Nested Networks: Hidden impacts to Supply Chain Risk Management & Operational Resilience

May 7, 2021
Noel Calhoun

The ongoing crises of the past 15 months have practically upended supply chain risk management. COVID, SolarWinds, Texas power outages, microchip shortages, backed-up waterways, a massive cargo ship stuck sideways in the Suez, and other incidents have threatened the stability of the global economy. These disasters have prompted organizations to rapidly uncover their reliance on “nested networks,” groups of suppliers that are hidden from conventional visibility but are crucial to continued operations.

To achieve operational resilience, organizations must continue to rethink how they look at supplier relationships and these nested networks. Only by visualizing and understanding these connections can organizations finally better anticipate and quantify supply chain risk.

Visualizing the Nested Network in Your Supply Chain

Your primary supply chain network is mostly one of business relationships. You buy parts, raw materials, services, and software from a wide variety of vendors—some large, some small, some foreign, and some domestic. Most large companies have global footprints, whether they want to or not.

Nested Network Layer 1: Business Network

Imagine your primary supplier of microprocessors has a fire at one of its factories and you don’t maintain a mountain of inventory. Assuming you can’t easily substitute another vendor, that’s a major production problem for your business. This is a first-tier network disruption that is probably obvious to your organization and easily discoverable through traditional supply chain risk management methods.

Nested Network Layer 2: Transportation

Most goods and services need to be physically transported somewhere else to be consumed. If you are a fashion retailer in New York buying denim pants from a factory in Pakistan, do you have a business relationship with Suez Canal Authority. No? Well, of course you do because those articles of clothing go into a container, which goes on a ship that travels through a waterway like the Suez Canal before being unloaded in New York. The maritime, air, rail, and trucking networks of the world are embedded in your business, often out of sight and out of mind. You might think that the transportation and logistics network is also obvious and easily quantified and visualized. Maybe. But that’s not the end of the nested—and often hidden—network.

Nested Network Layer 3: Money

In order to have those denim pants shipped to you, you probably needed to pay someone. Money needed to change hands, and since its unlikely you pay all your vendors in cash out of the back of your loading dock, you are depending on yet another nested network.

Money movement is sometimes opaque and difficult to understand. How exactly does the money from your account at your local bank make its way across the world and into another businesses’ account in a verifiable and trusted way? If you said, “via a nested network,” you get a gold star. These networks include routing systems like Fed Wire, CHIPS, ATM, ACH, SWIFT, and even crypto currencies such as Bitcoin, Ethereum, and many others. ACH networks get defrauded; ATM networks can go down. These financial networks don’t get disrupted often, but, as we’ve learned, disruptive events are out there, they are happening more often than ever, and organizations need supply chain risk management approaches that can anticipate such unlikely, but disastrous, eventualities.

Nested Network Layer 4: Telecom

Different from cyber or the internet, telecom is a mix of technologies, some dating back 100 years, that includes plain old telephone system (POTS) lines, microwave towers, submarine fiber optic cable, telco hotels, and LTE/5G. I will also lump GPS in there as well, realizing it could also fit in several places. Thick copper and fiber optic cables snake around the world going into peering exchanges, central switching facilities, across bridges, through tunnels, under shipping channels, and onto rocky beaches. Satellites and ground stations plug into those cables literally and metaphorically. You can have multiple offices, maybe even multiple data centers, all being fed off the same cable. And sometimes weird stuff happens to those cables—unexpected things involving ship anchors and backhoes.  Your digital data supply chain is just as vital as your physical one. But it’s not as visible, and unless you truly understand how it works, you can easily have a false sense of security and resilience.

Nested Network Layer 5: Cyber

Cyber networks are related to telecom, but they are substantially different. Cyber is really all about today’s internet and our dependence on that specific slice of communications technology. You would be hard pressed to come up with a list of big companies that don’t depend on cyber networks to conduct business. That means there are also dependent on yet another hidden network.

There are foundational technologies networked together that lurk right beneath the surface, controlling how your data moves across the internet. Domain Name System (DNS) and the Border Gateway Protocol (BGP), which route enterprise critical information over the internet, are based on trust, distributed on servers all over the world, and are not nearly as robust as you might think. If you’re sending data from the U.S. to Italy, should it take a detour and route through China? Probably not, but that’s what happened in 2016 when China Telecom exploited BGP to route internet traffic through their domestic cyber infrastructure rather than letting data take the most efficient path. In 2010, China (accidentally?) slurped up 15% of all internet traffic for 18 minutes by misconfiguring some BGP settings.

The threats and vulnerabilities to your company’s cyber operations are well documented and hard to miss. Phishing emails, ransomware, bot-based distributed denials of service, and malware propagation have become household words at this point, and they rightly get most of the attention. However, the hidden network of technologies behind the internet are a tempting target and ripe for disruption. The question is: Where does your organization’s cyber infrastructure intersect with the larger internet and how can your supply chain risk management function better anticipate and prepare for situations where everything is not working as it should?

Gaining Insights and Visibility into the Complexity of Your Nested Network

Your supply chain is an interwoven group of visible and hidden nested networks that tend to behave normally most of the time but are subject to chaotic interactions that are nearly impossible to predict or anticipate. You may be aware of some of the critical weak points, but it is increasingly difficult to know them all at any given moment in time.

If you expand your collective definition of what constitutes the supply chain to include the concept of nested networks, you can better frame the problem. You can take advantage of new and existing technologies — such as all-source data fusion, anomaly-event detection, time-series forecasting, and dependency graphs — in ways that will change how you see and manage your supply chain.

You can’t be immune from supply chain failures, but you can be prepared. You can see and monitor your full supply chain down to the Nth tier, understand your nested networks, and achieve operational resilience. The right partner can help you identify the data, tools, and technologies you need to deal with these events when they occur. Reach out to us to see how.

View next

Ensure Operational Resilience

Request Contact

Build operational resiliency into your extended supply chain:

  • 889 compliance – ensure market access
  • Data sharing with 3rd parties and beyond – protect reputation
  • Concentration risk – ensure business continuity
  • Cyber breaches – assess potential exposure
  • Unethical labor – avoid reputational harm
  • On-boarding and monitoring suppliers – save time and money