Modelling Supply Chain Cyber Risk in a Disrupted World

By Andrea Little Limbago

On March 2, the Biden Administration announced a new National Cybersecurity Strategy. The need for a strategic change should not come as a surprise — Interos’ 2022 Resilience survey of 1,500 procurement and cybersecurity leaders revealed supply chain disruptions from cyber incidents alone cost enterprises $37M annually. Estimates of the global annual cost of cybercrime exceed ten trillion dollars.

Interos is closely monitoring the rising costs of cyber disruption and the continuously changing state of play, among other factors. We’ve refined and updated our cyber risk factor, one of the six factors within the Interos i-ScoreTM, in light of these and other trends shaping cybersecurity. The enhancements include a new cyber behavior model to detect potentially harmful cyber activity regardless of public disclosure, along with commercial cyber ratings, vulnerability information (CVEs), threat assessment (Mitre ATT&CK®), cyber events, regulatory compliance, and operating country regulations and risks into a single score.

You can read about those details in our press release. This blog will focus on those strategic factors driving these changes and the challenges in developing a solution that delivers cybersecurity insights to non-experts, all within the backdrop of the generational shift underway in the international system.

Trends Driving the New Model

To address the growth in scope and scale of cyberattacks (and their ripple effect across the supply chain) the Biden administration’s new National Cybersecurity Strategy is putting more responsibility on vendors and service providers. This is part of a larger trend prompting organizations to prioritize long-term collective investment in cyber resilience – and is reflective of Interos’ collective resilience approach to cyber.

Cyber leaders are also increasingly acknowledging the human element and assessing those risks through a socio-technical lens. This has led to both a focus on user interactions as well as the growth in new compliance frameworks and regulations. That’s why the enhanced Interos cyber risk factor accounts for compliance with CSF V1.1, NIST SP 800-53, PCI DSS V3.2.1 and other standards, as well as the global expansion of data privacy and cybersecurity regulations.

To that end, an organization’s geographic location plays a crucial role in both compliance as well as data risk levels. This variation stems from differing levels of data sovereignty which depend on the localized cyber and privacy environment. Risks surrounding the concentration of the physical infrastructure underpinning the internet also pose a significant challenge, as seen in the case of Russia’s cyberattack on ViaSat’s services in Ukraine or the disconnection of undersea cables which happened in Scotland and France.

The adoption of collective resilience (creating shared supply chain and operational strength) is accompanying our broader understanding of the range of cyber risks, which is why collaboration is prioritized in national and international cyber strategies. As Alejandro Mayorkas, the Secretary of Homeland Security, noted, “We have to drive the entire ecosystem to be more cyber vigilant.”

Developing Interos’ Enhanced Cyber Model

Tackling Key Challenges in the Cybersecurity Landscape

Development of this new model address two core challenges:

  1. Aggregating Data into Intuitive Formats: The difficulty of integrating disparate data sets in a timely manner and presenting them in an intuitive, explorable format. We recognize that many cybersecurity tools are designed for information security professionals, making them inaccessible to others involved in risk management.
  2. Understanding Behavior: The importance of understanding both threat actors’ and defenders’ behaviors and integrating that knowledge to identify the most relevant risks.

Cyber has an interesting data problem in that there is a data deluge and a data desert at the same time – meaning there is so much data, but it’s not always the relevant data. The Interos model addresses the above challenges by focusing on integrating and presenting the range of these trends (over individual data points) to capture the core areas of vulnerabilities, threats, compliance, and adverse cyber events. Through this holistic approach we can provide a comprehensive view of cybersecurity risks across the entire supply chain ecosystem, from vendors and service providers to critical infrastructure and sensitive data.

We also utilized the extensive community work and expertise from federal organizations like NIST CVE and MITRE’s ATT&CK framework while accounting for both opportunistic and targeted threats by identifying industries/groups most susceptible to targeting, and vulnerabilities most likely to be exploited. Our approach also focused on quantifying data risks across locations by merging different data types to capture the diverse data sovereignty and global risk environments — a project we presented at Black Hat cybersecurity conference a few years ago.

Implications and Value: Uncovering Hidden Risks and Enabling Proactive Measures

The implications of this new model are vast. It highlights areas of risk that often are not brought together, allowing users to take action to decrease cyber risk. This may include reaching out to critical suppliers that may be at risk and coordinating a plan to elevate their defensive posture, or identifying those key parts of their supply chain located in areas where the data may be more at risk due to an adverse regulatory environment.

The Interos model surfaces a range of cyber risks, while contextualizing those risks within a broader supply chain risk framework. For instance, users can identify who might be at high cyber risk as well as high financial risk, since these suppliers may not have the resources to grow their defensive posture or could be extremely vulnerable to insolvency if attacked given the cost of breaches.

Personal Observations: Expanding Access to Cyber Risk and Addressing Global Challenges

Two particular aspects of this project are especially important to me, in terms of their ability to address broader systemic challenges across the industry that have significant implications for the future :

  • Addressing the cyber industry’s gatekeeper problem, which restricts risk assessment access to those with information security technical expertise. Interos’ updated model marks a significant stride towards broadening access to cyber risk assessment outside of an enterprise’s Security Operations Center.
  • Further integrating supply chain risk and cyber risk, particularly in the context of a re-globalized world economy, technological bifurcation, and the geopolitical fracturing of the internet. This integration is essential for fostering cyber vigilance and tackling the challenges presented by emerging technologies and global competition.

A modernized approach to cyber risk will be an essential tool for organizations exploring how to adapt to a changing global order whose shifts are being felt across supply chains, geopolitics, and technology development. Interos’ enhanced model for evaluating cybersecurity risk across supply chains signifies a significant step towards that goal.

By expanding access to meaningful cybersecurity information, through a multi-factor, supply chain-wide approach, we can enable organizations to proactively manage and mitigate risks on a far greater scale than ever before, bringing non-cyber experts into the decision room, and fostering resilience and success in this ever-evolving global landscape.

Western Firms at Risk of Indirectly Supplying the Russian War Machine

By Geraint John

North American and European companies have been urged to ensure that they are not inadvertently supporting Russia’s war effort in Ukraine by facilitating trade through third-party intermediaries.

A year on from its invasion, the U.S. government and the European Union (E.U.) are concerned that Russia is evading stringent sanctions and export controls by importing vital products through neighboring and “friendly” countries.

Earlier this month, the U.S. Departments of Commerce, Treasury, and Justice issued a joint compliance note asking multinational firms to “exercise heightened caution” and be “vigilant in their compliance efforts” to avoid items such as advanced semiconductors and other electronic components ending up in Russian hands.

The E.U., meanwhile, says it is investigating a surge in exports from European companies to customers in countries such as Armenia, Kazakhstan, and Kyrgyzstan, which have increased their trade with Russia since sanctions were introduced in March 2022. It is also reportedly planning to ask these countries to enhance their trade monitoring.

A new Interos white paper notes that the number of restrictions on Russian entities – around 2,500 currently active with more than 1,100 imposed in 2022 alone – are “unprecedented in their scale, scope, and breadth.”

Russia Import Restrictions Are Being Circumvented by “Friendly” Countries

Analysis of official trade data by three economists at the European Bank for Reconstruction and Development (EBRD) found “evidence suggestive of intermediated trade via neighboring economies being used to circumvent the sanctions.”

While E.U. and U.K. exports to Russia “dropped sharply” after the imposition of sanctions, exports to Armenia, Kazakhstan, and Kyrgyzstan (the CCA3) – part of the Eurasian Customs Union alongside Russia and Belarus – increased by between 15% and 90%.

Shipments to CCA3 countries covering almost 2,000 sanctioned products, including armaments, chemicals, dual-use technologies, and sensitive machinery, rose by an additional 30% relative to other goods, according to the EBRD. U.S. exports to Russia and the CCA3 followed a similar pattern last year, albeit at lower volumes.

At the same time, Armenia, Kyrgyzstan and Georgia all recorded “significant increases” in exports to Russia (see chart). This, says the EBRD paper, suggests that new supply chains have been set up to channel sanctioned products to Russia from these countries, “not necessarily with the knowledge of the Western exporter.”

But direct sales to Russia also remain a concern. This week, PBS News accused a major American machine-tool manufacturer of flouting export controls by supplying a Russian distributor with vital spare parts, which could be used for military purposes, for months after those controls were imposed last year.

Exports to Russia From Armenia, Kyrgyzstan, and Georgia – January 2020-August 2022

Separate analysis by the Silverado Policy Accelerator, a U.S. non-profit organization, published in January argued that former Soviet states “have become key transshipment points for goods that are ultimately sent to Russia.”

It also noted that Russia had significantly increased its imports from non-sanctioning countries such as China and Turkey. These included semiconductors (see chart), machinery, and heavy trucks, as well as consumer goods such as smartphones and domestic appliances.

Exports of Integrated Circuits to Russia From China and Hong Kong – January-November 2022

In recent months, U.S. officials have called on China, Turkey, South Africa, and the United Arab Emirates ( UAE), among other countries, not to help Russia evade its sanctions.

Together with their E.U. and U.K. counterparts they are also reported to have visited the UAE to express concern that it is becoming a key shipment hub for electronic components and other sensitive products being re-exported to Russia.

The E.U. recently imposed sanctions on a Dubai-based subsidiary of the Russian state-owned shipping company Sovcomflot, a key player in supporting the country’s energy revenues, as part of a new package of measures.

Russian Interests and Indirect Business Relationships

Russian ownership of foreign entities is one potential type of supply conduit of sanctioned goods into the country.

Interos’ global relationship platform highlights 166 entities based in the UAE that are wholly or partially owned by Russian interests.

Similar numbers are located in both Armenia and Hong Kong, according to the data, although these are dwarfed by the thousands of entities registered in European countries such as the Czech Republic, U.K., Germany, Latvia, Bulgaria, and Italy.

Another source of supply is links between Western firms and intermediaries in countries accused of supplying Russia’s war effort. Our analysis here reveals:

  • Almost 700 relationships between Russian end customers and 170-plus distinct suppliers in China, Turkey, India, Uzbekistan, and other Central Asian countries.
  • More than 8,100 relationships between these suppliers and over 1,750 distinct Western firms in the U.S., Canada, E.U., and U.K.

What this shows is that the global network to support deliberate or inadvertent illicit trade with Russia – so-called “supply chain washing” – is extensive and the risks of breaching sanctions and export controls are high.

“Red Flags” to Watch Out For

In their “tri-seal compliance note” published on 2 March, the U.S. Department of Commerce (DOC), Department of the Treasury and Department of Justice (DOJ) urged companies to be on the lookout for “warning signs of potential sanctions or export violations.”

It listed 13 common “red flags” to watch for, including:

  • The use of shell companies to obscure ownership, origin, and funding sources
  • A reluctance by customers to share information on product end-use
  • Last-minute changes to shipping instructions
  • The use of residential addresses and personal e-mail accounts
  • Transactions with entities that have little or no web presence
  • Routing of products through transshipment points in China, Turkey, Armenia, and other countries that have boosted trade with Russia.

The note emphasizes that the DOJ “has pursued criminal charges against those who it alleges are using front companies and intermediate transshipment points to evade Russia-related U.S. sanctions and export controls”.

Separately, the DOC’s Bureau of Industry and Security has published a compendium of its investigations into sanctions busting in several countries, including Russia, to illustrate the legal and financial penalties that can result from non-compliance.

A group of E.U. countries, including France and Germany, has also recently been pushing for tougher action against companies found to be circumventing sanctions and aiding Russia’s war effort.

A Call to Action to Uphold Russia Import Restrictions

In the light of these warnings and developments, procurement, supply chain, and business leaders at Western companies should:

  • Screen both existing and new customers using the latest U.S., E.U. and other restrictions lists – information that is updated regularly on Interos’ Resilience platform.
  • Understand the direct and indirect relationships their organizations have with firms in high-risk intermediary countries for sensitive and sanctioned products.
  • Ensure that their due diligence and risk management programs empower staff to report any concerns and potential breaches of sanctions rules in a timely manner.

Although Russia has clearly been able to obtain many products from alternative sources in the year since Western sanctions were massively stepped up, there is little doubt it is paying a high price (literally) for Vladimir Putin’s actions.

Stories about microchips being removed from washing machines and other consumer products to supply its military machine suggest that its ability to weather the ever-growing list of restrictions has been limited so far.

However, as the war drags on further into its second year, alternate supply chains may begin to pick up more of the slack – hence the current focus and call to action by U.S. and European governments directed at companies around the world.

Nigeria Crisis Raises Supply Chain Disruption Risk for Western Companies

By Nicolas de Zamaróczy

Hundreds of thousands of American and European companies that rely on imported products from Nigeria’s supply chain face a heightened risk of disruption as a result of the protracted political and economic crisis gripping the country.

A presidential election held on February 25th proved contentious, with widespread irregularities in voting and significant violence.  The national election commission declared  on March 1st ruling party candidate Bola Tinubu as the winner with 36.6% of the votes cast.  However, opposition parties have thus far refused to accept the results and called for a redo, pointing to the fact that many polling places opened late on election day.  Meanwhile, the country has been reeling for months from a botched currency reform which has completely paralyzed Nigeria’s cash-dependent informal economy.

Western Oil and Agricultural Firms at Risk from Nigerian Supply Chain Disruption

Many foreign companies are at risk of having their imports from Nigeria disrupted. Nigeria’s main export is petroleum, with crude oil, petroleum gas, and refined oil collectively accounting for around 86% of exports by value. However, the country’s cash cow has suffered greatly in recent years with production down to nearly half of its level in 2020.

Nigeria LNG—a natural gas joint venture between the Nigerian state and energy majors Shell, Total, and Eni—has been unable to fulfill export orders for its European customers in recent months. Nigeria’s main other exports are agricultural goods (most notably, cacao beans) and small maritime craft, both of which are at significant risk from the economic turmoil in the country.

Global relationship data in the Interos platform indicates that:

  • Roughly 700 American and 400 European companies have at least one Tier-1 (T1) supplier based in Nigeria.
  • More than 127,244 American companies have an affected Nigerian company indirectly in their supply chains at Tier 2 (T2), with almost 300,000 at Tier 3 (T3).
  • More than 236,000 E.U. and British companies have an affected Nigerian supplier at T2, with over 510,000 at T3.

As has been the case during the last three election cycles (see chart below), Nigeria’s exports to the US had been dropping in the leadup to the election, with the volatile on-the-ground situation complicating normal operations and logistics. (The one-time surge in Nigerian exports to the US in early 2022 was due to re-routing petroleum from other destinations following the breakout of the war in Ukraine.) The lack of clarity in the presidential election suggests that low exports will continue for the foreseeable future.

Chart showing Nigerian exports to the US since 2008. Exports decline prior to elections.

Interos analysis of Panjiva data. Vertical red lines indicate prior election periods.

Nigeria’s Supply Chain Election-Related Disruptions Likely to Persist into Mid-March

Nigeria voted in a tight three-way presidential election on February 25th amidst an atmosphere of intimidation and election-related violence.

ACLED, an NGO which tracks political violence, has counted at least 193 incidents of election-related violent activity since January 1st, 2022 (see map). Human rights observers have issued warnings that Nigeria has not implemented any structural reforms since 2019, when several hundred people died during the last presidential election. These warnings have taken on new urgency following the assassination of a prominent Senate candidate on February 22nd.

Locations of Election-Related Violence in Nigeria (Jan. 2022 through Feb. 2023)

A map highlighting violent events in Nigeria.

Source: ACLED’s Nigeria Election Violence Tracker. Latest data available is February 17. The size of the circle indicates the number of violent events at that location, the color of the circle indicates the specific form of violence (e.g. orange = “violence against civilians” Image Copyright: © Mapbox© OpenStreetMap and Improve this map).

Given that state elections will not conclude until March 11th, high levels of violence and uncertainty are likely to persist through mid-March, with a consequent impact on economic activity.

 “Cash Crisis” Makes Business-as-Usual Impossible

As if the political chaos were not enough, Nigeria is also suffering from the aftermath of a poorly implemented currency reform. When the Nigerian central bank announced the reform in October 2022, the hope was to combat corruption by redesigning the currency bills most used by criminal organizations. But an overly aggressive window for citizens to redeem their old banknotes combined with an extremely short supply of the new banknotes has left the entire Nigerian economy effectively without cash for several months. This has pummeled the Nigerian informal sector, which according to the IMF accounts for over 50% of GDP and over 80% of employment.

Nigerian Exports Likely to Stay Low in the Short Term

American and European firms with Nigerian suppliers in their extended supply chains should stay wary. Interos recommends taking the following actions to promote supply chain resilience:

  • Communicate frequently with key Nigerian suppliers (or suppliers you know to be reliant on Nigeria) to determine the production impacts of the election and cash crisis.
  • Identify which tier-2 and tier-3 Nigerian suppliers are critical to your direct suppliers.
  • Ascertain whether suppliers in Nigeria are prepared for the extended elections period and the likely disruptions it will entail.

Organizations looking to understand where the next big supply chain shock is coming from – and which suppliers they need to engage with to mitigate the impact – should consider investing in supply chain visibility and operational resilience solutions. In times of turmoil, knowing who you are connected to, and how those parties will be impacted by unfolding events, can make the difference between continuity of operations and disaster.

 

Satellite Supply Chain Concentration Risk: Starlink and the U.S. Dominate the Market

 By Geraint John

Satellites are becoming the new supply chain battleground in critical infrastructure as countries seek to bolster their military capabilities and national security against the threat of war.

However, this is not some James Bond-style plot in which rival powers vie for control of space-based nuclear weapons, as in the 1995 film GoldenEye, but something more prosaic: a quest for bomb-proof internet connectivity.

Ukraine’s success in stemming the Russian army’s advances across its territory have been credited, at least in part, to its access to Starlink, a constellation of more than 3,000 low-orbit satellites owned and operated by Elon Musk’s company, SpaceX.

Ukraine’s military relies on Starlink’s fast, reliable internet access to share battle plans, co-ordinate operations and target Russian positions.

In the words of a Ukrainian soldier quoted in a recent Economist article: “Starlink is our oxygen.” Without it, “our army would collapse into chaos”.

The Satellite Supply Chain: Low Orbit, High Potential

Other nations concerned about their vulnerability to attack and the security of their land- and seafloor-based fiber-optic cables for internet traffic, are keeping close tabs on Ukraine’s experience.

Taiwan, which has seen tensions with China escalate during the past year, is reported to be seeking private investment to establish its own satellite communications network.

China itself has submitted plans for a 13,000-satellite constellation, Russia has designs on a 264-satellite network, while the European Union agreed late last year to begin developing its own low-orbit system.

Japan, South Korea and Australia are among other countries looking to operate similar constellations of their own in the future.

Unlike traditional geostationary Earth orbit (GEO) communication satellites, which fly more than 35,000km above the planet’s surface, low-Earth orbit (LEO) satellites operate much closer to home.

Starlink’s satellites orbit just 550km from Earth, which means they can receive and transmit data much faster, making high-bandwidth internet streaming and video services possible.

Other benefits include the fact that:

  • They communicate with users on the ground via portable and easily powered receiving equipment
  • Their (stronger) signals are harder to jam
  • Russian efforts to hack them have so far been ineffective
  • Because there are hundreds of satellites serving each location, physically taking the network down – through, say, a missile attack – would require enormous scale and vast expense.

 

America’s World Domination May Lead to Imbalanced Supply Chains

The United States dominates global satellite ownership, with 63% of the almost 5,500 commercial, military, civil and government satellites launched to date, according to data compiled by the Union of Concerned Scientists (UCS), a U.S.-based nonprofit organization.

Its dominance in LEO satellites – which comprise 86% of the total satellite population – is even more pronounced, thanks to Starlink.

The U.S. owns almost 50 times as many LEO communication satellites as Russia, and almost 90 times more than China, according to UCS.

Building on this data, Interos has created a satellite concentration and diversification metric. The metric demonstrates the resilience the U.S. has in this area, with extremely high satellite diversification, whereas Russia and China are both rated a high concentration risk.

This is good news for supply chains in the U.S., but those in less diversified areas may increasingly be more prone to internet disruptions or complete blackouts.

Taiwan has just one GEO communications satellite, through a joint venture with Singapore’s telecoms provider, while Ukraine doesn’t own any and relies on those of its allies.

Chart showing which countries own the most of Geostationary, Low Earth, and Elliptical satellites. The U.S. greatly exceeds all other countries.

While Considering Future Satellite Trends, Beware Single Sources in Space

Aside from the potential for cyber interference in this newly critical and rapidly expanding infrastructure, from a supply chain perspective the main risk is arguably the extreme concentration of suppliers.

At present, Starlink is a de facto monopoly for customers outside of China and Russia, because of its dominance of launch capacity. Its Falcon 9 rockets took off more than 60 times last year and each is capable of carrying over 50 LEO satellites.

Rivals Blue Origin, owned by Jeff Bezos, the United Launch Alliance – a joint venture between Boeing and Lockheed Martin – and France’s Arianespace are all in the process of readying new rockets.

UK-based OneWeb – which partners with France’s Eutelsat and Airbus – is currently dependent on SpaceX after its access to Russian launch facilities was scuppered last year. And Virgin Orbit last month failed in its inaugural attempt to launch nine LEO satellites from British soil using a rocket mounted below a reconfigured 747.

Interos has implemented a new satellite concentration risk score, which evaluates the concentration of accessible communication satellites in a country. A country with more satellites or increased access receives a high score and has less risk of satellite disruptions. This score currently shows France as being very high risk – even higher than Russia and China – whereas the UK is medium risk. However, diversification should be an important objective for these and other countries over the next few years.

While industry analysts expect there to be four or five active competitors in this global market eventually, for now SpaceX can call the shots.

For example, although it abandoned a suggestion in October that it would start charging Ukraine for its services, it has restricted use of its network in Russian-occupied territory such as Crimea, according to The Economist.

Government, military and commercial procurement chiefs would therefore be wise not to put all of their bets in this new space race on Mr. Musk’s satellite network, which may well become the next frontier in supply chain concentration risk.

 

Surging Electrical Infrastructure Attacks Pose Disruption Threat for American Businesses – Interos

By Alberto Coria and Trent Chinnaswamy

A growing number of attacks on the United States’ critical electricity infrastructure threatens to cause supply chain disruption to thousands of businesses across the country.

In 2022, the U.S. electrical grid sustained at least 103 deliberate physical and cyber-attacks – the highest level in a decade.

Two recent attacks on electricity substations in North Carolina, and four in Washington, have raised alarm among experts at the U.S. Department of Homeland Security (DHS). These attacks resulted in over 45,000 homes as well as businesses in the surrounding area losing power.

In each case, the modus operandi was similar: intruders carrying firearms gained access to the facilities and disabled them. This has led experts to believe that the attacks, which occurred within a short time of one another, may have been coordinated.

Electrical disruptions in the U.S. caused by intentional human interference are rising. Vandalism accounts for the majority of outages, but suspicious activity – where the intention is unknown – and sabotage are also on the increase (see chart).

The previous peak in vandalism was mostly caused by individuals stealing and selling copper wires. But the industry standard has since changed to use a less profitable kind of copper.

Why then are these attacks increasing and what risk do they pose to businesses?

A graph showing the dramatic increase in suspicious activity, vandalism, and sabotage of US electricity substations - which have increased most significantly since 2017,

Electrical Grid Failure: Supply Chain Implications

Regional blackouts, defined as power loss in an area, can affect not only households, but also industry and logistics operations. However, the degree to which different entities are affected varies. Owing to their typically higher demand for power, manufacturing facilities are more exposed to power surge issues and accustomed to experiencing power failures, with one in four experiencing a power failure once a month.

Manufacturing facilities are also more likely to have backup and stress-tested generators, and have a coverage plan. However, these are generally focused on short-term power outages caused by high energy demands. In the case of a physical attack on a substation, a manufacturing site may have to deal with a longer-term power outage. So they can still face moderate levels of risk in the case of a physical attack.

Non-manufacturing facilities that are part of a supply chain are also likely to be affected by power outages, with the industries most reliant on electricity at the highest risk. These include financial corporations, IT services providers, data centers, perishable item producers, control centers and medical .

Rural Substations are Key Vulnerabilities

The U.S. electrical grid is broken up into three large, connected networks (Texas Interconnection, Western Interconnection, and Eastern Interconnection) that operate fairly autonomously with eight regions seen (see map).

The U.S. Federal Energy Regulatory Commission has determined that transformers in rural substations are most vulnerable to physical attacks. Substations in urban areas typically have higher levels of monitoring and protection, while rural substations are completely unguarded.

The Eight U.S. Electricity Generating Regions

A map showing the 8 regions of the US electrical grid.

While substations in rural areas are at high risk of attacks, and the surrounding areas are at risk of a power outage, only 10.8% of the U.S. electrical grid is subject to “cascading” blackouts.

This means that attacks on substations in rural areas are likely to affect only the surrounding areas, and not cause blackouts in other areas of the country. This likelihood of power outages remaining contained to smaller areas places a greater emphasis on assessing supply chain risk exposure in rural areas.

Transformers at high-voltage and rural substations are prime targets for physical attacks, as transformers are difficult to protect and replacement parts are difficult to obtain.

In many of the higher-risk rural areas, substations are considered “dead-end”. Dead-end structures are where the line ends or angles off, meaning there is no backup power connection. The pink dots on the map below indicate the propensity of dead-end substations across the US. The darker the area, the more likely there is no backup power connection in the case of disruption.

Map showing regions without backup substations. The greatest concentration of backup-less power appears to be in the southern US.

What Companies Should Do

To get ahead of this critical infrastructure risk, Interos recommends that companies do the following:

  • Use supply chain mapping and operational resilience tools like Interos’ Resilience platform and global relationship data to identify suppliers in industries and locations at the highest risk of being affected by potential power disruptions, and which agencies are responsible for power restoration.
  • Engage key suppliers in high-risk regions to understand what impact, if any, they have experienced as a result of physical and/or cyber-attacks.
  • Assess high-risk suppliers’ mitigation plans in the case of a regional blackout, and develop business continuity plans or workarounds for such disruptions where possible.

Geopolitical Risks and Supply Chain Resilience Top of Mind at Davos 2023 – Interos

By Geraint John

These are uncomfortable times for the global elite – which include the politicians, multinational company bosses, and policy wonks who rubbed shoulders at the World Economic Forum’s annual meeting in Davos two weeks ago. A decades-long era of unbridled free trade and globalization – not just core WEF principles, but assumptions on the nature of global economics – has gone into reverse and nations are grappling with rampant inflation, a cost-of-living crisis, and the imminent threat of recession.

No wonder G7 country leaders who would normally have been happy to swap their domestic travails for the fresh air of the Swiss Alps for a few days (Joe Biden, Emmanuel Macron, Rishi Sunak…) opted to stay away this year. As one newspaper commentator put it: “The idea that Davos is faintly toxic has gained ground.”

Nevertheless, plenty of power brokers did attend this first event back in familiar ski-resort surroundings since the pandemic. And in line with the theme of “Cooperation in a Fragmented World”, geopolitical considerations were uppermost in many minds.

“The number one topic here is geopolitics – it’s not the economy,” noted Julie Sweet, CEO of Accenture.

Economic Consequences of Politicized Supply Chains

Major sources of concern included growing US technology export controls on and decoupling from China, and tensions between the US, Europe, Japan and South Korea over aggressive industrial policy that is handing huge subsidies to manufacturers of semiconductors, electric vehicles, lithium-ion batteries and clean-energy solutions on American soil.

It was once again left to China to champion the virtues of globalization (or “re-globalization”) at Davos. “We oppose unilateralism and protectionism, and look forward to strengthening international cooperation,” Vice Premier Liu He told attendees.

This year’s WEF Global Risks Report, published just before the event, confirms that these tensions are perceived as highly significant for the world economy in the short to medium term, at least. “Geoeconomic confrontation” – which includes sanctions, trade wars and investment restrictions – was ranked third out of more than 30 different types of risk for the next two years by the 1,200 survey participants (see chart).

Fostering greater self-sufficiency in supply chains through state aid and onshoring, and seeking to bolster national security via so-called “friend-shoring” hold dangers for the future, the report warns.

“As geopolitics trumps economics, a longer-term rise in inefficient production and rising prices becomes more likely,” it argues.

A chart ranking global risks. Risks are ranked according to which will be most relevant in the next 2 years and 10 years, respectively.

Investment in Supply Chain Resilience Remains High Priority

Resilience in various guises, but particularly operational and supply chain, was also high on the Davos agenda.

Pat Gelsinger, CEO of Intel – which is set to be a major beneficiary of the US government’s subsidies – talked about this in relation to chip shortages. “We needed a global crisis to realize we had allowed ourselves to become dependent on single points of failure in the supply chain,” he told his audience.

“We need resilient supply chains for the future.”

For consultants at McKinsey, this was one of five key takeaways from Davos 2023. “Global disruption isn’t slowing down,” they suggested. “Companies must prioritize building resilience muscles today to prepare for tomorrow.”

That said, business leaders also made it clear they are focused on efficiency, cost discipline and profitability this year. Uber’s CEO, Dara Khosrowshahi, spoke for many when he said: “We have to be much tougher on costs and achieve the same growth plans with a lot less investment.”

This means that investments in supply chain resilience – and in technologies to enable it – need to be carefully weighed and precisely targeted.

Such sentiments are backed by empirical evidence from a global survey released by Capgemini to coincide with the WEF meeting. Its research among 2,000 executives in a wide variety of roles, geographies and industry sectors found that:

  • 89% see supply chain disruptions as the main short-term risk for their organizations – by far the biggest source of risk (see chart).
  • 92% of organizations say changes in global supply chains will impact them, but only 15% think they are well equipped to manage this.
  • 43% plan to increase their investments in diversifying and digitizing supply chains, on average by more than 10%.

Graph ranking the top risks to business growth over the next 12-18 months. 'Global supply chain bottlenecks and trade/logistical disruptions" ranks highest.

Technologies that aid cost reduction and faster decision making; provide visibility and transparency of supply chains; support supplier and production diversification initiatives; and help to manage trade-offs between cost and service are particularly in demand, according to Capgemini.

In a tough economic climate, investing proactively in operational and supply chain resilience won’t come easy to many companies. But, as WEF President Børge Brende noted in his closing remarks to the Davos meeting: “The cost of inaction when it comes to resilience far exceeds the cost of action.”

Peru Protests Create Risk of Supply Chain Disruption for Western Businesses

By Nicolas de Zamaróczy

Thousands of U.S. and European companies are facing supply chain disruptions as a result of the ongoing political violence engulfing Peru.

The six-week-long unrest has seen at least 50 people killed and 700 wounded, while exposing the country’s deep societal cleavages.

Supporters of ousted President Pedro Castillo are demonstrating to secure his return to office, facing off against members of the Peruvian police and military who have routinely employed heavy-handed tactics.

The government recently extended a 30-day state of emergency in the capital Lima, as well as the regions of Cusco, Puno and Callao, which will further disrupt business.

Peru: a Key Commodity Exporter, Gridlocked

Peruvian companies, which are experiencing disruptions owing to the protests and associated road blockades, supply thousands of international businesses.

From a geographical analysis of the affected regions of Peru, Interos identified 2.95 million Peruvian entities whose business operations are likely disrupted.

Global relationship data in the Interos platform indicates that:

  • More than 7,500 North American companies have at least one Tier-1 (T1) supplier among the affected Peruvian companies.
  • More than 1,600 European Union and British companies have at least one T1 supplier among the affected Peruvian companies.
  • More than 116,000 North American companies have an affected Peruvian company indirectly in their supply chains at Tier 2 (T2), with almost 355,000 at Tier 3 (T3).
  • More than 144,000 E.U. and British companies have an affected Peruvian supplier at T2, with over 483,000 at T3.

Peru’s main exports are agricultural products and minerals, and supply chains reliant on these could be hit hard. The Peruvian agricultural producers’ association, for example, estimated in mid-December that its members had already lost $150m in potential exports due to the political crisis, and those numbers will have grown since then.

From an industrial perspective, Peru is the world’s second-largest producer of copper and zinc, and also a major player in silver and gold production.

On 12 January, a major Swiss-owned copper mine near Cusco was attacked by protestors, while a tin mine announced it was suspending operations for the time being.

While most of Peru’s minerals are exported to China and other Asian economies, disruptions could affect commodity prices and inputs availability worldwide. This would be a blow for downstream industries as well as direct purchasers—copper and silver are both widely used in renewable energy and vehicle manufacturing, while zinc is critical to the production of galvanized steel and iron.

Metals and Minerals Are at Risk

Chart showing Peru's minerals and rare earth metals exports.

Source: Interos analysis of various industry reports

Transportation Infrastructure is a Main Target

Despite being primarily located in the country’s more indigenous and poorer southern regions, President Castillo’s supporters have nevertheless achieved a nation-wide impact though the deliberate targeting of critical transportation networks.

One of the protesters’ main tactics has been blockading the highways on which national and international trucking depend. As of 17 January, the Peruvian Ombudsman’s Office reported 96 roadblocks, across 14% of country’s provinces, primarily in the country’s lightly populated but mineral-rich south.

Since the start of the crisis, all of Peru’s airports have experienced temporary closures, rail service in the country’s south has been suspended (including at tourist destination Machu Picchu), and commercial truckers continue to  struggle to enter or exit the key southern port of Matarani.

Cross-border commerce with neighboring Bolivia is at a standstill, leaving companies in eastern Bolivia scrambling to find alternate export routes through Chile.

Growing Polarization within South American Countries Complicates Friendshoring

Peru’s ongoing troubles are part of a broader pattern of political upheaval within South American countries. In 2022, large-scale protests occurred in Brazil, Argentina, Bolivia, and even normally peaceful Chile, worrying NGOs that track political violence in the region.

While historically geopolitical tensions in the region were driven by differences between left- and right-leaning countries, increasingly the turmoil is emerging within societies themselves.

Political scientists use the concept of “group grievances” to understand how schisms between different groups in society — particularly divisions based on social, ethnic, or political characteristics — play a role in governance. Group grievances in Peru are currently the highest among all major South American countries (see chart).

A chart demonstrating Peru's higher-than-average level of social unrest since 2006.

Note: Group grievances scores range from 0-10, where 0 = best
Source: Interos analysis of Fragile States Index data from the Fund for Peace

This increasing inability of many South American governments to maintain domestic order complicates hopes that the region could become a hub for “friend-shoring”, the trend whereby Western companies are seeking to move production out of inhospitable locations to more stable and less geopolitically charged destinations.

Ultimately, any attempt at relocating production or sourcing sites must assess their long-term potential for political instability.

How to Mitigate Supply Chain Disruptions

Expect roadblocks to hit your supply chains in 2023. Chief Procurement Officers can mitigate impacts from the Peru protests by:

  • Better understanding their extended supply chain dependencies on Peru and identifying those at highest risk of being disrupted.
  • Discussing the impact of the protests with T1 suppliers, with an eye towards developing business continuity plans and workarounds where possible/needed.
  • Cultivating alternative sources for the products affected in other countries, and potentially looking to see if the orders/volumes in existing contracts need to be adjusted.
  • Invest in tools that can integrate geopolitical risk into their supply chain risk management process.

Zero-COVID Protests in China May Imperil Global Supply Chains – Interos

By: Alberto Coria, Klaudia Kokoszka and Trent Chinnaswamy

Since the onset of the COVID-19 pandemic, China has pursued a strict zero-COVID policy, employing draconian containment measures to limit transmission. This approach has limited fatalities but also severely impacted China’s economy, ensnarled global supply chains and —this past week — has fostered some of China’s most-visible protests and public dissent in years.

Several dozen protests across at least 22 cities may further imperil supply chain stability and, according to our analysis, could significantly affect companies reliant on Chinese electronics and metal wholesalers. The Chinese government’s as-yet-unknown response to the protests could prompt even greater disruption. Our analysis anticipates a simultaneous crackdown on protests and gradual loosening of some COVID restrictions — but nothing is certain.

Interos recommends reviewing your company’s footprint and potential concentration risk in the identified areas, to take early action and prevent any supply chain disruptions in your company’s ecosystem.

Protests in China and Supply Chain Disruption

It is worth noting that protests in China are rare – given the government’s massive surveillance apparatus and history of swift and brutal responses — which include censorship, imprisonment, and the “re-education through labor” of dissidents and activists. Many of the recent protests were sparked by the news of 10 deaths from an apartment fire in the city of Urumqi, Xinjiang Province — where emergency services were allegedly delayed from reaching the fire due to zero-COVID policies.

The protests have quickly spread across Xinjiang, with hundreds gathering in Beijing, Shanghai, Wuhan, Nanjing, and Zhengzhou. The largest confirmed protests against China’s zero-COVID policies so far have been under 1,000 people each, in major metropolitan areas.

Chinese security forces have so far tried to subdue protests through nonlethal force, with mixed success. It is assumed that many of the citizens protesting have been arrested, in addition to one confirmed report of a BBC journalist being beaten and detained. The government has so far struggled to immediately censor the online appearances of the protests, but all evidence of the unrest has been removed within an hour of posting.

Industry Impact of China’s Protests: Electronics and Metals Supply Chain in the Crosshairs

China’s current economic woes are difficult to overstate. Prior to the protests, profits at Chinese industrial companies had fallen 3% from January to October due to COVID lockdowns hindering activity.

The impact of the protests themselves has —so far —been much more limited. This is because the protests are occurring in areas where government lockdowns have already shuttered business.

The most immediate supply chain disruption connected to the protests themselves have occurred at Foxconn’s now-notorious facility in Zhengzhou. Workers expressed their fury after pay was disrupted due to a COVID-19 lockdown. Foxconn claims the lockdown and subsequent unrest have caused the company to miss this year’s production targets which would primarily impact Apple, Inc.

The next major supply shift, and the impact on China’s national production, will depend entirely on the Chinese government’s response to the protests and how — if at all — the government’s zero-COVID policy changes.

According to Interos analysis, electronics parts wholesalers are among the top 10 industries in all of the cities affected by protests. Metal wholesaling is also a prevalent industry in Nanjing, Shanghai, and Urumqi. Should further disruption occur due to the government’s response to the protests, we can expect that these industries would be affected disproportionately.

Beijing Likely to Increase Security and Online Censorship to Quell Protests

As the Chinese Government decides how to act, the country has reported its highest-ever COVID-19 infection rates. On November 23rd, the government announced that over 30,000 cases were detected, the highest single-day total for the country. This puts the Chinese government in a double-bind, as tightening COVID restrictions could spark more fury, but relaxing restrictions could let the virus loose on a country that is not prepared, medically or politically, for an upswing in cases.

Interos analysis concludes that based on the central government’s response to prior instances of dissent, such as the pro-democracy protests of Hong Kong in 2019 and the Beijing protests prior to the National Congress, it is likely for the central government to curtail the spread of protests through increased security measures, stronger shows of force, and online censorship.

However, a crackdown on protests coupled with tightening COVID restrictions could create additional pressure on Western businesses (many of whom are already under fire for connections to the Chinese government’s various human rights abuses) to relocate to more-favorable areas such as India.

What’s Next for the Supply Chain? Certain zero-COVID Policies Loosened at Provincial Level, While Others Tightened

Below are three likely potential scenarios:

  • The central government begins a more widespread loosening of zero-COVID policies, similar to their approach in Guangdong.
  • Zero-COVID policies continue to be implemented in areas of high transmission, following the policies that Xi Jinping has indicated in recent national addresses.
  • Zero-COVID restrictions are broadly increased as the central government attempts to double down on its efforts, and uses the restrictions as a way to further limit

Interos analysis finds it most-likely that amidst government crackdowns on protests, certain zero-COVID policies will be loosened at the provincial level to ease international business, while others will be tightened in favor of increased security and political suppression.

This approach allows the central government to continue its zero-COVID policy, while beginning to address some of the economic challenges that it has put on the country. The central government directly linked the initiative to a desire to protect its suffering semiconductor sector, and bolster its technological development as a whole.

Some provinces in China have already been able to slightly loosen their respective COVID restrictions, with the central government hoping to reduce disruption to the transport of goods, industrial activity, and international investment. In Guangdong province, local officials received direction from the central government in early November that they would no longer have to track secondary close contacts of confirmed COVID cases. Additionally, the local officials were directed to ease the ability of foreign business executives to travel into the region.

Similarly, following the recent protests in the Xinjiang cities of Urumqi and Korla, the two cities announced that they would begin to ease certain zero-COVID restrictions and reopen businesses and restart public transportation.

However, nothing is certain. According to some estimates, an unrestrained outbreak of the Omicron variant could kill as many as 1.5 million people in the 80+ age group alone. With China’s rising case numbers, limited hospital beds, low vaccination rates (and less-effective vaccines), and Xi Jinping’s recent consolidation of power the government may opt to maintain or even increase restrictions.

Given the precariousness of the situation, the case for active, continuous, and multi-tier supply chain monitoring has never been clearer.

Recommended Actions for Improving Supply Chain Resilience

Interos recommends taking the following actions to promote supply chain resilience:

  • Communicate frequently with key Chinese suppliers (or suppliers you know to be reliant on China) to determine the production impacts of government restrictions on COVID and protests.
  • Ascertain whether suppliers in China are preparing for an increased governmental security posture.
  • Identify which 4th and 5th party Chinese suppliers are critical to your direct suppliers.
  • Prepare for a potential disruption in goods shipping out of Chinese ports due to zero-covid measures by identifying alternative suppliers or adjusting expectations accordingly for delays.
  • Ensure compliance with the Uyghur Forced Labor Prevention Act (UFLPA), as protests against the zero-COVID policy are one of many risks emerging from the Xinjiang region

Organizations looking to understand where the next big supply chain shock is coming from – and which suppliers they need to engage with to mitigate the impact – should consider investing in supply chain visibility and operational resilience solutions. In times of turmoil, knowing who you are connected to, and how those parties will be impacted by unfolding events, can make the difference between continuity of operations and disaster. It’s no wonder then, that most organizations plan to implement supply chain visibility solutions by Q2 2023 — a fact we learned from our annual supply chain industry survey.

Russian Software Pushwoosh Highlights Need for Vigilance on Foreign Ownership Risks in Supply Chain

By Interos Labs (Andrea Little Limbago & Joshua Clarke)

This week’s disclosure of a Russian firm masquerading as an American company highlights yet again the potential security concerns hidden within software supply chains.

The company, Pushwoosh, provides coding language and data processing for companies building software applications. Its code allows software developers to track and profile app users to customize the notifications they receive.

While Reuters’ exclusive story noted Pushwoosh’s integration with the Centers for Disease Control and Prevention (CDC), that agency was far from alone. Interos’ own analysis has identified additional industries and countries most at-risk of exposure to Pushwoosh code and potential data breaches.

We have also noted some of the tell-tale signs that organizations need to be on alert for regarding company ownership and location.

Pushwoosh and the Digital Supply Chain

At a time of growing concern over the national security threats within the information and telecommunications (ITC) supply chain, the Pushwoosh revelations are yet another reminder of the challenges and complexity of modern digital supply chains. Following on from last year’s investigations into JetBrains, a software company founded by three Russian engineers based in the Czech Republic, the Pushwoosh revelations have sparked similar concerns over foreign ownership risks.

They are also the latest reminder of the challenges and complexity of modern digital supply chains.

Pushwoosh is integrated with thousands of applications in major app stores and includes tracking software that allows Pushwoosh to collect sensitive Personally Identifiable Information (PII).

Depending on the application, the PII includes precise geolocation and health history information, “which could allow for invasive tracking at scale”, according to an expert quoted in the Reuters story.

Pushwoosh claims to be a Maryland-based company, but Russian filings list it in Novosibirsk, Russia. Instead of revealing its Russian location, Pushwoosh has previously listed under California and Washington, D.C. area addresses.

This deception not only masked the foreign ownership risk, but — considering Russian data collection policies — also put customer data at risk of seizure by Russian security services.

Hiding in Plain Sight?

Based on our analysis of Pushwoosh’s presence within global supply chains, we identified the top 10 industries and countries affected (see table).

Top 10 Industries and Countries for Pushwoosh Customers

Table identifying top ten industries and countries exposed to Pushwoosh.

While US software firms had the greatest single country-industry exposure, the prevalence may be much more limited in comparison to other supply chain vulnerabilities, such as Log4J.

Nevertheless, among those identified are several European industrial firms, a major US publisher, a cybersecurity company and Ukrainian telecom and transportation providers.

Pushwoosh has a breadth of Russian connections, including relationships with the following entities, some of which are on US restrictions and prohibitions lists:

  • TNT (Russian TV station, parent company Gazprom)
  • Ozon (aka the “Amazon of Russia”)
  • Rambler Media
  • Yandex
  • Mail.ru Group Limited

Pushwoosh’s significant footprint and integration across restricted and/or highly influential Russian companies should have been an early indicator of risk that warranted additional investigation of foreign influence.

Moreover, when looking into a range of open-source activity, it becomes clear that major Pushwoosh contributors have strong Russian connections or are Russian themselves. This underlines the growing importance of the Software Bill of Materials (SBOM), which not only is a security risk but will be a compliance risk as federal regulations continue to address SBOM requirements.

Gaining Visibility Across Your Supply Chain

This latest example of digital supply chain vulnerability comes on the back of a year of high-profile discoveries. Pushwoosh reflects the digital supply chain risks that can emerge from untrusted technologies within a company’s ecosystem.

Importantly, this is a case of a vendor deemed trustworthy, and so it remained off the radar until the recent exposure. The movement toward trusted networks was already well underway; Pushwoosh will likely reinforce the message that additional due diligence of ICT vendors is necessary.

At Interos, we provide the visibility into your extended supply chain, including identifying sanctioned foreign companies and their supply chain partnerships. We recommend reviewing your own extended supply chain to confirm whether Pushwoosh is present. Very often untrusted vendors are not in the first tier but rather are hidden in the second tier, third tier,

If you are concerned about the presence of Pushwoosh in your digital supply chain – or want to increase the resilience and visibility of your entire supply chain – contact Interos here.

Freight Railroad Strikes & The Supply Chain – Interos

By Alberto Coria, Operational Resilience Consultant

A pending freight railroad strike on December 4th — driven largely by railroad companies’ refusal to grant workers dedicated sick leave — could shut down most major U.S. railroads and upend supply chains across industries. 

Based on Interos’ unique supply chain analysis of the railroad supply chain, the most-affected industries are likely to be the automobile, chemical, energy, and agricultural verticals — with follow-on impacts reaching virtually every U.S. business and consumer. The strike could cost the U.S. economy as much as $2 billion per day

While organizations looking to get in front of the issues can take steps to mitigate them and bolster operational resilience — it’s unlikely that even the most proactive organization would be fully insulated from a disruption of this magnitude. 

Why Is a Freight Railroad Strike Potentially Happening?

In August of 2020, twelve railroad unions joined forces to sue Class 1 railroads over proposed benefits changes in their contracts, which included restricting access to certain medications and changing healthcare networks. By October of 2021, the courts had ruled in favor of the unions, stating that the Class 1 railroads would need to resolve the issues in good faith negotiation, directly with the twelve unions. This decision by the court ultimately granted the unions the legal right to a freight railroad strike if they could not reach an agreement with the Class 1 railroads. 

By July 2022, the Biden administration began to take an interest in the proceedings, and through the National Mediation Board requested both sides to report to Washington D.C. for a “public interest” session designed to create a voluntary agreement. When the negotiations broke down, the Biden administration created an emergency board to try and reach a consensus.

On August 15, 2022, both the unions and Class 1 railroads reached an impasse in negotiations, causing a 30-day “cooling-off” period to be established. At the end of this cooling-off period, on September 15, 2022, the unions would be legally able to strike. 

Hours before the rail unions were set to announce a nationwide freight railroad strike, both sides reached a tentative agreement after twenty hours of negotiations mediated by U.S. Labor Secretary Marty Walsh. The unions then had to return to their members and call for a ratification vote to fully approve the agreement. By the end of October, two unions — the Brotherhood of Maintenance of Way Employees Division and the Brotherhood of Railroad Signalmen — had voted against ratification of the agreement due to the lack of inclusion of paid sick leave.

The unions and the Class 1 railroads now have until November 19 to reach a new agreement, before the unions are legally allowed to strike — which means that companies need to be aware of their dependency on the freight railroad supply chain as soon as possible.

A timeline of events beginning on Aug. 2020 leading to a possible freight railroad strike.

The Supply Chain Impact: Automobiles, Energy, Chemical, and Agriculture Industries Most Affected

While a shutdown of Class 1 railroads would have far-reaching effects across virtually every industry, Interos’ analysis found the following verticals would see the most immediate and severe impact:

Automobiles

In the U.S. there are between 25,000 to 30,000 carloads of vehicles and auto parts moved by rail per week. This is due to much of the U.S. auto industry having their parts, or the car itself, assembled in Mexico, Canada, and the United States. Shipping by rail within North America is the most efficient way for companies to deliver automobiles to customers or dealerships, leading to nearly 75% of new vehicles in the U.S. being moved by freight rail. 

Energy

On average, over 300,000 barrels of crude oil and 5 million barrels of propane are transported by rail in the U.S. every day. Additionally, 75% of coal produced in the U.S. is transported by rail. Given that coal makes up ~22% of U.S. electricity generation, the effect of a rail labor strike on energy prices will be drastic. Disruptions to the energy industry will occur in the lead-up to the deadline, as railroads cannot leave hazardous materials unattended in the case of a strike. This will cause railroads to curtail shipments prior to the actual strike.

Chemicals

20% of all chemical transportation in the U.S. is done via rail and Class 1 railroads moved an average of about 34,000 carloads per week of chemicals in 2021. This reliance on rail transit leaves the industry highly exposed to a rail labor strike. Over 50% of all rail chemical carloads consist of industrial chemicals, including soda ash, caustic soda, urea, sulfuric acid, and anhydrous ammonia. Additionally, 70% of the ethanol  an additive in most gasoline — produced in the U.S. is transported by rail. 

Agriculture

Anytime there is uncertainty surrounding a rail labor strike in the U.S., the fertilizer industry loses five shipping days due to the ramp-down that is required to curtail shipments of hazardous materials prior to the deadline. Additionally, due to the recent shutoff of natural gas supplies to Europe, 80% of European production of fertilizer has been halted. A strike would only further destabilize an already-fragile fertilizer industry — significantly disrupting all of U.S. agriculture and food production. The industry is highly exposed to a rail labor strike. 774,000 carloads of corn, 296,000 carloads of wheat, and 299,000 carloads of soybeans were transported by rail in 2021.

What Actions Can I Take to Prepare for Railroad Supply Chain Disruptions?

While a deal between unions and Class 1 railroads is still a viable option, railroads will begin to curtail operations in the week before December 4th to ensure they can shut down safely and comply with regulations in case of a freight railroad strike. 

Interos recommends firms begin acting to ensure their supply chains remain resilient and unaffected as soon as possible, by taking proactive measures and coordinating with suppliers. Our recommendations include:

  • In times of capacity restraints resulting from a freight railroad strike, logistics carriers may prefer customers who have already been shipping via different methods. Clients should leverage existing relationships with logistics carriers. 
  • Proactively identify alternative shipping methods with critical suppliers before the impact of the shutdown may be realized. 
  • The industry with the greatest exposure to rail strikes is the chemicals industry as a disproportionate share of chemical products are shipped via rail. Interos recommends identifying suppliers providing chemical products, or that are themselves reliant on chemical products, which would therefore be most sensitive to railroad supply chain issues.
  • During the leadup to the last period of uncertainty surrounding a labor strike in September 2022, hazardous materials were the first shipments to be curtailed due to U.S. government dangerous goods regulations. Interos recommends evaluating any hazardous shipments that may be curtailed within a 5-day range of the December 4th deadline.

Organizations looking to understand where the next big supply chain shock is coming from – and which suppliers they need to engage with to mitigate the impact – should consider investing in supply chain visibility and operational resilience solutions. Most organizations plan to implement them by Q2 2023 — a fact we learned from our annual supply chain industry survey.