The Three Supply Chain Tasks for a CISO

Managing supply chain security and mitigating attacks has become critical for Chief Information Security Officers (CISOs)

As we outline below, Interos has found three main tasks that CISOs must lead to protect their organization’s supply chain and improve overall visibility.

Incident Response – Dealing with a supply chain attack.

SolarWinds, Kaseya, Log4J, and other supply chain attacks have grabbed the headlines. A CISO must prepare for the next event without knowing its type, motive, or origin. SolarWinds had no cyber warning indicators before its major breach. All the firewalls, agents, policies, and other traditional tools would not have prevented this type of attack since SolarWinds had complete access to the network.

CISOs need to determine if they are at risk when these attacks happen. The traditional method for risk management is to send surveys to all suppliers and third parties. Unfortunately, since most CISOs do not have visibility into their supply chains, they must start from scratch. Hopefully, they have a third-party assessment tool, but often the CISO must get a list of suppliers from procurement. This list usually only includes the first tier of suppliers. While waiting for the surveys to be completed and returned, the organization remains exposed to the threat. This means that the CISO cannot readily confirm to leadership that the threat has been mitigated, often for weeks or months.

The Interos operational resilience platform continually maps, monitors, and models an organization’s extended supply chain. When new attacks happen, Interos alerts customers so they can strategize a reaction to the threat. It takes a few seconds to discover where the affected supplier resides within the supply chain and how it connects to the organization. A CISO using Interos can start mitigation efforts almost immediately, which reduces the time before confidently reporting to the C-Suite that they have resolved the problem.

Proactive Assessment – Auditing the supply chain.

An unhealthy supply chain can cause tremendous problems for an organization.

The CISO’s role is to protect the organization and they must understand the health and potential risks of their supply chain. Organizations should not trust a supplier with poor cyber hygiene. They should also look to replace any equipment supplier who has gone bankrupt or out of business. Even if the technology works, the manufacturer can no longer provide updates and patches for future cyber vulnerabilities.

Continually assessing and monitoring the extended supply chain can be difficult or impossible without the proper tools. A CISO can lessen the damage or prevent supply chain attacks if they know where to focus their efforts. However, most are blind to potential problem suppliers.

The Interos operational resilience platform continually assesses and monitors the extended supply chain, integrating six risk factors to come up with a comprehensive score. A CISO can use this information to focus on the worst offenders in each category, getting the best result for their efforts. A CISO can also understand if the suppliers are subject to US, UK, or EU sanctions or restrictions, which may cause business problems. With Interos, the CISO can be proactive and improve their supply chain’s health, reducing incidents and supplier churn in the future.

Supplier Onboarding

Vetting of new suppliers for cyber risk is a task often given to CISOs. There is often pressure on the CISO to complete the assessment quickly if the new supplier is deemed acceptable already by management. Since requests to vet a supplier are random, it is impossible to schedule. Knowing that a new supplier is at a high risk for cyber issues is critical to ensuring a company’s data security.

Getting new supplier information is traditionally done by sending them a survey with questions or asking for the results of a recent SOC audit. Often the surveys take a long time to complete and return. While a security operations center audit is preferable in most cases, it can be costly to conduct.

The Interos operational resilience platform uses public and private data sources combined with one of the largest business relationship data lakes to build a viable picture of an organization in a few minutes. The CISO can enter the company name and create a helpful report without sending and waiting for the return of surveys. The Interos analytics engine can provide insight into the supplier in all six risk categories, location, and other relevant data. This approach can enable a CISO to know within a few minutes if the supplier is bankrupt, doing business in concerning areas, or has connections to questionable organizations. The Interos approach is standardized and repeatable without requiring a high level of supply chain expertise from the cyber analyst.

To see a demonstration of the Interos Operational Resilience platform, please go to https://www.interos.ai/resources/interos-product-overview/

 

Report: China’s Market Dominance for Rare-Earth Elements

By: Michael Eddi, Taiwo Ogunbayo, and Margaret D’Annunzio

Concerns over the west’s economic reliance on China are at an all-time high and cover a staggering breadth of industries. But few exports are more critical than China rare-earth elements (REEs) — or raise more urgent questions regarding China and supply chain concentration risk.  The REEs are a set of seventeen metallic elements. These include the fifteen lanthanides on the periodic table plus scandium and yttrium. Rare-earth elements are essential in the creation of virtually all advanced technology ranging from weapons systems critical to national defense to electric vehicles and devices imperative to a society’s modernization and advancement. 

China holds an 84% market share of REEs, creating a highly concentrated marketplace at risk of monopolization. This concentration creates potential crises for the companies who rely on these elements as sanctions and geopolitical conflicts, among other disruptions, could make acquiring REEs incredibly difficult.

According to the France-based International Energy Agency (IEA), China today extracts 60% of all rare-earth elements that are consumed by the global market. The country also refines 87% of the world’s REE supply, so many of the materials mined outside of China’s borders must be sent there for processing.

Analysis of 21 Chinese REE companies on Interos’ global relationship mapping platform reveals the extensive connection between China and supply chain concentration risk: 

  • More than 100 U.S. companies buy directly from these Chinese REE suppliers at tier-1, 3,500 indirectly at tier-2, and more than 102,000 buy indirectly at tier-3. 
  • Nine European firms (European Union plus UK) buy directly from these Chinese REE suppliers at tier-1, and 1,600 buy indirectly at tier-2, while over 56,000 buy indirectly at tier-3. 
  • Electronic equipment and components, machinery, software, and metals and mining are the main industry segments represented in trading relationships surrounding China rare-earth elements.  

The limited growth of western refinement capabilities is largely due to the potential impact on conservational efforts, as mining and refining operations come at the expense of environmental degradation. Despite this, avenues are being explored by North American firms to increase refinement capacity and ability with the goal of further reducing overall dependence on China.  

The Potential Impact of Sanctions on China Rare-Earth Elements

The Interos report includes a scenario matrix that represents seven distinct hypothetical situations with varying degrees of probability examined through the overarching scope of probability and impact. 

By understanding these potential scenarios, customers can use the Interos cloud-based artificial intelligence-powered supply chain risk management solution to game out how these scenarios could impact your business. 

Let’s look at each one in more detail.

Sanction and Tariff Scenarios: Navigating China and Supply Chain Concentration Risk

Scenario 1: Sanctions are placed on Chinese state-owned mines and mining operations 

Scenario Likelihood: Low

Projected Impact to Metals Supply Chain: High

Under this scenario, the American Office of Foreign Assets Controls (OFAC) would sanction Chinese state-owned mines, hence restricting American entities from purchasing or doing business with such mines. With over a dozen Chinese-owned mining companies in China, one-third are state-owned. On December 23 of last year, China approved the merger of three of its largest state-owned mines (MinMetals, the Aluminum Corp of China, and Ganzhou Rare Earth Group). 

This effort helps Beijing consolidate its position over the mining sector by allowing the government to have control over the entire supply chain of China rare-earth elements. This move led to the creation of a single state-owned company with a 70% share of the domestic production quota, which is vital to the creation of high-tech products. Due to the ongoing geopolitical tension between the U.S. and Chinese government, the merger will give the Chinese government the leverage it needs while negotiating with the U.S. Most importantly, it will advance China’s goal of total dominance, pricing power, and influence in rare-earth production. For the U.S. to levy such a sanction, it would need to increase its rare-earth output to mitigate China’s supply chain concentration risk.  

Scenario 2: A targeted sanction placed on C-suite leadership of Chinese mining companies 

Scenario Likelihood: High

Projected Impact to Metals Supply Chain: Low

Under this scenario, the U.S could take a similar approach as it did when it sanctioned Rusal. Using the template from the Rusal sanction, OFAC would designate specific Chinese mine owners, along with the mines they control or own. Concurrent with this designation, OFAC would issue general licenses to minimize immediate disruptions to U.S. persons, partners, and allies. Since the sanction targets a single entity rather than all the mining companies, U.S. entities can go to other Chinese rare-earth element suppliers. The license provided by OFAC would allow them to continue business with the sanctioned companies. In the sanctions levied against Rusal and its leadership, the State Department removed the entity sanction when its biggest shareholder Oleg Deripaska reduced his stake in the company. 

Scenario 3: A sanction is placed on Chinese minerals/metals from the Xinjiang region 

Scenario Likelihood: High

Projected Impact to Metals Supply Chain: Medium

With the U.S.’ latest efforts to curb the harsh treatment of Uyghur Muslims, bills and sanctions have been implemented to ban imports from China’s Xinjiang region. In 2021, President Joe Biden signed The Uyghur Forced Labor Prevention Act, which prohibited imports from Xinjiang and imposed sanctions on individuals responsible for forced labor in the area. Under this scenario, OFAC would require U.S. companies to exit supply chains or ventures that connect them to the Xinjiang region. Mining companies would be required to ask their suppliers to provide an affidavit to determine the product’s origin. In this scenario, the likelihood of this sanction being implemented would be high, but it would also affect American businesses’ supply chains and lead to higher prices in consumer products. 

Scenario 4: Sanction metal producers and mining companies and designate them to the NS-CMIC 

Scenario Likelihood: Low

Projected Impact to Metals Supply Chain: Low

Under this scenario, the U.S. government would prohibit American investments by “U.S. persons from purchasing or selling publicly traded securities of any persons designated or determined to meet certain criteria, including having operations in defense and related materials sector or the surveillance sector of the Chinese economy or being affiliated with such entities.” Designating a company as Non-SDN Chinese Military – Industry Complex Companies List (NS-CMIC list) prohibits U.S. investments in Chinese companies that undermine the security or democratic values of the U.S. and its allies. Presently, none of the Chinese mining companies have ties to the military complex making the likelihood of such a sanction being implemented low, and its effect on the supply chain rated insignificant.  

Scenario 5: Quota on any U.S. persons or entity importing over 50% in rare-earth minerals and metals from China.

Scenario Likelihood: Low

Projected Impact to Metals Supply Chain: High 

Under this scenario, the U.S. would place a quota on U.S persons or entities importing over 50% of their overall rare-earth metals imports. Any Chinese metal and minerals imported over the 50% threshold would be required to pay a 10% tariff. The President would then exercise his authority under Section 232 of the Trade Expansion Act of 1962. Section 232 of the Trade Expansion Act of 1962 “allows any department, agency head or ‘interested party’ to request that commerce investigate to ascertain the effect of specific imports on U.S. national security”. President Trump utilized this approach when he imposed a 10% tariff on aluminum imports with exemptions for Canada and Mexico to protect national security. Implementing a similar strategy on China rare-earth elements would be detrimental to American entities and consumers. It would increase the price of imported goods, create inefficiencies, and trigger retaliation from China. The probability of this sanction being implemented is low as it would have a high impact on the supply chain.

Scenario 6: Sanctioning of Chinese mining companies operating in Afghanistan/Africa 

Scenario Likelihood: High

Projected Impact to Metals Supply Chain: Low

With the U.S. exit from Afghanistan and the Taliban takeover of the country, China is working on filling the void by offering economic investment in the country’s mining sector. Though politically and economically unstable, Afghanistan holds copper, cobalt, iron, sulfur, lead, silver, zinc, niobium, and 1.4 million metric tons of rare-earth metals, which the Taliban will seek to exploit. As of March of 2022, mining company Metallurgical Corp of China has discussed plans to open an office in Afghanistan’s capital city Kabul in early spring to begin mining copper and lithium. Currently, the U.S. maintains sanctions on the Taliban as an entity with the power to veto any moves by China and Russia to ease United Nations Security Council restrictions on the military group[i]. Additionally, the U.S. has frozen nearly $9.5 billion in Afghanistan’s reserves and the International Monetary Fund has restricted Afghanistan access to its resources. Using this approach, OFAC can possibly sanction Chinese mining companies in Afghanistan and certain African countries and prohibit American entities from purchasing rare-earth metal from mining companies located in the targeted regions. Due to the U.S. having other options to buy its metals and minerals, possible sanctions here would not invoke issues with Chinese supply chain concentration risk. As such, the probability of such a sanction being implemented is high, with a low chance of impacting the supply chain. 

Scenario 7: Sanctioning of American individuals or entities from doing business with Chinese mining companies acquiring minerals and metals from Taliban/Afghanistan 

Scenario Likelihood: High

Projected Impact to Metals Supply Chain: Low

Under this scenario, OFAC would sanction American individuals or entities doing business with Chinese mining companies acquiring minerals and metals from Afghanistan or the Taliban. Currently, the Taliban has been designated as a Specially Designated Global Terrorist (SDGT) under Executive Order 13224. This order prohibits transactions with persons who commit, threaten to commit, or support terrorism. It also prohibits U.S. individuals and entities from making any contribution of funds to or for the benefit of entities or persons named on the OFAC-controlled master list of Specially Designated Nationals & Blocked Persons. 

Using the guidelines provided in this order, the U.S. would sanction persons and entities doing business with Chinese firms acquiring rare-earth elements from the Taliban. This sanction’s probability is high with a low impact on the supply chain. It would be easy for U.S entities to require a supplier to provide a country of origin for its minerals. This approach would also encourage more transparency in the supply chain and ensure compliance with the Executive Order. 

Download the full report

Contact Interos to Learn More

The last two years have shown the importance of supply chain visibility. Our supply chains find themselves under constant threat from disruption, with China rare-earth elements at the center. Concentration risk serves as one of the most difficult risk factors to plan for as certain parts of the world dominate particular industries, like China’s control over REEs.  

By understanding your supply chain and these inherent risks you can make proactive plans to line up secondary suppliers or contingency plans in the face of changes. 

Contact Interos to learn more about how we can provide enhanced visibility into your supply chain to better identify these risks.

Earth Day 2022: Invest in our Planet

Given today’s geopolitical conflicts, global economic uncertainty and growing fears of yet another COVID variant wave on its way, it could be easy to overlook the importance of Earth Day 2022.

But hopefully, on April 22 most of the world can pause for a moment and reflect on the timely theme of this year’s Earth Day — “Invest in Our Planet.”

Quite frankly, I can’t think of a more appropriate theme.

Over the last several months, I’ve been in talks with industry and government leaders on a range of operational resilience, risk mitigation and supply chain visibility issues.  One of their top concerns: ensuring that environmental, social and governance (ESG) best practices are woven throughout their enterprises and are creating shared value for their customers, employees, communities and businesses.

Earlier this month, we announced a partnership with ServiceNow that will help many of these business leaders sleep better at night. The integration of our technology into ServiceNow’s Vendor Risk Management (VRM) offering will give their customers greater visibility into ESG risks by providing instantaneous multi-factor risk assessments for every entity in their supply chain.

One firm already leveraging this technology integration is Blackstone. Jennifer Morgan Global Head of Portfolio Operations at Blackstone, put it this way: “Blackstone believes that ESG principles are crucial to developing strong, resilient companies and assets that deliver long-term value for our investors. We’re focused on addressing ESG related risk in a holistic manner that helps our portfolio companies drive deeper visibility into their supply chains to ensure resilience, mitigate environmental, social and regulatory risk, and promote growth.”

The volume of these discussions has risen considerably since last month’s proposal by the U.S. Securities and Exchange Commission to require standardized reporting of ESG practices. I wrote about the implications of that proposal a few weeks ago and noted that more and more investors are truly focused on investing in our planet.

Other recent actions, including New York’s proposed Fashion Sustainability and Social Accountability Act, Germany’s Due Diligence and Supply Chain Act, and The European Union Corporate Responsibility Reporting Directive all point to greater societal and regulatory accountability for businesses here in the U.S. and around the world.

Invest in our planet with technology

Little wonder that technology investments in supply chain businesses are. Supply-chain technology startups raised $24.3 billion in venture funding in the first three quarters of 2021, 58% more than the full-year total for 2020. That pace of investment has not abated.

The sense of urgency is clear, especially among leaders in the consumer-goods industry. Consider that by 2025, almost two billion people are expected to become global consumers, nearly doubling the amount of people purchasing goods from global supply chains in 2010.

In addition, the consumer goods sector is expected to grow by five percent a year for the next 20 years. To meet new global climate requirements, consumer goods companies will need to trim greenhouse gas emissions by more than 90 percent by the middle of the century. The mandate for B2B enterprises is equally strong especially as more transactions and relationships have migrated to the digital world, raising the bar on trust and visibility.

You can only measure what you can see

These challenges are underscored by the fact that only about one in five supply chain managers today say they have visibility into their suppliers’ sustainability practices.

Additionally, our own surveys at Interos show that 37% of responding businesses struggle to obtain the data to measure supplier sustainability accurately.

Businesses have long relied on suppliers to self-attest to their sustainability and ethics status. This information is often inaccurate and submitted through a cumbersome manual process on an annual basis. Given the rapidly changing nature of the modern supply chain ecosystem, periodic self-reporting is no longer adequate, but it is still the method 74% of businesses rely on, according to our study.

This lack of trustworthy information leads to real-world problems: 41% of organizations reported that ESG-related risk factors had caused detrimental impacts to their business in the past two years, making it harder to achieve a sustainable supply chain. ESG-related disruptions today cost companies an average of $35 million in lost revenue annually.

The environmental impact in the supply chain isn’t limited to greenhouse gas emissions. Water scarcity, negligent land-use practices, toxic waste, water pollution, deforestation, air quality and energy consumption are all important factors.

Four investment priorities to think about

In my recent discussions with leaders, at least four key areas consistently surface as priorities around technology to invest in our planet.

  • The first is investing in tools that increase supply chain transparency to ensure suppliers are using ethical sourcing. Today’s supply chain leaders need that visibility to ensure suppliers are following sustainability standards and regulation, whether it’s in their mining, manufacturing or labor practices. Transparency also helps sourcing managers make informed decisions when onboarding new suppliers. Equally important, it is the difference between investors having confidence in your data or not. Blackstone’s Jennifer Morgan further explains: “Our job is to invest in amazing companies and support them to reach their potential. A huge part of that is the way we help them drive ESG value. Technology is transforming how businesses do that.”
  • The second is investing in visibility tools that can provide for greater supply-and-demand planning to reduce overproduction and inefficiencies. When supply and demand planning is out of sync, the results can lead to too much or too little production and distribution, all of which results in waste that impacts the environment. Leaders can avoid these issues with the smart deployment of artificial intelligence, machine learning and predictive analytics that create more efficient supply and manufacturing processes.
  • The third is investing in visibility tools that can help optimize routes and reduce fuel consumption. With greater visibility into supplier behavior and other factors that can impact distribution, such as natural disasters, new regulatory measures and cross-border conflict, leaders can optimize international, national and local shipping routes. Advanced analytics can even update routes in real time to take account of congestion and other issues.
  • The fourth is investing in visibility tools that streamline supply chain processes to reduce waste. While supply chains can be improved through major transformational changes, they can also benefit greatly from iterative improvements. Good analytics and reporting works with machine learning to continually improve processes throughout the supply chain. Every change that slightly reduces waste, speeds up delivery or enhances quality can improve the health of both your business and the environment.

As we recognize Earth Day 2022 and its theme of “Invest in our Planet,” I hope everyone takes a moment to reflect on the technology investments needed to help organizations create more sustainable, responsible and ethical supply chains.

Here’s to a productive Earth Day.

The Future of the Semiconductor Supply Chain

By Trevor Howe, Daniel Karns, and Alberto Coria

As the war in Ukraine continues, companies and countries are urgently assessing where the next major conflict and supply chain disruption may arise. As trade and economic friction grow between Western nations and China, concerns over China’s designs on Taiwan (and the impact of those plans on the global semiconductor industry) have increased. These concerns have only highlighted the need for greater visibility of sub-tier supply chains for critical commodities like semiconductors, and the need to intelligently diversify semiconductor supply chains.

Market Share of Semiconductor Companies (as of Q3 2021)." TSMC, Samsung, and UMC take the first three spots.

The market share of the global semiconductor industry is heavily concentrated in Taiwan, and in particular, Taiwan Semiconductor Manufacturing Co., Ltd. (TSMC). TSMC alone holds a majority of market share with 53.1%, followed by South Korea-based Samsung Electronics with 17.1%. Taiwan-based United Microelectronics Corp. (UMC) comes in third with 7.3%, bringing the market share concentrated in Taiwan to above 60%. Given Russia’s war in Ukraine, there is concern of similar territorial ambitions held by China regarding Taiwan which would disrupt future semiconductor production and global supply.

When considering disruptions to the semiconductor supply chain, the effect that COVID-19 has had cannot be overstated. However, this industry was already inundated with disruptions before the pandemic as well. Instances of earthquakes in the Pacific Rim, clean room contamination events, compromised materials making their way into processes, water supply shortages, cyber-attacks, facility fires, and power outages have all put upward pressure on lead times for semiconductor devices through the years.

There are several notable events which have adversely affected the semiconductor industry since just the beginning of 2020. The ongoing trade war between the U.S. and China raises the cost of certain goods and limits access to certain products by blacklisted Chinese entities. In December 2020, the U.S. added Semiconductor Manufacturing International Corp. (SMIC) to a trade blacklist due to a relationship linking SMIC to China’s military, limiting the already constrained pool of chipmakers from which American companies can receive their chips.

According to Interos data, Taiwan and Japan experience the most disruption events to their semiconductor manufacturing industries. Earthquakes account for a significant portion of disruptions in both countries. Moreover, captured Moderate and Major Impact events were concentrated in Japan. 

Disruptions to the Semiconductor Manufacturing Industry Over Time by Country and Disruption Type.

With 33 captured events, Taiwan has experienced the highest number of disruptions to its semiconductor manufacturing industry as well as the most diverse collection of event types. Japan has experienced the second-most disruptions with 24 captured events. When all disruption events are combined from Taiwan with Japan, earthquakes comprised 67% of all disruption events, with power outages serving as the second-most-common type of disruption.

Disruptions to the Semiconductor Manufacturing Industry Over Time by Disruption Type and Severity

Interos data also revealed that an estimated 45% of disruption events have significant ripple effects on the semiconductor supply chain. Their impact is somewhat ameliorated by the disaster-conscious design of many semiconductor fabs.

Cyber-attacks, like the malware virus that affected TSMC machines in 2018 or the ransomware attack X-Fab Silicon Foundries experienced in 2020, account for just 5% of all captured events, but data indicates a significant upward trend in their frequency since the onset of the pandemic. The increase stems from a rise in global cybercrime and state-sponsored hacking, particularly from state-sponsored groups in China seeking to steal intellectual property to bolster domestic chip manufacturing capabilities.

As the West imposes sanctions on Russia as its invasion of Ukraine continues, Russia is likely to respond against the West with targeted cyber-attacks. This industry could pose a potential target for Russian cyber-attacks, especially since export controls against shipments of semiconductors to Russia would significantly mitigate any negative effects directly felt by Russia as a result.

The American Semiconductor Industry: An Overview

While the U.S. has taken steps to mitigate the spread and ensuing supply chain disruptions precipitated by COVID-19, policymakers have also strived for an expansion of the American semiconductor manufacturing industry to offset future economic strain resulting from a global shortage of semiconductor devices.

Both chambers of Congress passed bills aimed at growing the American semiconductor manufacturing industry with funding incentives. These are the America COMPETES Act (H.R. 4521) which passed in the House in February 2022, and its Senate counterpart, the United States Innovation and Competition Act (USICA) (S. 1260) which passed months prior in 2021. Currently, reconciliation efforts are underway in Congress to agree on final texts and move this legislation closer to becoming law.

Both bills make allocations for three funds intended to promote American semiconductor manufacturing:[4]

  • CHIPS for America Fund – $50.2 billion USD
  • CHIPS for America Defense Fund – $2 billion USD
  • CHIPS for America International Technology Security and Innovation Fund – $500 million USD

These bills also call for the establishment of a National Semiconductor Technology Center (NSTC) to provide a public-private consortium for advanced research, prototyping, and innovation. Current reconciliation efforts will need to address differences between the two bills, such as funding recipient eligibility and direct loan or loan guarantee authority given to the Department of Commerce.

Partly in response to these expected incentive programs, several prominent foundry companies have recently announced expansions in their U.S. operations. Announcements in 2021 included those made by Intel in March 2021, TSMC in April 2021, GlobalFoundries in July 2021, and Samsung Electronics in November 2021. This year, Intel announced a $20 billion USD investment for fabs in Ohio, and as of March UMC has reportedly been eyeing Detroit as a potential investment site for a new fab. Additionally, Micron Technologies has been scouting potential fab sites as part of a 10-year $150 billion USD investment plan in Texas, California, and Arizona.  The CEO of Intel stated in a recent Senate committee hearing that Intel would likely increase its Ohio investment and therefore production capacity were federal incentives to be made into law soon, underscoring the importance of this legislation to the semiconductor supply chain.

Though federal incentive programs would promote American manufacturing, a shortage of skilled workers in the U.S. to operate planned semiconductor fabs poses a threat to the success of these legislative efforts. According to a recent study, 82% of semiconductor industry executives reported a shortage of qualified job candidates. Moreover, an estimated 500,000 positions for engineers in the semiconductor field will open in the next decade, creating a gap which the U.S. will likely need to rely on foreign infusions of talent to fill.

Surviving Semiconductor Supply Chain Shortages

There does not appear to be a consensus on when the current semiconductor shortage will end. Opinions range from the second half of 2023 to well into 2024. Although foundries are investing capital and in some cases are already breaking ground on new fabs, many of these new fab sites will not be online until 2024 or 2025. Moreover, those slated for completion in 2022 and 2023 are not guaranteed to meet their deadlines as COVID restrictions and supply chain delays for construction materials and highly specialized equipment can be expected to continue. Furthermore, with the addition of production capacity comes increased demand as an increasing number of manufacturers rely on semiconductor devices.

Companies should expect the semiconductor device shortage to continue through 2023, underscoring the need to adapt to this environment. Several options are available to companies that rely on semiconductors:

Identify specific supply inhibitors

Automotive manufacturers’ operations have been held up by power management integrated circuits (PMICs). PMICs cost less than $1 USD but their short supply has cost automotive manufacturers billions of dollars as they have been forced to stall operations as they await PMIC deliveries. Since “semiconductor” is an umbrella term for multiple specific-function devices, end-users should identify the exact products presenting problems within their supply chains. Afterwards, Interos automated solutions and machine learning technologies can aid companies to restore or improve their supply chains.

Diversification of suppliers

Supplier diversification is only possible with a comprehensive understanding of the supply chain. The Interos Resilience platform enables visibility into these sub-tiers, allowing companies to identify nodes of concentration as well as alternative suppliers in the event of disruptions.

Balance selective ‘just-in-time’ practices with maintained inventories

Identifying reliance on specific components and assessing the global situation can inform which components would benefit from having an expanded inventory to hedge against disruptions.

Conduct semiconductor supply chain planning exercises

Unfortunately, front-end fabrication is just one piece of the puzzle in this complex industry and diverse supply chain. Bottlenecks elsewhere, from the supply of materials to the delivery of specialized equipment, can have significant ripple effects on capacity, not to mention disruptions in shipping and logistics that can add delays to lead times.

Any approach to expanding chip capacity at scale and understanding your supply chain risk exposure must be multi-faceted and thorough, leveraging real-time sub-tier supplier insights that provide holistic, multi-risk-factor monitoring.

Then, to learn more about the Interos platform, visit interos.ai.

The Increasing Role of the CISO in Operational Resilience

The Increasing Role of the CISO in Operational Resilience

As supply chain attacks and disruptions are becoming more common, Interos sees the increased need for the Chief Information Security Officer (CISO) to become more proactive in dealing with business continuity and risk management to achieve operational resilience. This need is discussed in detail in Michael Rasmussen’s paper, www.interos.ai/mikesbloglink/ from GRC 20/20 Research.

Michael is a well-known figure in the cybersecurity and governance, risk management, and compliance (GRC) community. He was for many years a top Forrester Research analyst, and now runs GRC 20/20. In this paper, the need for the CISO to look at operational resilience as an achievable task is well laid out both in approach and goals.

CISOs Must Consider Business Continuity and Risk Management

Operational resilience is the ability of an organization to plan for supply chain disruption, be able to execute correctly, and take advantage of new situations. Many organizations lack the agility to deal with supply chain disruption because they fail to see it as a regular part of business continuity & risk management planning. Recent events have shown how some organizations have been caught entirely off-guard by disruption, but others have pivoted and thrived. 

The CISO’s role is one of protecting the organization. This is now increasing to include active threats, including supply chain cyber disruptions and risks. A cyber-attack can disrupt a supply chain because a supplier was found to be using counterfeit goods or subject to sanctions. The recent Log4J event highlighted this problem. Most vendors provided a patch, which was the most straightforward approach. For instance, some vendors’ solutions had to be repositioned within the network behind a Web Application Firewall (WAF). Still, others that could not be mitigated had to be removed and replaced, which was the most disruptive. 

Supplier issues are addressed in the same way. A supplier may have a cyber-breach, but most can address this with patches and taking a positive approach to resolving the problem. Suppliers found to be using counterfeit goods may have some products discarded or re-worked with new material, fixing the problem. But a vendor who cannot come into compliance or has fundamental issues like bankruptcy must be replaced, which has the most negative effect on the organization. The CISO must look at more risk factors than cyber to address this proactively. They must coordinate with the other teams within their organization to discuss business continuity & risk management concerns, and ultimately guide executive leadership on the best way to achieve operational resilience and prepare for supply chain issues.

The GRC 20/20 paper addresses this subject in detail. Interos suggests you review it and learn from Rasmussen’s vast experience the best approaches for a CISO to become a master of operational resilance. To learn more about the Interos platform, and how it can help CISOs with challenges tied to business continuity and risk management, visit interos.ai.

Download report.

Russian Invasion of Ukraine: More Global Supply Chain Ripple Effects

By: Margaret D’Annunzio, Trevor Howe & Michael Eddi

Russia’s invasion of Ukraine has created a humanitarian crisis and is the most profound conflict in Europe since the Second World War and countless supply chain ripple effects. Amid the suffering and chaos, companies and governments are both acting and reacting to the challenges presented, creating a cascading and unpredictable sequence of events.  

Global supply chains that were already stretched by COVID-19 have been significantly and, in some cases, permanently altered. While it is relatively easy to discern what key materials have been immediately impacted by physical and political blockages of goods, the medium- to long-term impact of the invasion is complex and will require ongoing analysis at both the policy and logistics level.  

It is all but certain that second-order and unintended disruptions will occur. Some of the key elements include: 

  • Logistics routes changes and higher costs 
  • Energy sourcing strategy changes and price volatility
  • Realignment of the geopolitical landscape 

Logistical changes: reduced shipping in the Black Sea, altered air and costlier routes 

Ukrainian exports account for a significant part of several commodities’ global trade: Ukraine exports 13% of global corn and 12% of global wheat, and is the fifth largest exporter of iron ore in the world.   

Shipping routes through waters on Black Sea are likely permanently altered. Trade will be affected as enterprises classify the area as an increasingly risky area in which to operate. Even prior to Russia’s invasion, London’s marine insurance market had already added the Ukrainian and Russian waters around the Black Sea to its list of areas deemed high risk.

Since the start of Russia’s invasion, insurers have raised the cost of providing cover for merchant ships through the Black Sea driving up the overall cost of transporting goods through the region which has already experienced upward pressure from elevated fuel costs. 

European airspace closures and global Russian aircraft bans are also expected to create protracted international shipping timelines and increased air-freight costs. These after-effects will manifest as a byproduct of longer contingency routes around restricted airspace, creating longer journeys that, in turn, require greater amounts of fuel to move cargo.  

It is estimated that fuel represents a quarter or more of a given airline or airfreight organization’s cost base.

Energy supplies and the impact of sanctions 

Sanctions against the Russian energy sector were initially avoided, largely due to concerns over the resulting price increases. But as President Putin has relentlessly continued his assault on Ukraine, policymakers in the U.S., U.K. and E.U. announced plans to curb the import of Russian energy in coordinated moves, driving prices even higher. 

President Biden signed an Executive Order to ban U.S. imports of Russian oil, liquefied natural gas, and coal, as well as the prohibition of direct or indirect U.S. investment in Russia’s energy sector.

The British Government announced it will phase out Russian oil and oil products by the end of 2022.  Although many countries have not directly banned oil imports from Russia, sanctions in the Russian finance, banking, insurance and freight industries have targeted their relationships and effectively caused disruptions in the logistics of the oil market, along with elevated costs and market price volatility.  

Geopolitical landscape changes and strengthening alliances 

Russia’s invasion of Ukraine has already had significant ripple effects for countries not actively engaged in the war. Germany has announced several major policy decisions contrary to previously stated positions, leading to an allocation of €100 billion euros in its 2022 budget, one of the largest injections of capital recently seen into the European defense sector.  

The potential spread of the conflict to neighboring countries in the area such as Moldova could further complicate the situation and undermine significant supply chain nodes in the automotive industry. And geopolitical shifts could occur regarding NATO membership for Finland and Sweden, exacerbating tensions between Russia and Northern Europe, as well as potentially more energy price shocks.  

For the first time, there appears to be a majority of the population in Finland and Sweden in favor of NATO membership. 

The war also seems to have driven China and Russia closer together, strengthening an already dangerous alliance. While most of the world is sanctioning Russia, China has signaled its intent to continue to trade with its strategic partner, and in some instances such as for wheat, to step up trade 

With Russia and Ukraine making up 30% of global exports of wheat, food costs have risen. Food shortages and rising energy prices create an even more dangerous environment in some regions of the world, and in a more deglobalized, fragmented economy, growth and demand will stall.  

Changes to the global economic order are already foreshadowed and, with it, ultimately comes possibly profound and fundamental shifts in most supply chains as payment networks are restructured, reserve currency dependencies reconsidered, and energy trade transformed. 

To read our full report, Russian Invasion of Ukraine: Second-Order Developments, click here. To see all of Interos’ analysis and reports related to the war in Ukraine, click here.

Why Taiwan Could Be the Next Source of Global Supply Chain Disruption

When supply chain executives are asked about the risks that most concern them, geopolitical issues such as wars, social unrest, and major terrorist attacks are typically low on the list. Or at least they used to be. Soon, the supply chain impact of a Chinese invasion of Taiwan may top that list. 

We’ve already seen how war can shift perceived supply chain risks. Just prior to Russia’s invasion of Ukraine, for example, an Interos survey of 1,500 procurement and IT security professionals found that geopolitical considerations were by far the lowest ranked risk factor when evaluating suppliers. Less than a quarter placed it in their top 3 risks.

Asked the same question a few weeks into the war, however, and that figure had more than doubled to over half of the sample.

The events in Russia and Ukraine demonstrate how military conflict can quickly disrupt global supply chains that are heavily dependent on a particular region or country. This is often referred to as concentration risk. 

In this case, the impact is largely around the availability and cost of key commodities and raw materials — oil and gas, metals such as titanium and palladium, and agricultural crops such as wheat and corn. 

The supply chain impact of a Chinese invasion of Taiwan would be rather different — and, in all likelihood, much greater.

A Chinese invasion of Taiwan would disrupt vital electronics supply chains

Russia’s action has reignited fears about China’s intentions towards Taiwan, an island of almost 24 million people situated 100 miles off the Chinese mainland.

Since Taiwan’s declaration of independence in 1949,  China has claimed sovereignty over Taiwan and regards it as a rebel region that must be reunited with the mainland, by force if necessary.

Taiwan is a vitally important hub in global electronics supply chains, with 53% of its exports by value in 2021 being electronic components and technology products, according to official data.

While China is Taiwan’s main trading partner, accounting for 28% of these exports, the U.S. (15%), Europe (9%), Japan (7%), and Singapore (6%) are also significant importers.

Analysis of Interos’ global relationship mapping platform reveals that:

  • More than 23,100 U.S. companies buy directly from Taiwanese suppliers at tier-1, while more than 112,500 buy indirectly at tier-2, and over 237,500 at tier-3.
  • More than 3,600 European firms buy directly from Taiwanese suppliers at tier-1, while over 68,000 buy indirectly at tier-2, and over 184,000 at tier-3.
  • More than 1,200 companies in Japan and Singapore, along with Australia, buy directly from Taiwanese suppliers at tier-1, while over 11,300 buy indirectly at tier-2, and over 26,000 at tier-3.
  • Electronic equipment and components, semiconductors, machinery, household durables, software, and chemicals are among the main industry segments represented in these trading relationships.

The global leader in semiconductor manufacturing

In both geopolitical and supply chain terms, Taiwan’s importance to the world economy is heavily skewed towards semiconductor manufacturing.

In 2020, Taiwan had a 63% market share of global chip production and integrated circuits (ICs), and micro assemblies accounted for 35.6% of the country’s exports by value — 10 times more than the next highest category (see table below).

Taiwan’s Exports by Value
US$, 2020

["Taiwan's Exports by Value." Integrated circuits and micro assemblies top the list at over 122 billion USD in 2020.]

Source: World’s Top Exports

Of particular strategic importance, Taiwan dominates the manufacturing of cutting-edge chips used in advanced commercial and military technologies, producing over 90% of global output featuring transistors smaller than 10 nanometers.

Interos data analysis suggests that while TSMC, as a contract manufacturer to the semiconductor industry, has a relatively small number of direct customers in the U.S. and Europe, its importance at tiers 2 and 3 is enormous.

  • Of U.S. companies being supplied by Taiwan-based semiconductor manufacturers, 12% are supplied by TSMC at the tier-1 level, but at tiers 2 and 3 the equivalent figures are 70% and 86% respectively.
  • Of European firms being supplied by Taiwan-based semiconductor manufacturers, 4% are supplied by TSMC at the tier-1 level, but at tiers 2 and 3 the equivalent figures are 65% and 85%

The COVID-19 pandemic has created a severe shortage of chips for automobiles, computers, games consoles, medical devices, and other electronic equipment.

This crisis, and growing awareness of just how concentrated semiconductor manufacturing is in Asia (South Korea and China being the two other main producers after Taiwan), has prompted the U.S. and European governments to call for geographic diversification of capacity.

TSMC is currently building its first U.S.-based fab in Arizona, due to open in 2024, while Intel and Samsung — two other industry heavyweights — are investing tens of billions of dollars in advanced chip-making plants in Germany, Ireland, and Texas.

However, it will be several years before this new capacity comes online. In the meantime, the possibility of a Chinese invasion of Taiwan remains a critical threat to global supply chains that depend on semiconductors and other vital electronic components.

Caught in the crossfire between the U.S. and China

Taiwan is at the center of the superpower battle between the U.S. and China — a geopolitical and economic struggle for supremacy that was ratcheted up beginning in early 2018 with the trade war and tightening controls on the sale and usage of key American and Chinese technologies.

Sino-American friction over Taiwan has increased during the past year, with both nations stepping up air- and sea-based military drills in the area around the island.

This situation is of particular concern to neighboring Japan. In late February, an opinion poll found that 77% of Japanese people were worried that Russia’s invasion of Ukraine could increase the likelihood of Chinese aggression.

Whether China attempts to take Taiwan by force or not — and there are plenty of good reasons commentators think it won’t (see below) — the supply chain impact of a Chinese invasion on global semiconductor and electronics supply chains is concerning.

Will China Invade Taiwan?

Will China Invade Taiwan?" Two columns list reasons China would or wouldn’t invade, and are roughly equal in length

Aside from the obvious geopolitical threat, Taiwan is also at risk from natural disasters. The island is situated on the Pacific Ring of Fire, a 25,000 mile (40,000 km) zone that experiences a majority of the world’s most powerful earthquakes and around three-quarters of its volcanic activity.

Any catastrophic event in Taiwan, whether caused by human or environmental factors, would have a rapid and financially damaging impact on global supply chains that could significantly outstrip that experienced during Russia’s war on Ukraine.

Time to re-assess risk exposure and rethink supply chain risk management

The message to global supply chain leaders with respect to Taiwan is fivefold:

  1. Assess your dependence on, and risk exposure to, Taiwan by understanding the direct, tier-1 relationships you have with Taiwanese suppliers and the components, parts, raw materials, and products you buy from them.
  2. Build transparency of your indirect connections to Taiwan by getting visibility of your extended supply chain in the country at tiers 2 and 3.
  3. Evaluate the extent to which key semiconductors, electronic components, and other items you depend on from Taiwan-linked supply chains are single- or sole-sourced — and where you have viable alternative options already in place.
  4. Where your dependence on Taiwan is deemed unacceptably high, according to your organization’s risk appetite, develop a strategy aimed at diversifying your supply base footprint to other geographies — either by sourcing from new suppliers and/or by working with existing partners to utilize alternate capacity.
  5. Ensure that you continuously monitor your Taiwan-dependent supply chains for both geopolitical and operational risk events, alongside those of a financial, cyber-security, and ESG nature.

If the above steps seem impossible within your current supply chain or procurement programs, it may be time to stop relying on the often-manual, reactive capabilities of supply chain risk management and time to start leveraging technology-driven solutions within an operational resilience framework.

Fill out the form below to download Interos’ full report on Taiwan and the semiconductor supply chain or, to learn more about the Interos platform, visit interos.ai.

Updated: China’s Zero-COVID Policy Exacerbates Supply Chain Disruptions

The Chinese government has escalated its response to a Covid-19 outbreak in Shanghai, sending in more than 10,000 health workers and 2,000 military personnel to conduct mass testing of every city resident.

The testing comes as the latest step in what started as a two-phase lock-down to reduce virus transmission and has a major impact on supply chains, the global economy, and companies such as Tesla and Volkeswagen who have major factories in that region. These factories have been forced to temporarily shut down during the initial phase of the most recent lock-down.

The aggressive testing approach comes as part of China’s zero-Covid strategy, which in recent weeks has led to rapid shutdowns of major economic and manufacturing regions to contain the spread of the virus. Shanghai, home to more than 26 million people, reported more than 9,000 new cases early Monday.

Although Chinese officials claim the port remains open, port workers, factory workers and truck drivers are not permitted to travel to work. This will limit the ability factories to deliver containers to the ports during this time.

Aside from Shanghai, over the past few weeks the Chinese government has also locked down the key business city of Shenzhen, and ten other areas due to new cases of domestic COVID infections. In the northeast of the country, Changchun and other cities in Jilin Province have shut and smaller cities such as Suifenhe and Manzhouli (on China’s border with Russia) have temporarily closed as well.

Many of these areas within China are critical international hubs for manufacturing and technology. The extreme and now-frequent shutdowns have further taxed already-stressed global supply chains.

The Global Impact of China’s Zero-COVID Policy on the Supply Chain

Data analysis from the Interos global relationship mapping platform illustrates the importance of Shanghai to US-based companies, for example:

  • 20,000+ US entities have direct relationships with tier-1 suppliers in the Shanghai region
  • This number grows to over 95,000+ entities when indirect suppliers at Tier 2 are included
  • At the Tier 3 level, 203,500+ US companies have indirect supplier dependencies in Shanghai
  • Software, machinery, textiles/apparel, specialty retail, commercial services and electronic equipment/components are among the main industry sectors covered by these buyer-supplier relationships

When including Shenzhen and Jilin to the Shanghai disruption, we find the following:

  • More than 25,000 US entities buy directly from suppliers in the Shenzhen, Shanghai and/or Jilin regions
  • This number grows to over 103,900 entities when indirect suppliers at Tier 2 are included
  • At the Tier 3 level, 206,700 US companies have supplier dependencies in Shenzhen, Shanghai and/or Jilin

China has been indiscriminate in its closures. The one-week shutdown of Shenzhen, included Yantian, home to another of the country’s busiest container ports. Other highly populated districts of the city, including the commerce hub of Futian and technology-based Nanshan, were also closed. These closures prevented millions of office and factory staff from getting to work.

Desperate Times Call for Creative Measures

Because most Chinese factories do not disclose inventory details, it is difficult to predict the immediate impact of these closures. Existing stocks and spare capacity at alternative plants outside the locked-down areas can absorb orders for a short time.

Some manufacturers resort to creative measures. For example, Apple contract manufacturer Foxconn was able to restart some production at its Shenzhen factory using a “closed-loop” system where workers living on-site must remain on the company’s campus. GM and Volkswagen have also been able to keep their Shanghai plants open. But even creative solutions like this don’t work for all companies: Tesla attempted to use the closed-loop system when Shanghai was closed, but ultimately could not due to lack of provisions.

Because of the global reliance of US, British and other companies on suppliers in these affected areas in China, delays to finished products, parts and components from the region are likely. As a point of reference, last year’s one-month disruption at Yantian port, the world’s fourth-largest, held up thousands of shipping containers. The ensuing backups caused a massive ripple effect on global supply chains.

Any extended lockdown would likely affect semiconductors and electronics used by multiple sectors, including the automotive industry, extending long lead times for these products further.

Click the video to learn how to use the Interos platform to monitor Shanghai supply chain risk exposure.

Understanding the Inflationary  Impact

China’s zero-COVID policy may also increase pressure on the global economy by intensifying the impact of inflation. Supply chain bottlenecks were expected to “materially ease in the early months of this year,” with downward pressure on producer and input prices and shorter lead times, according to Katrina Ell, a senior economist for Asia-Pacific at Moody’s Analytics. “But given China’s zero-COVID policy and how they tend to shut down important ports and factories — that really increases disruption.”

The US Federal Reserve and the International Monetary Fund have both issued similar warnings. The IMF also revised up its near-term projection for inflation “in response to the anticipated slower resolution of supply issues”.

This post has been updated from its original version to include new information.