monitor, and respond to cyber, concentration, financial, and geographic risk hidden deep in digital supply chains

Arlington, VA and Salt Lake City, Utah – July 22, 2020 – Interos, the first and only multi-factor, multi-tier, third party risk management platform, today announced the immediate availability of RiskRecon Security Risk Scores for suppliers deep within enterprise supply chains. The partnership combines both companies’ capabilities, and provides customers with greater resilience intelligence to cyberattacks, and to financial and geographic disruption.

As the global economy seeks to rebuild resiliency following the COVID-19 pandemic, many business leaders are taking a close look at their supply chain risk. Jim Routh, CISO, MassMutual Life Insurance Company, adds: “The complexity of today’s digital supply chains has increased the challenge to third-party governance programs to protect businesses from cyber risks for third, fourth and fifth parties in the supply chain. Continuous, integrated risk information on multiple tiers is essential to identifying business-critical and vulnerable supply chains for earlier proactive prevention, detection, and faster response.”

RiskRecon’s Security Risk Scores, which cover every party and tier deep within complex global supply chains, are now included within Interos’ risk assessment capabilities, which span over 50 million entities and mine 85,000+ data sources. Interos’ platform leverages AI, a graph database, and natural language understanding (NLU) to map out a company’s supply chains, business relationships and ecosystems. The result is a clear picture of a company’s entire ecosystem from end to end, with scoring across five key risk factors, that’s monitored and updated continuously.

“Our customers use Interos to model the potential ripple effects of risks and disruptions within their supply chain that could ultimately impact their business. With RiskRecon integration, they can anticipate the effects of cyber weakness in hidden parties, and ensure resilience before damage and loss occur,” said Jennifer Bisceglie, CEO and founder of Interos. “The COVID-19 pandemic made continuous, proactive risk monitoring a necessity. We’ve built the world’s largest business relationship map, so organizations can get a high-definition picture of where risk exists.”

“We look at cybersecurity risk across a defined set of domains for our customers and partners to deliver an objective, accurate view with one goal in mind, which is producing better risk outcomes,” said Kelly White, CEO, RiskRecon. “Influencing a broader set of risk metrics with our scoring and analytics, integrated with partner offerings like Interos, aligns with the assessment and remediation needs of leading third-party risk management organizations.” 

 

About Interos

Interos protects customers’ brand and operations from risk in their extended supply chains and business relationships. The first AI-powered platform for eliminating multi-party, multi-factor risk from 3rd, 4th to nth tier parties, Interos automates discovery, detection, and response to financial, operations, governance, geographic, and cyber risk. Designed by experts and leveraging the company’s 15 years of experience in managing the world’s most complicated supply chains, Interos provides real-time risk management for the largest commercial brands in manufacturing, financial services, and aerospace and defense. For more information, visit interosai.kinsta.cloud.

About RiskRecon

RiskRecon, a Mastercard company, is the only continuous vendor monitoring solution that delivers risk-prioritized action plans custom-tuned to match an organization’s risk priorities. RiskRecon provides the world’s easiest path to understanding and acting on third-party cyber risk, enabling security and risk teams to efficiently build scalable, third-party risk management programs for dramatically better risk outcomes.

For more information, visit www.riskrecon.com or visit us on our social channels: LinkedIn or Twitter.

Supply Chain Standouts: July 10th

This week’s supply chain standouts reflect the new ways businesses are safely tackling the last-mile challenge in the COVID-19 era. Technologies previously only found in headlines may be arriving at your door soon, spurred by demand for touchless delivery and new partnerships between autonomous delivery technology companies and big-name eateries and stores.  

After two years of testing, Silicon Valley based Nuro has sealed deals with KrogerWalmart, and CVS to deliver groceries using the company’s electric on-road autonomous vehicles. Store employees load the vehicle with orders, and users enter in a unique pin to unlock the doors at their own curb. Currently limited to Houston and Scottsdale, the company expects to expand quickly into California once cleared by the state’s robust permitting process for autonomous vehicles. 

To make its own space in the autonomous delivery market, Refraction AI has designed its REV-1 vehicle to operate in both car and bike lanes through dense urban areas. Reducing the size and speed of the vehicle to resemble a bike instead of a car has allowed the company to reduce the need for overcomplicated sensors or a more powerful engine, while still fitting for 16 cubic feet of storage. Commercial use has already begun in the startup’s home of Ann Arbor, Michigan to deliver from for two local restaurants and a local grocer. Since the pandemic has kept residents at home, demand for REV-1 deliveries has more than tripled. Designed by two Michigan professors, the vehicle can even deliver in a snowstorm. 

While vehicles wait on permits, many businesses are taking to the skies with drone delivery testsDeuce Drone, a small drone delivery startup run by a collection of veterans, former tech executives, and recent MIT graduates recently agreed to a proof-of-concept demonstration this August with a Buffalo Wild Wings franchise in Alabama. Just this week, Deuce Drone also inked a deal to start a drone grocery delivery service with the Gulf Coast grocer Rouses Market. If trials are successful, the partnerships hope to deliver food, drink, and more to homes within 30 minutes—faster than by car and with a smaller carbon footprint 

Drones may even become a new tool for first responders to quickly deliver supplies to a medical emergency. Drone Delivery Canada has successfully completed tests of Automated Electronic Defibrillators drops using its DDC Sparrow to deliver both the technology and guidance for untrained persons to respond to a cardiac emergency. The company, partnered with local health departments, hopes that the drone will be able to provide lifesaving treatment in rural locations while first responders are still navigating to the scene. Drone Delivery Canada is building on their experience delivering goods cheaply to the rural communities of the Ontario First Nation. 

These new technologies are still limited by roadway and airspace regulations from becoming widely available. USDOT has largely avoided any changes to regulations for autonomous vehicles on roadways so far, preferring to let states take the lead on policy experimentation. The FAA has only approved nine locations for its Integration Pilot Program to test drone use for deliveries, inspections, and data collection. While the wheels of policy are moving slowly, pressure is mounting for changes to come soon. Autonomous vehicles and drones are no longer just eye-catching technologies of the future: they are proving to be a powerful tool for safely reconnecting supply lines in during the pandemic, whether bringing the sports bar to your door or dropping medical supplies to those in need 

Check out our previous Supply Chain Standouts or learn more about increasing resiliency.

COVID-19 Driving Urgency for Third-Party Risk Visibility, Market Leader Interos Growing Exponentially

Industry’s first AI-powered third-party risk management platform proving critical as businesses seek new level of supply chain transparency and operational resilience.

ARLINGTON — July 7th, 2020 – COVID-19 has dictated that companies across all industries urgently reevaluate third-party risk associated with their complex global supply chains and web of global business partners. Real-time, continuous monitoring of the health and stability of a company’s hundreds or thousands of business partners was virtually impossible before. Interos has cracked the code with the first and only AI-powered multi-tier, multi-factor third-party risk management platform. The company, today, announced unprecedented company and customer growth along with the hiring of a new Chief Technology Officer (CTO) and a new Chief Revenue Officer (CRO).

Since the start of major COVID-19 outbreaks in the US in March 2020, Interos has seen a 500% increase in inbound requests from current and prospective customers, which has played a major role in 961% revenue growth since January 2019. In March 2020, the company also announced plans to triple year-over-year sales growth alongside a $20MM Series B funding round.

“We’ve built the world’s largest business relationship graph, providing organizations with a multi-tiered picture of the level of risk and opportunity associated with their global business ecosystem,” said Jennifer Bisceglie, founder and CEO of Interos. “Before COVID-19, organizations knew they had a dangerous blind spot beyond tier-one suppliers and business partners but didn’t know how to solve it. Based on a deluge of inbound inquiries into our capabilities since March, it’s clear from conversations that the pandemic has made it a Board-level imperative to fix this quickly. This is a big data problem; operational resiliency is only feasible via comprehensive, continuous monitoring, and the application of AI.”

According to a recent Gartner report, out of the 60% of global companies and organizations that work with more than 1,000 third parties, only 27% perform ongoing monitoring and only 2% directly monitor fourth and fifth tier suppliers. By applying AI and machine learning, Interos currently monitors over 50 million entities globally across 85,000 data sources, processing 250 million risk events per month. This unprecedented visibility enables organizations to make decisions on how to reduce the impact of risk, quickly, and as it happens; compress supplier due diligence processes from months to minutes; and ensure the resilience of the most complex global supply chains and brands. Interos monitors suppliers across five key risk factors – financial, operational, governance, geographic, and cybersecurity with over 60 associated variables and growing.

“For many years, enterprises have collectively over-indexed on the cost side of the equation at the expense of risk and other value levers. This has left most supply chains facing massive unseen risk caused by a lack of visibility, interpretation, and action,” said Dr. Elouise Epstein, vice president at strategic consulting firm Kearney and noted procurement expert. “The way forward is to implement intelligent risk monitoring, overlaid with good strategy, and clear actioning — ideally autonomously.”

To support Interos’ rapid growth in the market, the company has expanded its staff by over 40% so far this year and has projected to grow by 160% YoY in 2020.  New executive hires include Noel Calhoun, CTO, who will head up Interos’ AI efforts. Calhoun previously served as CTO of the Central Intelligence Agency and most recently as CTO of Kensho Technologies, an S&P Global Company. Interos has also welcomed Eric Johnson as CRO. Johnson has led North American software sales teams at Sybase, SAP, and global sales teams at Blackberry and, most recently, Marketo (an Adobe company).

About Interos

Interos protects customers’ brand and operations from risk in their extended supply chains and business relationships. The first AI-powered platform for eliminating multi-tier, multi-factor risk from 3rd, 4th to Nth tier parties, Interos automates discovery, detection, and response to financial, governance, geographic, cyber and operational risk. Designed by experts and leveraging the company’s 15 years of experience in managing risk in the world’s most complicated supply chains, Interos provides real-time risk management for Fortune 500 brands in manufacturing, financial services, and aerospace and defense.