Hezbollah Device Explosions: A Stuxnet Moment for Supply Chain

Author: Dr. Andrea Little Limbago 

An Inflection Point

Almost six years ago, Bloomberg published a report on Chinese government infiltration of 30 US companies through the technology supply chain. This report was highly controversial within the cybersecurity community and remains openly disputed regarding the validity of inserted ‘spy chips’. Since then, there has been less focus on infiltrated technology supply chains, as the pandemic and trade wars shifted attention away from espionage and toward more traditional industrial policy and risky businesses within the supply chain ecosystem. 

On September 17 and 18, 2024, infiltrated pagers and walkie talkies exploded across Lebanon, escalating the decades-long conflict between Israel and Hezbollah. While investigations remain ongoing, reports point to Israel infiltrating a complex supply chain of devices sold in Hungary, and authorized to sell on behalf of a Taiwanese company, Gold Apollo. While the company sold devices to the broader population, those sold to Hezbollah contained the explosive PETN. As more information becomes available, a picture will likely unfold of complexity and extremely targeted backdoor infiltration of a technology supply chain.  

This past week’s attacks in Lebanon are an inflection point, expanding technology supply chain risks toward supply chain sabotage, and shifting all rules of engagement in supply chain security and modern warfare. Whether or not ‘spy chips’ occurred in the past, given the shift in norms, a line has been crossed, rendering technology supply chain infiltration a growing supply chain security risk in a tenuous geopolitical environment. 

New Rules of Engagement in Modern Warfare 

The supply chain infiltration behind the attacks is on such a distinct scale and scope, it is reminiscent of the turning point from the Stuxnet cyber attacks, described as the world’s first digital weapon. In 2010, reports surfaced that several zero days exploits simultaneously sabotaged Iranian nuclear enrichment facilities. Most research identifies U.S. and Israeli intelligence as the creators of the exploits, which weren’t widely noticed until they spread beyond the Natanz facility.  

Viewed as the first digital weapon to cause physical damage, it shifted all cyber norms and rules of engagement and opened Pandora’s Box to the modern cyber threat landscape. From the 2012 Saudi Aramco attacks where wiper malware destroyed over 35,000 computers to Russia’s BlackEnergy cyber attacks on the Ukrainian energy grid in 2015 and 2016 to Saudi Aramco to Iran’s failed penetration of New York’s Rye dam, physical infrastructure by cyber attacks is no longer unexpected or unprecedented. In fact, earlier this year FBI director Christopher Wray detailed how China is burrowed deeply within US infrastructure.  

The Tipping Point for Security Risk 

In a similar manner, just as Stuxnet upended the norms of cyber behavior and physical destruction, the explosive devices used against Hezbollah will upend all norms behind supply chain infiltration and destructive effects. There already has been a growing national and economic security concern over risky businesses within the supply chain ecosystem. Since 2016, the US has added thousands of companies to a range of sanctions lists, many of which are deemed national security risks.  

Five years ago, the Pentagon blocked military from purchasing phones made by Huawei and ZTE due to national security risks. This has been a growing trend across the globe, as India blocked Chinese apps, China blocked Kaspersky and Semantic, Australia removed Chinese security cameras and so on. These have often been coined backdoor risks, as companies legally enter a supply chain ecosystem without any need for obfuscation. 

These have generally focused on software, not hardware, backdoors into systems. Last week, we may have witnessed the tipping point for hardware backdoor supply chain security risk based on the insertion of illegal or unknown physical parts. While distinct in its execution, there has been growing concern over the security of the hardware supply chain. 

The US CHIPS and Science, in part, targets this risk by incentivizing the manufacturing of semiconductors domestically. Nevertheless, the exploding devices manifest the real-world impact when foundational technologies are used as Trojan horses to carry out military objectives. As we have seen with Stuxnet, once that Pandora’s box is opened, it is a game-changer in the risk landscape and global norms. 

How Can Companies Protect Themselves in this New Norm? 

To prepare for yet another significant disruption shaping the new normal, there are several steps organizations can take.  

First, foundational risk approaches still hold true but require even greater diligence. Perfunctory risk processes are inadequate for this risk landscape. Know your supplier (KYS) takes on even greater importance, not just within direct suppliers but across the entire supply chain ecosystem. This, in turn, requires augmented visibility across your supply chain, a difficult feat due to the hyperspecialized and complex supply chains built over the last few decades where geopolitics was not taken into account. 

Gaining that visibility is just the start, additional context is required. For instance, are any of the thousands of restricted companies present several tiers within your supply chain? In many cases, these companies have already been linked to data exfiltration, it is not a great leap to consider hardware infiltration from these same technology companies.  According to Interos data, 148 (~30%) S&P 500 companies have a direct supplier relationship with a banned company, risking severe civil and criminal penalties, 19% of which are in the Computer and Electronic Product Manufacturing industry.  Beyond these direct (tier-1) suppliers, virtually every S&P 500 company has sub-tier (tier-2, tier-3 and beyond) supplier relationships with at least one at-risk or restricted company.  

This has always posed a regulatory risk, but the national and economic security risks must also feature in supply chain security risk assessments. While last week’s attacks were not via a restricted company, those technology companies on restricted lists represent a more probable pathway to hardware infiltration and warrant heightened alert. 

Tracking the latest in restricted companies is difficult as there is no single consolidated list across all U.S. and international organizations. Fortunately, Interos simplifies this process by surfacing several dozen restrictions lists across the US, Five Eyes, and international governmental organizations, extended across the entire supply chain ecosystem. These companies, especially those in technology, are at the highest risk of technology supply chain infiltration. These companies do not only pose a regulatory risk but could also interdict data or sabotage on behalf of adversaries. 

The stark reality of this new era is that the geopolitical risk stems much broader than restrictions – companies and governments need visibility into all areas of supply chain risk: financial, cyber, ESG, geopolitical and catastrophic risk.

In short, the globalized era of entangled supply chains absent geopolitical considerations is over. 

Supply Chain Security: Time to Double Down 

Almost a decade ago, the fictional political thriller Ghost Fleet imagined a future war beginning with supply chain infiltration. In this futuristic scenario, China hacks the U.S. electronics supply chain, disrupting everything from navigation systems to fighter jets. The digital revolution – or the fourth industrial revolution – continues to shorten the time frame between futuristic scenarios and modern reality.  

As Stuxnet demonstrated almost fifteen years ago, the shifting cyber attack landscape quickly expanded beyond governments and into the public sector. The device explosions in Lebanon similarly crossed a new line and will accelerate the pace at which the technology supply chain is exploited by government and non-government actors alike. Whether the Bloomberg report proves valid or not, the supply chain infiltration of the devices introduces similar supply chain security risks – it’s no longer a matter of if, but when a technology supply chain infiltration will occur again.  

Just as software backdoors have increased in prevalence, the same may soon be true of hardware backdoors, making it all the more critical for a fresh look and reprioritization of supply chain security. 

We are here to help. Speak to a risk intelligence expert today.  

 

Taming Digital Supply Chain Threats: NYSE CISO’s Battle Plan for the AI Era

Author: Dianna O’Neil 

In Interos’s latest Voices of Innovation session, NightDragon Founder & CEO Dave DeWalt, tackled today’s new breed of digital supply chain threats with Steve Pugh, Chief Information Security Officer (CISO) of the Intercontinental Exchange, Inc., better knowns as the New York Stock Exchange. As CISO, Pugh is responsible for securing critical economic infrastructure across multiple subsidiaries, geographies, and regulatory jurisdictions. 

Together Pugh and DeWalt explore the fluid landscape of digital risk and the critical role of AI supply chain risk intelligence in addressing escalating threats.  

Speed and Scale: The Core Challenges 

Pugh emphasized that the fundamental issues in digital supply chain risk management are the speed and scale of dispersed and sophisticated threats originating from bad actors, cyber criminals, adversarial nations, and other dynamic and fast-moving entities all over the world. “The key for a lot of my peers and colleagues is how do we keep up and innovate at that same speed [as bad actors], and then match the scale?” Pugh emphasized the staggering complexity of today’s attacks underscore the need for rapid adaptation and scalable solutions in the face of evolving risks. 

Building on this, DeWalt described the current global threat environment as “the perfect supply chain risk storm,” highlighting flashpoints with implications for digital supply chain stability.  

  • Heightened geopolitical tensions 
  • Regional conflicts 
  • Shifting dependencies on nations 
  • Increased cyberattacks targeting supply chains and third-party providers 

Unmasking “Unknown Unknowns”

Against this backdrop, Pugh noted the need to effectively communicating supply chain risk to high-level stakeholders, including corporate boards, to align on critical threats and move from insight to action, aided by emerging technologies that allow enterprises to take a proactive security posture. 

Pugh emphasizes two domains: visibility and control. “At the board level, we talk about it in two domains. The first is visibility, and then the second is control. And you really can’t talk about control unless you have the right level of visibility in your supply chain.” He focused on the critical importance of comprehensive supply chain visibility, using AI risk mapping and monitoring, as a prerequisite for effective risk management. 

Pugh elaborated by referencing Donald Rumsfeld’s “known knowns, unknown knowns, and unknown unknowns” matrix. He stated, “There’s a lot of unknown unknowns… that’s where the complexity really gets tough.” To illustrate this complexity, he shared an example from the experience of colleague at external engineering firm: that person experienced a catastrophic incident caused by “one bolt from a supplier somewhere in the world” failing—not due to malice but simply due to negligence or defect. He drew a parallel with third-party software and technology providers, noting how vulnerable third-party software solutions from obscure tiers of the supply chain can have significant consequences across interconnected digital supply chains. 

AI to the Rescue

Both DeWalt and Pugh expressed optimism about the role of AI and advanced risk intelligence in addressing supply chain challenges, particularly the ability of AI to deliver enhanced visibility and risk analysis at speed and scale. 

AI enables the ingestion and analysis of vast amounts of data from various sources, providing insights into complex supply chain relationships in real-time. Pugh explained, “AI can come alongside us and almost be a companion, to scale up and do so at speed and reason over all of these different data points.” Given the hundreds of millions of businesses globally, with billions of sub-tier supply chain interdependences, this capability is crucial for managing multi-tier risks effectively. 

Pugh detailed three primary ways AI is enhancing software development and security: 

  • Reasoning over code to find and fix defects quickly 
  • Generating cleaner, more secure code 
  • Enabling co-development with AI for native integration 

“We end up in this place where… you end up with some really good code that has fewer defects,” Pugh noted. He elaborated on how AI can create a “virtuous software development cycle” that significantly reduces potential vulnerabilities over time. 

Converging Physical and Cyber

Pugh’s role at NYSE encompasses both physical and cybersecurity—a trend that DeWalt sees increasing across industries. This convergence allows for a more comprehensive approach to risk management since physical threats can impact digital assets, unleashing a ripple effect with devastating financial consequences. 

Amid these changing dynamics, Pugh sees the CISO role evolving into that of a “risk business partner” to company leadership. “I think the role of the CISO is evolving to become more of a risk business partner,” he explained. This broader perspective allows for a more holistic approach to security and risk management across an organization. 

Channeling Optimism

As digital supply chain risks continue to evolve and expand, integrating AI technologies and continuous supply chain lifecycle risk intelligences alongside converging physical and cybersecurity offers promising solutions. Pugh’s final thoughts reflected a promising outlook: “I am optimistic on AI… I think it’s something that will certainly help us.” By embracing these generational innovations while maintaining a real-time view of risk management, organizations can better navigate the complex and fraught landscape of global supply chains in the digital age. 

Technology such as Interos Watchtower™ utilizes AI to continuously map and monitor relationships across the risk lifecycle to help enterprises mitigate physical and digital threats before they escalate to crisis. 

To learn more about how Interos can fortify your supply chain, contact us 

 

 

Why AI Risk Intelligence Is Key to Strengthening Digital Supply Chain Cybersecurity

Image: NOIRLab/NSF/AURA/T. Slovinský

Story by Alea Marks & Dianna ONeill

The second episode of Interos’s executive insights series, “Voices of Innovation,” explored how AI is enhancing digital supply chain cybersecurity – with former CISA Chief of Staff Kiersten E. Todt calling the issue an “urgent challenge.”

“The AI Revolution in Supply Chain Cyber Defense” discussion between Todt and Dave DeWalt, founder and CEO, NightDragon, comes against a backdrop of soaring software supply chain attacks that make today’s complex digital ecosystems acutely vulnerable to breaches, attacks, failures and other cascading disruptions.

Here are five key takeaways from their conversation:

1-Understanding and Managing Supply Chain Risk
The rise in software supply chain attacks has highlighted persistent and costly risks in interconnected digital supply chains, particularly as cybercriminals exploit vulnerabilities in third-party software components. Gartner projects that by 2025, 45% of global organizations will have experienced a supply chain attack, which is three times higher than in 2021

Todt stressed the need for visibility and transparency in managing latent third-party vulnerabilities:

“I do think it’s one of the most urgent challenges to be addressed because we don’t know all the interdependencies [that exist] and we have to have greater visibility into all of the touchpoints that we have. Understanding our third-party risk, understanding where third-party supplier vendors are not as strong or resilient as we need them to be, is critical.”

Recent data shows that 61% of businesses have been impacted by supply chain attacks in the past year, highlighting the extensive attack surface and the urgent need for proactive measures. AI-driven  intelligence – which has the power to continuously monitor supply chain lifecycle risk at scale – is vital amid these realities.

2- Government and Industry Partnership

The collaboration between government and industry has led to approaches like Secure by Design, which emphasizes integrating security measures into the development process from the beginning, rather than adding them later, and ensuring a careful balance between security and innovation:

“The prioritization of security over getting something out there is what needs to happen. Secure innovation doesn’t have to be an oxymoron,” Todt said.  “If we think about cybersecurity, progress is security, it is safety. That is the principle […] that we’ve seen from the government leaders, but importantly as partners with industry, that we’ve seen prioritized.”

3- Opportunity Over Sophistication

DeWalt noted the importance of identifying “choke points” in the supply chain, as demonstrated by third party cyber vendor incidents in companies like Change Healthcare and auto dealership software company CDK. Todt emphasized that risk is often about opportunity rather than sophistication:

“When you look at Colonial Pipeline, that company for all we know was not targeted because it was transferring 45 percent of fuel along the East coast, it was targeted because it didn’t use multifactor authentication and in a broad sweep its vulnerabilities percolated to the top. A lot of this activity is just looking for where the vulnerabilities are. It’s so important to appreciate not just where they are, but what do you need to function? What do you need to be efficient? What does your supply chain and your manufacturing process need to actually operate?”

Interos Watchtower™: The Necessary Visibility

DeWalt emphasized the complexity of global supply chains, where today’s large enterprises can easily maintain tens of thousands of suppliers across their extended global networks. Identifying and understanding supplier risk across these interdependent ecosystems is crucial, and new technology such as Interos Watchtower™ utilizes AI to continuously map and monitor relationships across the risk lifecycle to help enterprises mitigate supplier failures before they escalate to crisis.

By leveraging AI and real-time critical risk intelligence, companies can enhance their resilience against cyber, regulatory, ESG, and other threats, ensuring that their digital supply chains remain secure and efficient.

Enabling the Future with AI Supply Chain Intelligence

AI technologies are revolutionizing supply chain security by enabling advanced analytics and real-time risk detection, monitoring, and other advantages. These capabilities allow organizations to anticipate potential supply chain disruptions in advance to rapidly mitigate threats and optimize resource allocation.

To watch the replay of Todt and DeWalt’s conversation click HERE.

To learn more about how Interos can fortify your supply chain contact us HERE.

 

 

 

“It’s Going to Get Worse Before It Gets Better” Navigating Supply Chain Geopolitical Risks: Insights from National Security Experts

by Alea Marks & Dianna ONeill

Interos’s new executive insights series, “Voices of Innovation,” hosted a critical conversation on escalating geopolitical threats to supply chain security.

The inaugural session brought together former NSA Director and US Cyber Command head, Admiral Mike Rogers (Ret.)  and Andrea Little Limbago, Ph.D., Head of Applied AI, Interos, and a frequent speaker on geopolitical risk and cybersecurity.

Five Key Quotes

1-Supply Chain Vulnerabilities

In an era of global interconnectedness, supply chains have become increasingly complex and efficient. However, this integration introduces acute new vulnerabilities. Today’s multinational ecosystems can easily encompass thousands of sub-tier suppliers, fueling continued supply chain disruptions that cost the global economy $3 trillion in annual losses.

Admiral Rogers highlighted this double-edge sword, noting the ripple effect across interconnected systems:

“There’s definitely been a tradeoff,” Rogers observed. “The downside is we have to acknowledge, as we can see with CrowdStrike being the latest issue, that we’ve got fundamental vulnerability inherent in the system.”

2-Geopolitics and Corporate Boards

Given the global footprint of many large enterprises, Admiral Rogers highlighted the growing concern among corporate boards regarding geopolitical risk:

“I spend a lot of time talking to corporate boards on geopolitics. They are trying to understand, the world around me seems to be changing. That has implications for my business model, and it has implications for my liability and responsibility.”

Rogers emphasized that companies are increasingly recognizing the need to better understand the global context and for their supply chain operations, identify risks, and develop strategies for risk mitigation and prioritization.

3-Criminals Targeting Supply Chains

In discussing evolving digital cyber threats, Admiral Rogers expressed surprise at the recent trend of criminals targeting digital supply chains:

“I never thought I would see criminals go into supply chain, supply chain route in terms of an attack vector. That was true until about 15 months ago, but we’re now seeing criminals going down this route. So, organizations now are routinely asking themselves, do I understand the dimensions of my supply chain? And what steps am I taking to try to mitigate that risk?”

4-Proactive Risk Mitigation

Anticipating and preparing for potential disruptions emerged as a critical theme. Rogers emphasized the value of proactive planning and regular practice in enhancing an organization’s resilience:

“The more time you put up front in thinking through and anticipating, the better your performance in crisis,” he advised. “I can’t anticipate every scenario, but the more I train, the more I simulate, the more I practice, the more efficient and effective I’ll be in responding to disruption and generating resilience.”

5-Evolving National Security Landscape

The conversation addressed the changing nature of national security, which now encompasses economic security and digital advantage. Rogers highlighted how this shift is leading to increased government involvement in previously private sector domains.

“Governments are getting much more directive and much more broadly involved,” Rogers observed. He noted a significant shift in cybersecurity strategy: “The biggest shifts in [cybersecurity] strategy were, number one, it’s no longer the individual user to hold accountable – it’s the entities that are in the best position to achieve a broad impact.”

Interos Watchtower™: A Strategic Solution

Rogers and Little Limbago also discussed Interos Watchtower™, AI-driven technology that provides personalized risk models to defend against geopolitical threats. Rogers noted the criticality of mapping and prioritizing threats, emphasizing:

“We have got to get to prioritization. Because if we can’t prioritize, if we can’t figure out the best use of limited resources, we got real problems.”

Watchtower highlights vulnerable suppliers based on potential business impact, allowing organizations to prioritize and remediate regulatory, cyber, government intervention, and foreign ownership risks, among others.

Looking Ahead

Admiral Rogers concluded with a sobering yet hopeful outlook:

“It’s going to get worse before it gets better.” However, he noted that more businesses and senior leaders are acknowledging the challenge, stating, “You can’t solve a problem if you don’t acknowledge it.”

The conversation made clear the pervasive nature of geopolitical supply chains impacts. From trade tensions to shifting nation-state alliances, a host of changing global dynamics present new opportunities for disruption. Organizations that fail to  adopt a proactive, technology-driven approach to these realities risk falling behind.

Technologies like Interos Watchtower™ are a significant advancement, offering the personalized, actionable intelligence necessary to enhance supply chain strength and security in a volatile  landscape.

Learn more HERE.

 

 

From Tesla’s Troubles to Industry Solutions: Addressing Child Labor in Global Supply Chains

Concerns about the potential for child labor in Tesla’s supply chain highlight a critical issue facing multinationals today: the challenge of ensuring ethical labor practices throughout complex global supply chains.

Despite CEO Elon Musk’s promises of third-party audits and webcams to monitor cobalt mines in the Democratic Republic of Congo, critics charge implementation is falling short.

The Ripple Effect: Industry-Wide Implications

This situation exemplifies the broader challenges companies face in addressing labor issues across their multi-tier supply chains. As governments worldwide implement stricter regulations, companies must act swiftly to protect their reputations and comply with evolving standards.

Interos data shows executives estimate that ESG-related cost increases or revenue losses impact companies at $44M annually.

At Interos, we’ve identified five key strategies to help organizations eliminate unethical supply chain labor practices:

  • Conduct Comprehensive Supply Chain Mapping: Gain visibility into the extended supply chain, from direct suppliers to nth-tier sub-suppliers, to identify vulnerabilities. Continuous supply chain lifecycle risk intelligence from Interos enables advanced analytics and real-time monitoring to scrutinize supply chains for regulatory violations and other ESG concerns.
  • Implement Robust Due Diligence Processes: Develop and enforce rigorous due diligence procedures to complement technology-based assessments. This means going beyond assessing suppliers’ labor practices through audits carried out by accredited third-party agency, to embracing deep supplier visibility and real-time risk assessments..
  • Leverage AI Predictive Analytics: Utilize cutting-edge technologies like Interos’ AI-powered platform, which evolve enterprises from lagging to leading indicators to drive proactive mitigation. Interos’ next generation ESG risk model monitors multiple critical attributes reflecting the multi-faceted nature of ESG threats, including forced labor, emissions, diversity, foreign ownership, and other critical attributes.
  • Collaborate with Industry Partners and Stakeholders: Engage with industry associations, non-governmental organizations, and government agencies to share best practices, align efforts, and collectively address forced labor challenges.
  • Promote Transparency and Accountability: Implement transparent reporting mechanisms, establish clear policies and codes of conduct, and hold suppliers accountable for violations through corrective action plans or termination of business relationships.

Case Studies: Accelerating Ethical Supply Chains with Interos

Interos survey data shows more than a third of leaders at large enterprises are stepping up their ESG investments, and over half acknowledged supply availability was paramount. Global organizations using Interos have gained a sharper picture of supply chain risks, enabling proactive strategies, yielding clear results:

  • A leading global airline leverages Interos’ supply chain lifecycle risk intelligence to ensure the highest standard of ethics and compliance across its apparel supply chain and other sourcing channels.
  • A supermajor oil and gas company leverage Interos to ensure adherence to 30+ EU regulations related to labor, emissions, and other areas.
  • A major retailer utilizes Interos’ foreign ownership data to determine, reduce and remove slave labor from its product lines.

Interos is leading a broader supply chain risk revolution towards transparency and ethical responsibility across industry, enhancing corporate brand, reputation, and profitability.

By taking proactive steps and leveraging the Interos platform, organizations can navigate the complexities of supply chain forced labor risk to foster ethical, responsible, and adaptable supply chains that meet, and surpass, the demands of today’s interconnected economy.

What Satellites Reveal About Concentration Risk in Multi-Tier Supply Chains

The Space Development Agency (SDA), a U.S. Space Force agency, is sounding the alarm on concentration risk in the satellite supply chain.

The SDA has ambitious plans to deploy hundreds of small satellites in low-Earth orbit, but risks have emerged with contractors relying on single sources for critical subsystems, threatening to delay the project. Col. Alexander Rasmussen, chief of SDA’s Tracking Layer program, emphasized the need for government contractors to diversify the supplier base for mission-critical components and to get supply chains “energized” early.

Concentration risk is endemic across multiple public and private sector organizations, fueled by interdependent supply chains with tens of thousands of potential failure points.

A single incident can trigger catastrophic ripple effects, paralyzing operations and inflicting severe financial damage. Interos data shows that large enterprises lose $34 million annually due to disruptions triggered by concentration risks.

Examples of at-risk goods and services include:

Semiconductors

The world’s semiconductor manufacturing is concentrated in Taiwan, specifically at the Taiwan Semiconductor Manufacturing Company (TSMC) and United Microelectronics Corp (UMC). Any disruption to their operations, whether due to earthquakes and other natural disasters, geopolitical tensions, or other factors, could have severe ripple effects across global supply chains for electronics, automobiles, and other vital industries reliant on semiconductors.

Rare Earth Metals

China dominates the global supply of rare earth metals, which are critical components in many high-tech products, including smartphones, electric vehicles, and military equipment. Any disruption to China’s rare earth production or export policies could significantly impact global manufacturing and technology industries.

Global Shipping Chokepoints

A significant portion of global maritime trade passes through a handful of critical chokepoints, such as the Strait of Hormuz, the Strait of Malacca, and the Panama Canal – all of which have continue to grapple with disruptions triggered by geopolitical tensions, accidents, or natural disasters, could severely impact global supply chains and trade flows.

Strategies to Mitigate Concentration Risk

Addressing concentration risk requires a multi-faceted approach anchored in real-time supply chain lifecycle risk intelligence. Here are some practical strategies identify and mitigate concentration threats:

  • Comprehensive Supply Chain Mapping: Companies must gain multi-tier visibility into their supply chains to identify potential concentration risks and other threats. This involves mapping all suppliers and their interdependencies.
  • Predictive Risk Intelligence and Monitoring: Leveraging advanced risk analytics platforms like Interos, businesses can continuously monitor physical and digital supply chains for geopolitical, financial, cyber, regulatory, ESG, catastrophic, and other risks. Real-time alerts and predictive analytics enable proactive mitigation strategies.
  • Supplier Diversification: Reducing reliance on a single supplier or region by diversifying the supply base can mitigate concentration risk. However, this must be balanced against the potential increase in complexity and costs.
  • Nearshoring and Reshoring: Bringing production closer to end markets or back to domestic facilities can reduce exposure to geopolitical risks, trade tensions, and transportation disruptions.
  • Collaboration and Transparency: Fostering collaboration and transparency across the supply chain ecosystem can enhance risk visibility and enable coordinated risk mitigation efforts.

Addressing concentration risk and other supply chain vulnerabilities is not a one-time exercise but a strategic process that requires continuous monitoring, adaptation, and investment.

By prioritizing proactive and predictive supply chain technology like Interos, companies can fortify their operations against potential disruptions, safeguard their bottom line, and maintain a competitive edge.

Click here to learn how Interos can secure your supply chain against concentration risk and other threats.

by Julia Hazel and Dianna ONeill

While the dire outlook for the 2024 Atlantic hurricane season has raised alarms across the U.S., supply chain risk leaders focusing solely on this region are dealing with incomplete information.

Unlike 2023, the Pacific is expected to experience a relative reprieve from tropical cyclones this season. The complex climate dynamics impacting typhoons and hurricanes across the two oceans underscores the need for a global, seasonally-dependent assessment of catastrophic risks to supply chains.

The Looming Threat in the Atlantic

The National Hurricane Center’s unprecedented forecast is fueled by climatic conditions creating a perfect storm for intense hurricane development. However, an exclusive focus on this region alone risks overlooking critical threats to global supply chains posed by tropical cyclone activity elsewhere.

According to data from the World Bank, natural disasters in the East Asia and Pacific region caused over $60 billion in economic damages in 2021 alone, with a significant portion attributed to tropical cyclones disrupting supply chains.

Pacific Cyclones: An Underestimated Peril

In 2023, while the Atlantic saw 20 named storms, the remaining 58 tropical cyclones wreaked havoc across the Pacific and Indian Oceans, inflicting damage from China to Australia and Africa. The impacts of a single, powerful storm system can be immense:

  • Typhoon Doksuri, which ravaged Beijing and coastal China in July 2023, closed major ports and destroyed critical infrastructure, triggering $25 billion in U.S. economic losses according to Munich Re.
  • The technology sector has been heavily impacted by Pacific storms, with companies like Apple, Samsung, and Intel facing disruptions to their supply chains in recent years. In 2022, Super Typhoon Noru forced several semiconductor factories in Taiwan to temporarily halt operations, exacerbating the global chip shortage.
  • The automotive industry has also been battered by Pacific cyclones. In 2021, Typhoon Chanthu caused production stoppages at Toyota’s plants in Thailand, resulting in estimated losses of $98 million.

Regionally Tailored Forecasts

Interestingly, while the Atlantic is bracing for a historically active hurricane season, the forecasts for other regions paint a different picture. The outlooks for the Central and Eastern Pacific call for below-normal tropical cyclone activity, with NOAA anticipating a 50% chance of below-normal activity in the Central Pacific and 60% in the Eastern.

This divergence can be attributed to the effects of La Nina, which augments hurricane development in the Atlantic but has the opposing effect in the Pacific by increasing both vertical wind shear and atmospheric stability – conditions that suppress cyclone formation and intensification.

Comprehensive Catastrophic Risk Assessment

The stark disparity in this year’s forecasts across different regions of the world underscores the importance of businesses adopting a truly global, seasonally-dependent assessment of catastrophic risks to their supply chains. The threats posed by tropical cyclones are dynamic, shifting in both space and time depending on the season, the inherent risk profile of a given location, and continuously evolving climatic patterns.

To protect against these dynamic threats, organizations must gain greater visibility into their extended supply networks, identifying key suppliers situated in areas historically prone to natural hazards like hurricanes and tropical cyclones.

Moreover, they must continuously monitor how risk patterns shift across seasons and regions in real-time, using comprehensive supply chain lifecycle risk intelligence to proactively adjust mitigation strategies:

  • Interos’ catastrophic risk model provides a powerful solution to this complex challenge, offering a high geospatial resolution. This delivers more precise in-country and in-state risk indicators for faster and more focused hazard mitigation.
  • The technology enables businesses to proactively assess which suppliers are in areas susceptible to different natural hazards, as well as which specific hazard risks are likely to emerge during particular seasons.
  • The model’s continuous monitoring enables real-time tracking of supply chain impacts from unfolding natural events, empowering organizations to respond swiftly.

Consider the example of Cooper University Health Care. It used catastrophic risk intelligence from Interos to identify suppliers located in the path of Hurricane Idalia in 2023. By leveraging real-time catastrophic intelligence, managers were able to pre-position critical materials to ensure uninterrupted patient care.

As climate volatility and extreme weather become increasingly commonplace, embracing global, real-time hazard monitoring solutions like Interos’ catastrophic risk technology are crucial for proactively deterring and mitigating supply chain disruptions.

Click here to learn how Interos can secure your supply chain against extreme weather and other risks.

 

Interos Takes Center Stage at Supply Chain USA: AI’s “Golden Moment” for Resilient Supply Chains (3 Key Takeaways)

Photo: Interos Industry Principal Patrick Van Hull (far right)

As 600+ supply chain leaders converged on Atlanta, one concept dominated all others. “AI’s golden moment is upon us,” said Zero100 CEO Kevin O’Marah in opening remarks for the 2024 edition of Supply Chain USA.

More than a “moment,” supply chain AI has surpassed critical mass at warp speed.

According to Gartner, 74% of high-performing supply chain organizations partner with IT to establish robust data security mechanisms for leveraging AI/ML, compared to only 61% of lower performers. Furthermore, McKinsey’s “The State of AI in 2023” report found that 65% of respondents said their organizations have adopted AI capabilities for supply chain management functions.

Interos Industry Principal Patrick Van Hull emphasized this tectonic industry shift during his main stage conference presentation alongside senior supply chain and technology leaders from General Mills, Chevron, and Amgen.

Van Hull stressed AI isn’t just about navigating challenges, but about “using AI to empower individuals to create meaningful, impactful results.”

Here are three additional key takeaways he shared:

1- AI can expand the scope and narrow the risk aperture. Imagine a crystal ball that enables enterprises to see potential disruptions and offers more profound insights into their ecosystem. What about sharing insights across functions in common tools that continuously monitor for changes and enable on-demand reporting? Augmenting human intelligence with the analysis of vast datasets ensures that supply chain leaders have more visibility to understand what’s most material to their enterprise when making informed decisions that align to business goals.

2- Harnessing the data goldmine is all about understanding acute business problems and aligning technology like AI efforts to enable people to solve them. However, the success of these initiatives hinges on a crucial factor: executive buy-in. C-suite leaders need to champion AI integration into supply chain management, driving the necessary cultural and procedural changes that will shape and sustain the future of supply chain management.

3- Traditional supply chain systems can be complex, making it challenging to see beyond point-to-point transactions. At its core, any effective supply chain relationship makes interactions more accessible and impactful. AI enhances these relationships by breaking down silos and enabling seamless information flow. AI empowers all stakeholders to collaborate more effectively to improve operational efficiency and sparks innovation and continuous improvement across the value chain.

While there’s so much more to digest and apply, the initial insights from Reuters Supply Chain 2024 highlight that organizations can build resilient, efficient, and agile supply chains across multiple inflection points:

  • Supply chains mapping: AI rapidly maps interconnected supply chains to reveal hidden failure points
  • Hidden insights streamlined and consolidated: AI uncovers valuable information and patterns from massive datasets
  • Proactive, not reactive: AI enables enterprises to anticipate and address disruptions before they strike.

The key to success is expanding the value chain scope, measuring performance and impact in innovative ways, and aligning the right data management strategies and executive support. Especially with the increasing influence and utility of AI, organizations have never been more enabled to turn risks into opportunities and build resilient supply chains that drive value creation.

 

Bracing for the Worst Hurricane Season on Record: NOAA’s Dire 2024 Forecast and How to Secure Your Supply Chain

The National Oceanic and Atmospheric Administration (NOAA) has issued an unprecedented warning for the 2024 Atlantic hurricane season, predicting it to potentially be the most active and destructive on record. A combination of exceptionally warm ocean temperatures and favorable atmospheric conditions could spawn up to 25 named storms, compared to an average of 14, including four to seven major hurricanes, compared to an average of three. The Atlantic hurricane season runs from June 1 to November 30.

NOAA’s Alarming Forecast

NOAA’s 2024 guidance is based on several factors:

  • Near-record sea surface temperatures: The Atlantic Ocean is experiencing among its warmest temperatures ever recorded, providing an ideal breeding ground for intense storm formation.
  • A rapid transition from El Nino to La Nina Conditions: La Nina conditions are typically associated with above normal hurricane seasons in the tropical Atlantic
  • Low wind shear: Forecasters anticipate lower-than-average vertical wind shear due to a transition from El Nino to La Nina conditions, which can disrupt the intensification and tracks of hurricanes, leading to more robust storm systems that can strike the coast.

With these conditions in play, NOAA warns that 2024 could surpass the record-breaking 2005 season, which saw 28 named storms, including the devastating Hurricane Katrina.

The Escalating Toll of Climate Disasters on Supply Chains

The potential impact of an unprecedented hurricane activity is part of a broader trend of escalating extreme weather worldwide, with serious implications for global supply chains and business continuity.

These continued climate shocks have exposed the vulnerabilities of complex and interconnected global supply chains, underscoring the urgency of comprehensive lifecycle risk management to mitigate threats.

Organizations that lack the ability to gauge supplier exposure to hurricanes and other disasters risk paralyzing disruptions that damage brand, reputation, and profitability.

Leveraging Catastrophic Risk Technology

Interos’ groundbreaking Catastrophic Risk technology is an advanced solution to help businesses navigate extreme weather. This AI-powered innovation provides organizations with a comprehensive and continuous view of their extended supply chain, enabling procurement and risk leaders to proactively identify and mitigate risks from hurricanes, wildfires, floods, and other catastrophes.

As an example, New Jersey-based Cooper University Health Care leveraged Interos’ Catastrophic risk intelligence to get ahead of Hurricane Idalia in 2023 as it barreled toward an area in Florida where several of the company’s suppliers are based.

“Interos gave us the ability to track potential impacts before the storm hit,” says Thomas Runkle, VP, Supply Chain. “We identified three suppliers in the path, two of which provide products to our system. We discovered one placed a cutoff on orders with no notice. Having acted on the new risk map data, we reached out in time to get several days of orders placed before they were stopped due to the hurricane.”

By leveraging advanced supply chain risk intelligence and machine learning, Interos’ technology can visualize sub-tier suppliers impacted by a range of hazards, including weather patterns, climate, communication, infrastructure, and healthcare capacity.

This proactive approach empowers businesses to pre-plan months in advance and take necessary steps to minimize disruptions.

Interos’ Catastrophic Risk intelligence provides foundational risk intelligence to fuel key strategies for achieving climate-resilient supply chains, including:

  • Mapping to Diversify the Supplier Base: Explore alternative suppliers in different geographic regions to reduce reliance on a single location or region prone to climate disasters.
  • Real-time Risk Identification to Support Business Continuity Plans: Develop and regularly update comprehensive business continuity plans that outline strategies for maintaining operations during and after hurricanes, floods, wildfires, or other natural disasters.
  • The World’s Largest Knowledge Graph to Enhance Inventory Management: Understand your extended supply chain to support maintaining strategic inventory levels of critical components and materials to mitigate the impact of supply chain disruptions.

As the 2024 hurricane season approaches and the threat of climate disasters escalates, it is crucial for businesses to prioritize supply chain resilience and embrace AI-risk capability like Interos’ Catastrophic Risk Visibility technology.

By taking proactive measures and leveraging advanced lifecycle risk intelligence, organizations can better navigate the challenges posed by extreme weather events and ensure the continuity of their operations, while mitigating the staggering economic toll of supply chain disruptions.

 

Xinjiang Forced Labor Sanctions: Homeland Security Move Underscores Five Pillars of Combatting Unethical Labor in Global Supply Chains

By Warren Smith & Dianna O’Neill

In a significant move, the U.S. Department of Homeland Security (DHS) announced additional sanctions and measures targeting forced labor practices in China’s Xinjiang region on May 16, 2024. These measures underscore the U.S. government’s commitment to combating human rights abuses and holding bad actors accountable.

They also highlight the growing international pressure on companies to ensure their supply chains are free from forced labor.

The new actions include:

  • Imposing visa restrictions on Chinese officials involved in repression and forced labor practices.
  • Expanding enforcement of the Uyghur Forced Labor Prevention Act (UFLPA) to cover more products and sectors; a total of 65 China-based firms are now banned under the act.
  • Increasing coordination with allies and partners to address forced labor in global supply chains.

The Complexities of Forced Labor in China

Global supply chains are grappling with the significant challenge of the prevalence of forced labor, notably in regions like China’s Xinjiang, a textile manufacturing center. Forced labor in China presents multifaceted challenges, including supply chain complexity, lack of transparency, legal and political obstacles, difficulty tracing raw materials, and the prevalence of subcontracting and informal sectors.

China’s economic landscape is deeply entwined with practices that many international observers and human rights organizations classify as forced labor. The situation in the Xinjiang Uyghur Autonomous Region has garnered particular attention, with reports suggesting that Uyghurs and other ethnic minorities are being coerced into working in various industries, from cotton fields to high-tech manufacturing sectors.

Five Key Strategies for Companies to Mitigate Forced Labor in Global Supply Chains

To address the issue of forced labor in their supply chains, organizations must take proactive measures to mitigate forced labor, and other critical ESG threats. Interos data shows executives estimate that ESG-related cost increases or revenue losses companies at $44M annually.

Here are five actions to prioritize:

  1. Conduct Comprehensive Supply Chain Mapping: Gain visibility into the extended supply chain, from direct suppliers to nth-tier sub-suppliers, to identify vulnerabilities. AI-first risk intelligence from Interos enables advanced analytics and real-time monitoring to scrutinize supply chains for regulatory violations and other ESG concerns.
  2. Implement Robust Due Diligence Processes: Develop and enforce rigorous due diligence procedures to complement technology-based assessments. This includes assessing suppliers’ labor practices through audits carried out by accredited third-party agency, worker interviews, and document reviews.
  3. Leverage Advanced Technology and Data Analytics: Utilize cutting-edge technologies like Interos’ platform, which evolve enterprises from lagging to leading indicators to drive proactive mitigation. Interos’ expanded ESG risk model monitors a range of critical attributes reflecting the multi-faceted nature of ESG threats, including forced labor, emissions, diversity, foreign ownership, and other critical attributes.
  4. Collaborate with Industry Partners and Stakeholders: Engage with industry associations, non-governmental organizations, and government agencies to share best practices, align efforts, and collectively address forced labor challenges.
  5. Promote Transparency and Accountability: Implement transparent reporting mechanisms, establish clear policies and codes of conduct, and hold suppliers accountable for violations through corrective action plans or termination of business relationships.

Case Studies: Accelerating Ethical Supply Chains with Interos

Interos survey data shows more than a third of leaders at large enterprises are stepping up their ESG investments, and over half acknowledged supply availability was paramount. Global organizations using Interos have gained a sharper picture of supply chain risks, enabling proactive strategies, yielding clear results:

  • A leading global airline leverages Interos to ensure the highest standard of ethics and compliance across its apparel supply chain and other sourcing channels.
  • A supermajor oil and gas company leverage Interos to ensure adherence to 30+ EU regulations related to labor, emissions, and other areas.
  • A major retailer utilizes Interos’ foreign ownership data to determine, reduce and remove slave labor from its product lines.

Interos is leading a broader supply chain risk revolution towards transparency and ethical responsibility across industry, enhancing corporate brand, reputation, and profitability.

By taking proactive steps and leveraging the Interos platform, organizations can navigate the complexities of forced labor in China, and elsewhere, to foster ethical, responsible, and adaptable supply chains that meet, and surpass, the demands of today’s interconnected economy. Across sector, technology and data will continue to play a crucial role in shaping responsible and risk-resilient supply chains, with companies like Interos, and its innovative global customers and partners, at the forefront of this transformation.

Read more on navigating supply chain ESG risk and complexity HERE.