Category: News

CBP Implements UFLPA: The Newest Law Targeting Supply Chain Washing and ESG Violations

On Monday, the United States’ Uyghur Forced Labor Prevention Act (UFLPA) goes into effect. Focused on a controversial region in northwest China, the landmark law creates a presumption that any products “manufactured wholly or in part” in Xinjiang are made with forced labor. It bans all imports from the territory unless a company can prove otherwise.

The guidance sets out CBP’s agenda of enforcement and prioritizes investment in supply chain visibility technology and “digital traceability.” It also explicitly bans US companies from importing any products from a list of 20 newly named Chinese companies (many of which are based in Xinjiang), unless the importer proves the goods were not made with forced labor. The list of restricted companies is expected to grow as further labor violations are uncovered, and as named companies adopt aliases to evade detection. Interos is adding these restricted entities to our platform to help customers ensure they’re not in violation.

The law is the latest and boldest attempt to combat an increasingly common practice known as supply chain washing – the concealment of critical information about how products and services are sourced and sold.

While bad actors are certainly responsible for a significant amount of supply chain washing, even companies that believe they are acting in good faith can inadvertently violate sanctions, restrictions, and export controls through hidden unknown relationships in their supplier or customer networks.

Concerns Over Supply Chain Washing, Supply Chain Visibility, Rise 

The implementation of the UFLPA comes at a time when outcry over supply chain deception is high, as much of the world witnesses China’s persecution of the ethnic minority Uyghur population in Xinjiang. The U.S. has described China’s treatment of Uyghurs as genocide.

The UFLPA is part of a series of growing global regulatory actions requiring organizations to act on ESG hazards in their supply chains.

Global supply chains could be significantly impacted by the new law, since Xinjiang is one of the world’s largest producers of cotton as well as polysilicon, which is used to manufacture solar panels.

These growing regulatory dynamics are creating a new urgency to comply with the UFLPA and the many other anti-supply chain washing laws being passed around the world. In their enforcement strategy, US Customs and Border Protection (CBP) specifically cites supply chain washing as a concern, stating that “manufacturing processes and multi-tiered supply chains can further obscure the use of forced labor inputs by incorporating them into legitimate manufacturing processes… Such goods could then be exported from a third country to the United States as a means of obscuring or “laundering” the importation of tainted raw materials from Xinjiang.”

The shifts require organizations take a multi-pronged approach to reduce related supply chain risk.

UFLPA Forces Extra Due Diligence and Required Documentation

1. To comply with the law and overcome the rebuttable presumption, importers with exposure to Xinjiang or need to be implement a heightened due diligence process for supply chain tracing. The UFLPA requires a significant, risk-based supply chain diligence program, including a written code of conduct, an ongoing monitoring and compliance program and plans on how to remediate violations. The evidence required to demonstrate supply-chain tracing is extremely detailed and requires very extensive mapping and documentation.
2. A substantial portion of CBP’s guidance focuses on prioritizing “cutting-edge technologies to identify and trace goods made with forced labor, specifically those technologies that support enhanced visibility into trade networks and supply chains that source goods or materials made with forced labor.”
3. The Forced Labor Enforcement Task Force (FLETF) has issued detailed guidance on “due diligence, effective supply chain tracing, and supply chain management measures” aimed at avoiding the importation of goods produced with forced labor in Xinjiang. CBP points to the Department of Labor’s Comply Chain as a template for a compliant due diligence program.
4. Supply chain leaders should only expect the need for compliance to rise with future guidance, as CBP makes clear in their release of intent to gather “foreign corporate registry data to map the structure of multinational companies and their global corporate networks.”

Anti-Supply Chain Washing Laws are On the Rise Globally

The UFLPA is far from the only sign that global regulators are cracking down on supply chain washing.

The US Securities and Exchange Commission has proposed rules to dramatically increase ESG disclosure requirements, and is taking a much stricter approach towards enforcement, probing large investment firm’s so-called sustainability funds. 

Take the example of S&P: In late March S&P settled allegations that it violated U.S. sanctions on Russia when it continued to extend credit to Rosneft, the country’s leading oil and gas company. Or examine recent incidents where components sourced in the UK and Germany were found in Russian warfare machinery being used against the people of Ukraine.

It’s simply not enough to know just who is in your supply chain and what they are doing. You also need to know about where your own products end up.

Supply Chain Washing Can Occur Anywhere

Xinjiang is far from the only area of the world generating concern over supply chain washing:  On June 29, the Financial Times published a story highlighting evidence that strongly suggests that Russia may be using concealed/intentionally mislabeled shipments to export stolen grain from Ukraine through already-sanctioned ports in Crimea. Authorities admit confirming whether or not these shipments contain looted grain is difficult, and that ships containing sanctioned goods will often directly transfer cargo to other vessels once at-sea to avoid detection.

Despite these difficulties, accepting shipments of potentially sanctioned goods creates massive risk for large companies. In an interview with the Financial Times, Aline Doussin, a partner at Hogan Lovells, stated that even companies in locations that have not directly placed sanctions on Russia “might find that large multinational companies from those places stop trading with them over concerns that they were indirectly trading with sanctioned entities.”

German Law Shows Trend in Supply Chain Accountability 

Germany’s Supply Chain Law takes effect January 1, 2023. That law requires any company doing business in Germany to vet both their direct (Tier 1) and indirect (Tier 2) suppliers for compliance with core human rights and environmental protection measures – or face fines of up to 2% of their global revenue.

In analyzing companies subject to the German law, Interos found approximately 53% have problematic ESG scores using a proprietary scoring method that dynamically assesses an organization’s risk.

Although other European Union member countries are not yet in agreement on the terms of such legislation, it is likely the E.U. will follow with similar anti-supply chain washing laws in the near future.

ESG Supply Chain-related Disruptions Remain Expensive

The Interos 2022 Annual Global Supply Chain Report revealed that ESG-related issues currently cost companies, on average, $35 million per year – and those costs will rise as more anti-supply chain washing laws are enacted.

But many aspects of global supply chains are complex and opaque: most organizations only have visibility of their first- and second-tier suppliers.

Almost one-third (30%) of respondents to Interos’ annual survey said they would only know about an ESG violation in their supply chain if it occurred at their first tier of suppliers – not beyond.

Awareness of ESG issues in a company’s supply chain is no longer optional. Ignorance is not only costly financially and reputationally, but it can also put a company out of compliance with governmental regulations

Organizations must prepare for increasing scrutiny of ESG risks in their supply chains

The UFLPA is just one piece of a growing body of global legislation aimed at cracking down on unsound business practices, and the supply chain washing measures used to conceal them.

With new regulations being implemented every day, the already-high cost of noncompliance and poor supply chain visibility is only going to rise – but most organizations still report limited visibility of their suppliers, and a majority have ESG scores indicating noncompliance with some emerging laws.

Organizations will need to invest in capabilities and tools that give them continuous visibility over their direct and indirect suppliers and buyers. CBP’s guidance specifically states that the organization will invest in “enhanced supply-chain tracing technology that can connect imported goods to Xinjiang and other parts of the world at high-risk for forced labor. CBP also plans to invest in advanced search engines that may allow CBP to link known or suspected forced labor violators with their related business structures and transactions.”

As mentioned, Interos is adding the 20 entities named in Monday’s guidance to our automatically monitored entity list. We will continue to update our platform to assist with UFLPA compliance.

When it comes to sustainability and supply chain washing, the tide is clearly turning. Businesses that invest in powerful technology solutions and build robust compliance programs will be able to embrace this change with open arms. Those that ignore this wave of change, do so at their peril.

How Interos Can Help

The video below shows how Interos customers can quickly check their exposure to Xinjiang and the companies sanctioned in the UFLPA with just a few clicks – and how to setup continuous monitoring groups to receive alerts should their risk exposure change.

By Stuart Phillips & Geraint John

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has urged government and commercial organizations to patch vulnerable software and IT systems more rapidly in response to a flurry of malicious attacks against the cyber supply chain.

Last week, CISA issued an emergency directive requiring all federal civilian agencies using VMware’s Workspace ONE Access and other products to either patch or disconnect these systems by 5 p.m. ET this past Monday.

Separately, CISA also warned that hackers were actively targeting unpatched versions of F5 Network’s BIG-IP systems used to manage network traffic.

These new alerts join several others issued in recent weeks regarding cyber supply chain risks.

Earlier this month, CISA and other national cybersecurity agencies warned that managed service providers and their customers were at a heightened risk of attack. In late February, CISA issued a wide-ranging “Shields Up” advisory in the wake of Russia’s invasion of Ukraine, warning that malicious cyber activity was likely to increase.

VMware and F5 vulnerabilities exposed

Commenting on one of these vulnerabilities, CVE 2022-22954, cybersecurity firm Mandiant said: “An attacker could exploit this vulnerability to perform a server-side template injection… An attacker would need to send a specially crafted request to the vulnerable system. A failed attempt at exploitation could potentially cause a crash of the application, resulting in a denial-of-service condition.” 

On April 13, VMware confirmed the exploitation of this vulnerability in the wild. On April 25, The Hacker News reported that a threat actor known as “Rocket Kitten” actively exploited this vulnerability to deploy the Core Impact penetration testing tool on vulnerable systems. 

Mandiant Threat Intelligence wrote that they consider this “a high-risk exposure due to the potential for arbitrary code execution with no user interaction required.”

VMware issued patches for this and other vulnerabilities in April and released additional fixes last week. CISA’s emergency directive suggests that many organizations have not quickly updated their systems.

And it’s not just government agencies that are at risk from these supply chain risks. 

“We also strongly urge every organization – large and small – to follow the federal government’s lead and take similar steps to safeguard their networks,” CISA said late last week.

Vulnerabilities extend into the cyber supply chain 

There are many reasons why organizations fail to update their software and hardware fast enough, but budget and staffing shortages are primary.

Proactive Chief Information Security Officers (CISOs) can quickly discover if they have an installed vendor with security issues and schedule patches or updates to mitigate the problems. 

The real challenge is knowing whether their cyber supply chains have critical suppliers or partners using compromised systems and then taking steps to address those vulnerabilities. 

An analysis of Interos’ global relationship mapping platform data reveals the scale of the challenge: 

• 1,239 companies were identified using VMware’s Workspace ONE Access or F5’s BIG-IP products.
• 88 of these companies use both vendors.
• Of the top five direct buyers, more than half (58%) were U.S.-based and more than one-quarter (29%) were in the IT software and services sector.
• The U.K., Canada, Australia, and India are also home to major direct buyers, with banks, consumer services firms, and healthcare providers.

Looking further upstream into the extended cyber supply chain:

• The 1,239 companies using the affected VMware and F5 products directly supply more than 98,000 customers in the U.S., U.K, Germany, Canada, and other countries.
• These 98,000-plus firms, in turn, do business with more than 600,000 firms at Tier 2. 

Mandiant’s 2022 M-Trends report, published last month, found that supply chain intrusions were the second most prevalent form of attack in 2021.

Almost one-fifth (17%) of intrusions involved a supply chain compromise – up from just 1% in 2020. The vast majority of these attacks were related to the SolarWinds breach. 

Last week, cybersecurity firm SentinelOne published an analysis of a new supply chain malware attack against the Rust development community.

CISOs must monitor supply chain risks

Predicting the next supply chain cyber-attack or disruption is a dark art. However, being aware of all your suppliers and their connections may give you a better chance to understand weaknesses in your cyber supply chain and mitigate risks. 

Gone are the days when sending a survey to a supplier every two years and asking only about cyber risk was a practical approach. 

The best CISOs actively contribute to operational resilience by continuously monitoring their entire supply chains for multiple types of threats – including vendor financial weakness – using a risk mapping and scoring solution such as the one developed by Interos. 

To learn more about Interos, visit Interos.ai. 

By Geraint John and Margaret D’Annunzio

The ongoing litany of supply chain disruptions is prompting many organizations to redesign their global supply networks to build resilience. New research published this week by Interos found that almost two-thirds (64%) of executives said their organizations planned to make “wholesale changes” to their supply chain footprints.

And it’s not only business leaders that are focusing on the need for greater supply chain resilience.

Heavyweight economic and political institutions are also weighing in on the issue and proposing a variety of (sometimes conflicting) solutions – as evidenced by two recent reports from the International Monetary Fund (IMF) and the U.S. government.

The latter’s “Economic Report of the President,” (Economic Report) published in April, devotes an entire chapter to “building resilient supply chains.”

This portion of the Economic Report robustly analyses the evolution of modern supply chains and discusses some of the failures associated with firms’ and countries’ increased reliance on outsourcing and offshoring.

The Economic Report suggests that some of main reasons for supply chain globalization since the early 1990s are: Greater access to foreign suppliers through IT advances and lower trade barriers; government subsidies for key manufacturing sectors; and short-term financial incentives for top executives.

It argues that although COVID-19 exacerbated supply chain risks and made them more obvious, the pandemic did not create the majority of vulnerabilities, nor will its end abate them.

“Because of outsourcing, offshoring, and insufficient investment in resilience, many supply chains have become complex and fragile,” the report notes.

Shining a Light on Concentration Risk

Interos’ own research found that concentration risk is of particular concern to senior supply chain executives. Almost 9 out of 10 of the 1,500 procurement, IT and IT security professionals surveyed by Interos in the first quarter of 2022 agreed they had too many suppliers located in one area of the world.

Concentration is a Big Concern

“My organization has too many suppliers concentrated in one area of the world and this is of concern to us”

n=1,500; Source: Resilience 2022: The Interos Annual Global Supply Chain Report 

The White House report cites several examples of highly concentrated supply chains:

• Taiwan (and its dominant manufacturer Taiwan Semiconductor Mfg. Co. [TSMC]) produce 92% of the world’s supply of advanced semiconductors
• China manufactures 73% of lithium-ion batteries and has a 97% global market share of ingots and wafers used to make solar panels
• China also has a dominant position in the battery raw materials: lithium and cobalt, of which it refines 60% and 80% of global supply, respectively

Recent analysis of Interos’ global relationship mapping database found that while TSMC, as a contract manufacturer to the semiconductor industry, has a relatively small number of direct customers in the U.S. and Europe (Apple being the largest), its importance at tiers 2 and 3 is enormous.

And a new Interos report on rare-earth elements (REE) – which are also important inputs to computer chips and electric vehicles, among other products – noted that China controls 84% of the global market, with over 100,000 U.S. companies and more than 50,000 European firms having the top 21 Chinese REE suppliers in their extended supply chains.

Will Reshoring Really Bring Resilience?

One potential solution to fragile and concentrated global supply chains that gets plenty of airtime is reshoring production back to “home countries”.

Respondents to Interos’ annual survey said that, on average, they expected to reshore or nearshore around half (51%) of foreign supplier contracts in the next three years.

The White House’s Economic Report argues that “at least some domestic production of critical goods” such as semiconductors and batteries is required – in part for national security reasons.

However, the IMF, in its equally detailed analysis, takes a somewhat different view, noting that, on average, 82% of Western firms’ intermediate inputs are already sourced domestically. It argues that “policy proposals to reduce dependence on foreign suppliers, especially in strategic sectors… may be premature, if not misguided.” Instead, the IMF advocates greater diversification in international sourcing – that is to say, increasing the number of suppliers and locations used.

Interos’ survey findings appear to support this view, with more than 60% of executives saying their organizations plan to increase the number of firms in their supply chains over the next three years, compared with 15% or less that expect to reduce them.

Supplier Diversification is Happening

How the number of companies in organizations’ supply chains will change

n=1,500; Source: Resilience 2022: The Interos Annual Global Supply Chain Report 

Even if managers do successfully make the business case for bringing product manufacturing back onshore, they still face a number of challenges – not the least of which is developing a local supply base.

French sportswear brand Salomon is a case in point. It decided to make its running shoes in a highly automated plant in France after many years operating in Asia, but found it was still reliant on suppliers of soles and other parts in China and Vietnam.

Improving Supply Chain Visibility & Resilience

Despite their differences, the IMF and White House reports do agree on some things. Chief among these, perhaps not surprisingly, is the need for government policy to support companies in their resilience-building efforts.

Interventions include:

• Improving transportation infrastructure, such as major ports
• Reducing international trade costs, and in particular non-tariff barriers
• Convening and coordinating firms to develop standards and find industry-wide solutions
• Aggregating and disseminating data that help companies better understand their supply chains

On this latter point, both reports emphasize the importance of supply chain visibility.

“Visibility into supply chain relationships is necessary to identify vulnerabilities in supply chains, so that firms can properly plan for disruptive events,” notes the White House report.

Interos’ survey found overwhelming support among executives for technology to solve this problem.

Although less than a fifth said their organizations were already using intelligent, automated solutions to understand interdependencies at multiple tiers, three-quarters expected to have such technology in place within the next 12 months.

To download a copy of Resilience 2022: The Interos Annual Global Supply Chain Report, click here.

A comment from a Volkswagen executive in the Wall Street Journal this week sums up the challenge facing many European and international companies when it comes to the crisis in Ukraine. “Ukraine is not central to our supply chain, but suddenly we discovered that when this part is missing, it is.”

The war has already taken an extraordinary toll on individuals, families, and communities in Ukraine. Another added layer of anxiety comes from employees and businesses not knowing the full extent of their commercial ties and dependencies on Russia or Ukrainian supply chains in their extended supplier networks.

European reliance on Russia/Ukraine supply chains is greater than it seems

Bad intelligence derived from opaque supply chains can have perilous implications on businesses and individuals. For instance, data from Interos’ global relationship mapping platform shows that less than 250 German companies have direct tier-1 suppliers in either country. But, when the focus is expanded to include their suppliers’ suppliers the number of connections jumps massively.

Germany-based firms across all industry sectors have:

• Tier-2 connections with more than 1,600 suppliers in Ukraine, and over 7,500 in Russia
• Tier-3 connections with more than 12,200 suppliers in Ukraine, and over 18,200 in Russia

Broadening the focus to the European Union as a whole plus the UK, the number of tier-2 and tier-3 connections with Russian and Ukrainian suppliers is greater still:

• More than 8,200 European firms have tier-2 suppliers in Ukraine, and over 38,000 have tier-2 suppliers in Russia
• More than 109,000 European firms have tier-3 suppliers in Ukraine or Russia

A survey of German supply chain and procurement executives conducted by Gartner last year found that 80%  of companies thought they had good visibility of tier-1 suppliers (more than three-quarters of companies, parts and locations known). However, only 7% said the same about tier 2, and only 5% about tier 3.

Given these findings, the fact that a company like VW is unaware of its risk exposure to the war Ukraine until critical parts stop arriving at its car factories should come as no surprise.

In a lean and just-in-time industry like automotive, where every part is critical no matter how cheap or small, the impact of disruption is more immediate than in other sectors. Which is why VW stopped production at its plants in Zwickau, Dresden and elsewhere this week.

Visibility helps companies respond to crisis

European supply chain leaders – like their counterparts in the U.S., Asia and elsewhere – may not have all the data they need to optimize their scenario modelling and risk mitigation strategies, but they are working towards improving  these capabilities.

Gartner’s 2021 supply chain risk and resilience study found that “better supply chain visibility” was the biggest area for improvement. 70% of the sample ranked it in their top three. 40% said it was their number one priority.

• Almost two-thirds of respondents (64%) said they were working on multi-tier mapping now, compared with only a fifth (19%) who said they had processes in place previously.
• Almost three-quarters (73%) said they were looking at technologies to help them map their multi-tier supply chains and improve visibility – compared with just 11% who had already done so.
• More than half (57%) said that having “better supply chain risk tools/technologies” was a top 3 priority for improving risk management in their businesses.

Many of these improvement efforts and investments will not come in time to enable European companies to avoid supply chain disruptions stemming from the war in Ukraine. It is also unlikely that most businesses have insulted themselves from the impact of sanctions imposed on Russian firms as a result of Putin’s invasion.

This horrific and unjustified conflict has already upended decades of conventional thinking about war and international business, as well as the supply chains that underpin them. The data on tier visibility shared above is crystal clear evidence that despite limited immediate connections, deeper analysis shows just how interconnected and interdependent our economies, businesses, and people are.

Greater awareness of the level and nature of that interdependence is essential to building a supply chain and business community that can withstand immense shocks and continue to provide essential services and information in times of crisis.

Continue to follow the Interos Crisis Resource Center and Blog as the crisis evolves in Russia and Ukraine. We will continue to post supply chain information and insights as they become available.

*The statistics in the blog below have been updated following a deeper analysis of the supply chain. We are continuing to monitor the highly volatile situation in Ukraine and will update this piece accordingly as new information becomes available. 

A Russian invasion of Ukraine has the potential to cause extensive and debilitating supply chain disruption across the globe. This may result in rising input costs to a heightened threat of cyber attacks.

Russia, Ukraine Key to Global Economy

Today thousands of U.S. and European companies do business with suppliers in Russia and Ukraine. Many of them could be at risk during a prolonged military conflict. Analysis of global relationship data on the Interos platform reveals critical findings:

• More than 2,100 U.S.-based firms and 1,200 European firms have at least one direct (tier-1) supplier in Russia.
• More than 450 firms in the U.S. and 200 in Europe have tier-1 suppliers in Ukraine.
• Software and IT services account for 13% of supplier relationships between U.S. and Russian/Ukrainian companies. Consumer services represent another 7%.  Trading and distribution services account for about 6%, while industrial machinery counts for about 4%. Oil, gas, steel, and metal products account for other everyday items purchased from the two countries.

The proportion of U.S. and European supply chains that include tier-1 Russian or Ukrainian suppliers is relatively low. This increases substantially when incorporating indirect relationships with suppliers at tier-2 and tier-3.

• More than 190,000 firms in the U.S. and 109,000 firms in Europe have Russian or Ukrainian suppliers at tier-3.
• More than 15,100 firms in the U.S. and 8,200 European firms have tier-2 suppliers based in Ukraine.

Supply chain and information security leaders in U.S. and European organizations should review their dependence on Russian and Ukrainian suppliers at multiple tiers. This is a key first step in assessing risk exposure in the region and ensuring operational resilience.

Supply Chain Disruption: 4 Major Risks

In the event of a Russian invasion of Ukraine, four major areas could spark supply chain disruption:

Commodity price increases

Energy, raw material, and agricultural markets all face uncertainty as tensions escalate. Russia provides over a third of the European Union’s natural gas, and threats to this supply could force up prices when companies and consumers are already facing higher energy bills. Natural gas supply pressures likely would spike volatility in other energy markets too. By one estimate, an invasion could send oil prices spiraling to $150 a barrel, lowering global GDP growth by close to 1% and doubling inflation. Even lower estimates of $100 a barrel would cause input costs and consumer prices to soar.

Food inflation is another risk that may cause supply chain disruption. Ukraine is on track to being the world’s third-largest exporter of corn, and Russia is the world’s top wheat exporter. Ukraine is also a top exporter of barley and rye. Rising food prices would only be exacerbated with additional price shocks, especially if Russian loyalists seize core agricultural areas in Ukraine.

A conflict could continue to squeeze metal markets. Russia controls roughly 10% of global copper reserves and is also a significant producer of nickel and platinum. Nickel has been trading at an 11-year high, and further price increases for aluminum are likely with any disruption in supply caused by the conflict.

Firm-level export controls and sanctions

U.S. and European export controls could exacerbate commodity cost pressures. The use of such controls to restrict certain companies or products from supply chains has soared over the last few years. While many have been aimed at Chinese companies, a growing number of Russian firms have been earmarked for export controls for “acting contrary to the national security or foreign policy interests of the United States.”

Not surprisingly, U.S. companies and business groups are urging the government to be cautious in how it applies any new rules. Prominent Russian companies already on a U.S. restrictions list include Rosneft and subsidiaries, and Gazprom. Extending export controls and sanctions to Gazprom’s subsidiaries, other energy producers and key mining and steel market firms could further impact supply availability and input costs.

U.S. and E.U. export controls would also likely target the Russian financial sector, including state-owned banks, as a deterrence tactic. U.S. officials have noted that any sanctions would be aimed at the Russian financial sector for a “high impact, quick action response.”

Cyber security collateral damage and supply chain turmoil

Entities linked to malicious cyber activity may also face further repercussions from the U.S. and its partners. Ukraine is certainly no stranger to Russian cyber aggression. Russia has twice disrupted the Ukrainian electric grid, first in December 2015, leaving hundreds of thousands of Ukrainians in the cold, and again the following year. But destructive attacks on the country’s infrastructure could also spark significant collateral damage in global supply chains.

In 2017, the NotPetya attack on Ukrainian tax reporting software spread across the world in a matter of hours. The attack disrupted ports, shut down manufacturing plants, and hindered the work of government agencies. The Federal Reserve Bank of New York estimated that victims of the attack, including Maersk, Merck, and FedEx, lost a combined $7.3 billion.

This figure could pale compared to the global supply chain impact of a Russia-Ukraine military conflict, which would inevitably include a cyber element. Whether Russia would target its cyberwar playbook at U.S. or E.U. targets in retaliation for any support to Ukraine remains hotly debated. But the Cybersecurity Infrastructure and Security Agency (CISA) has been urging U.S. organizations to prepare for potential Russian cyberattacks, including data-wiping malware, illustrating how the private sector risks becoming collateral damage from geopolitical hostilities.

Geopolitical instability

Cyberwarfare would be unlikely to remain within Ukraine’s borders. Thus the destabilizing effect of a Russian invasion could have wider geopolitical ramifications. In Europe, a refugee crisis could emerge, with three to five million refugees seeking safety from the conflict. In Africa and Asia, rising food prices could fuel popular uprisings. Of the 14 countries that rely on Ukraine for more than 10% of their wheat imports, the majority already faces food insecurity and political instability.

China is watching closely to see how the world responds if Russia invades Ukraine. The superpower has its own aspirations of seizing territory and extending its sphere of influence. Taiwan’s defense minister has remarked that tensions over Taiwan are the worst in 40 years. A Russian invasion could further embolden China to enlist military tactics against Taiwan. In addition to far-reaching geopolitical implications, this would have a significant impact on electronics and other global supply chains.

How to Stop Supply Chain Disruption

Many of these risks may not materialize and represent a worst-case scenario. But executives should think carefully about the potential impact of a Russia-Ukraine military conflict. These leaders need to ensure appropriate contingency plans for their most critical supply chains and riskiest suppliers in the region.

Risk mitigation strategies include:

• evaluating required levels of inventory and labor in the short to medium term;
• discussing business continuity plans with key suppliers; and
• preparing to switch to, or qualify, alternative sources for essential products and services.

With the right technology to enable proper analysis, planning, and execution, it is possible to mitigate significant risk, ensure operational resilience, and avoid supply chain disruption. For more information about the Interos platform and how it can help with this process, visit interos.ai.