Why AI Risk Intelligence Is Key to Strengthening Digital Supply Chain Cybersecurity

Image: NOIRLab/NSF/AURA/T. Slovinský

Story by Alea Marks & Dianna ONeill

The second episode of Interos’s executive insights series, “Voices of Innovation,” explored how AI is enhancing digital supply chain cybersecurity – with former CISA Chief of Staff Kiersten E. Todt calling the issue an “urgent challenge.”

“The AI Revolution in Supply Chain Cyber Defense” discussion between Todt and Dave DeWalt, founder and CEO, NightDragon, comes against a backdrop of soaring software supply chain attacks that make today’s complex digital ecosystems acutely vulnerable to breaches, attacks, failures and other cascading disruptions.

Here are five key takeaways from their conversation:

1-Understanding and Managing Supply Chain Risk
The rise in software supply chain attacks has highlighted persistent and costly risks in interconnected digital supply chains, particularly as cybercriminals exploit vulnerabilities in third-party software components. Gartner projects that by 2025, 45% of global organizations will have experienced a supply chain attack, which is three times higher than in 2021

Todt stressed the need for visibility and transparency in managing latent third-party vulnerabilities:

“I do think it’s one of the most urgent challenges to be addressed because we don’t know all the interdependencies [that exist] and we have to have greater visibility into all of the touchpoints that we have. Understanding our third-party risk, understanding where third-party supplier vendors are not as strong or resilient as we need them to be, is critical.”

Recent data shows that 61% of businesses have been impacted by supply chain attacks in the past year, highlighting the extensive attack surface and the urgent need for proactive measures. AI-driven  intelligence – which has the power to continuously monitor supply chain lifecycle risk at scale – is vital amid these realities.

2- Government and Industry Partnership

The collaboration between government and industry has led to approaches like Secure by Design, which emphasizes integrating security measures into the development process from the beginning, rather than adding them later, and ensuring a careful balance between security and innovation:

“The prioritization of security over getting something out there is what needs to happen. Secure innovation doesn’t have to be an oxymoron,” Todt said.  “If we think about cybersecurity, progress is security, it is safety. That is the principle […] that we’ve seen from the government leaders, but importantly as partners with industry, that we’ve seen prioritized.”

3- Opportunity Over Sophistication

DeWalt noted the importance of identifying “choke points” in the supply chain, as demonstrated by third party cyber vendor incidents in companies like Change Healthcare and auto dealership software company CDK. Todt emphasized that risk is often about opportunity rather than sophistication:

“When you look at Colonial Pipeline, that company for all we know was not targeted because it was transferring 45 percent of fuel along the East coast, it was targeted because it didn’t use multifactor authentication and in a broad sweep its vulnerabilities percolated to the top. A lot of this activity is just looking for where the vulnerabilities are. It’s so important to appreciate not just where they are, but what do you need to function? What do you need to be efficient? What does your supply chain and your manufacturing process need to actually operate?”

Interos Watchtower™: The Necessary Visibility

DeWalt emphasized the complexity of global supply chains, where today’s large enterprises can easily maintain tens of thousands of suppliers across their extended global networks. Identifying and understanding supplier risk across these interdependent ecosystems is crucial, and new technology such as Interos Watchtower™ utilizes AI to continuously map and monitor relationships across the risk lifecycle to help enterprises mitigate supplier failures before they escalate to crisis.

By leveraging AI and real-time critical risk intelligence, companies can enhance their resilience against cyber, regulatory, ESG, and other threats, ensuring that their digital supply chains remain secure and efficient.

Enabling the Future with AI Supply Chain Intelligence

AI technologies are revolutionizing supply chain security by enabling advanced analytics and real-time risk detection, monitoring, and other advantages. These capabilities allow organizations to anticipate potential supply chain disruptions in advance to rapidly mitigate threats and optimize resource allocation.

To watch the replay of Todt and DeWalt’s conversation click HERE.

To learn more about how Interos can fortify your supply chain contact us HERE.

 

 

 

Interos Takes Center Stage at Supply Chain USA: AI’s “Golden Moment” for Resilient Supply Chains (3 Key Takeaways)

Photo: Interos Industry Principal Patrick Van Hull (far right)

As 600+ supply chain leaders converged on Atlanta, one concept dominated all others. “AI’s golden moment is upon us,” said Zero100 CEO Kevin O’Marah in opening remarks for the 2024 edition of Supply Chain USA.

More than a “moment,” supply chain AI has surpassed critical mass at warp speed.

According to Gartner, 74% of high-performing supply chain organizations partner with IT to establish robust data security mechanisms for leveraging AI/ML, compared to only 61% of lower performers. Furthermore, McKinsey’s “The State of AI in 2023” report found that 65% of respondents said their organizations have adopted AI capabilities for supply chain management functions.

Interos Industry Principal Patrick Van Hull emphasized this tectonic industry shift during his main stage conference presentation alongside senior supply chain and technology leaders from General Mills, Chevron, and Amgen.

Van Hull stressed AI isn’t just about navigating challenges, but about “using AI to empower individuals to create meaningful, impactful results.”

Here are three additional key takeaways he shared:

1- AI can expand the scope and narrow the risk aperture. Imagine a crystal ball that enables enterprises to see potential disruptions and offers more profound insights into their ecosystem. What about sharing insights across functions in common tools that continuously monitor for changes and enable on-demand reporting? Augmenting human intelligence with the analysis of vast datasets ensures that supply chain leaders have more visibility to understand what’s most material to their enterprise when making informed decisions that align to business goals.

2- Harnessing the data goldmine is all about understanding acute business problems and aligning technology like AI efforts to enable people to solve them. However, the success of these initiatives hinges on a crucial factor: executive buy-in. C-suite leaders need to champion AI integration into supply chain management, driving the necessary cultural and procedural changes that will shape and sustain the future of supply chain management.

3- Traditional supply chain systems can be complex, making it challenging to see beyond point-to-point transactions. At its core, any effective supply chain relationship makes interactions more accessible and impactful. AI enhances these relationships by breaking down silos and enabling seamless information flow. AI empowers all stakeholders to collaborate more effectively to improve operational efficiency and sparks innovation and continuous improvement across the value chain.

While there’s so much more to digest and apply, the initial insights from Reuters Supply Chain 2024 highlight that organizations can build resilient, efficient, and agile supply chains across multiple inflection points:

  • Supply chains mapping: AI rapidly maps interconnected supply chains to reveal hidden failure points
  • Hidden insights streamlined and consolidated: AI uncovers valuable information and patterns from massive datasets
  • Proactive, not reactive: AI enables enterprises to anticipate and address disruptions before they strike.

The key to success is expanding the value chain scope, measuring performance and impact in innovative ways, and aligning the right data management strategies and executive support. Especially with the increasing influence and utility of AI, organizations have never been more enabled to turn risks into opportunities and build resilient supply chains that drive value creation.

 

Navigating the Chaos: A CEO’s Reflection on Supply Chain Resilience in 2023

Navigating the Chaos: A CEO’s Reflection on Supply Chain Resilience in 2023

2023 has been a year of equal parts disruption and opportunity for supply chains. Disasters, war, regulations, and cyber-attacks kept supply chains off balance and at-risk, even as powerful new technologies and digital transformations point to a more resilient 2024.

In my candid discussions with public and private sector industry leaders spanning Aerospace & Defense, Financial Services, Energy, Healthcare and others, a common set of challenges echoed across boardrooms and legislative committees: Which AI-driven solutions can effectively stay a step ahead of risks? How do we foster collaboration with suppliers and third parties that go beyond mere management to proactive threat mitigation? And where should we strategically invest to not only comply with new regulations but also enhance resilience and boost profitability?

Regardless of the answers, the reignition of multiple global conflicts and an explosion of new capabilities to combat the ensuing disruption – alongside a surge in supply chain policymaking – fueled five important supply chains trends in 2023:

1.     AI Takes Center Stage: “Generative AI has the potential to change the world in ways that we can’t even imagine.” ― Bill Gates

AI capabilities and interest exploded this year – marking the entry into a new AI-centric era for the business world and supply chains. 40% of businesses already plan to increase their investment in generative AI alone.

Customers are unequivocal that technologies like Big Data and AI are not just seen as operational tools or novelties – they’re pivotal in transforming procurement and risk management from sporadic and reactive to continuous and proactive, from “just-in-time” to “all-the-time”, and ultimately, from cost centers to sources of strategic advantage.

AI is enabling cutting-edge supply chain risk capabilities, including scenario modelling and event forecasting, allowing organizations to more easily build supply chain digital twins, and simulate the effects of multiple disruptions and mitigation efforts and the impacts of adding and removing specific suppliers.

But AI isn’t a panacea – and every new technology has a dark side. Adversarial AI, AI-botnets, and Language Learning Model (LLM)-powered phishing attacks (to name a few emerging threats) all help make the case that taking a multi-tier, supply chain wide-view of cybersecurity and software Bills of Materials have never been more important.

2.     Global Disruptions and Catastrophes Set Records: “We don’t have any magic bullets in navigating the supply chain.” ― Jensen Huang, CEO, NVIDIA

2023 was a year of “catastrophic” disruption. While COVID shockwaves eased, new disruptions arose. Hurricane Idalia swept through Florida, one of the largest wildfires in history occurred in Greece, and flash floods ravaged Italy. Per NOAA, 2023 has been the worst year for billion-dollar natural disasters in history, with 23 such events occurring in the first eight months of the year alone – resulting in $57.6 billion in total losses.

The deluge of natural disasters and catastrophic risk played a significant role in Interos’ decision to release our own updated catastrophic risk model which proactively and continuously visualizes multi-tier suppliers impacted by a range of hazards, including weather patterns, climate, communication, infrastructure, and healthcare capacity.

When I talk to our customers with large-scale, multi-year programs – these enterprises share that they need the ability to project where things are going with respect to weather, inflation, energy crisis and other trends to make better-informed business decisions based on the impact to their supply chain’s ongoing operations.

3.     Supplier Collaboration Becomes Essential: “Our goal is to work hand-in-hand with suppliers to help them improve their management systems, rather than to simply remove them from our supply chain without correcting the issues we discovered.” – Apple, Supplier Code of Conduct

Supplier collaboration has emerged as a key strategy in navigating these disruptions. Across manufacturers, banks, the Department of Defense and others, it’s clear all these enterprises are starting to recognize that close, mutually collaborative relationships with key suppliers helps.

Closer relationships between buyers and suppliers – as well as players within the same industry – can lead to the development of innovative new products, integrated approaches to supply-chain risk management, and improvements in forecasting, planning, and capacity management. This collaboration enhances service levels, mitigates risks, and strengthens the combined supply chain.

Take Unilever’s partnership with Novozyme to develop sustainable detergents, which leverages each party’s strengths to create enzyme innovations that improved product performance and market penetration while also reducing energy consumption and CO2 emissions.

4.     Shifting Geopolitical and Digital Forces Spur Deglobalization: “We are entering from my perspective the next phase of globalization,” Christian Klein, CEO, SAP

2023 saw continued fighting in Russia and Ukraine, war in Gaza, a presidential crisis in Venezuela, and a coup in Niger – and these are just a few examples of the geopolitical conflicts buffeting supply chains in 2023.

Geopolitical tensions and policy changes are contributing to the deglobalization of supply chains. Nations are beginning to move towards self-sufficiency and establishing ‘friend shoring’ relationships to secure supply chains against international instabilities.

Many companies are relocating production closer to their primary markets. Mattel, Unilever, and numerous automakers have all announced expanding their presence in Mexico – instead of their traditional manufacturing regions such as Vietnam, China, and Malaysia. Apple is seeking to manufacture one-quarter of its iPhones in India, shifting production away from China amid US-China tensions.

Digital conflict remains a pivotal battlefield for enterprises. Cyberattacks are expected to hit a total of $11.5 trillion in economic damages by the end of this year. According to Mandiant, the leading threat intelligence company, supply chain attacks through software are up 700% year-over-year and Interos’ research found that 78% of procurement and information security leaders believe their teams need to share information and partner more effectively to help stem these and other software threats.

5.     Lawmakers Double Down on Resilience: “After years of delay in parts and products, everyone knows why supply chains are so important.” – U.S. President Joe Biden

In the US, lawmakers passed the CHIPS & Science act, the Bipartisan Infrastructure Law, and the Inflation Reduction Act. All focused on addressing key supply chain vulnerabilities, driving significant private sector investment in industries like semiconductors, electric vehicles, and batteries. Congress also passed the Uyghur Forced Labor Prevention Act – essentially barring most imports from Xinjiang – and President Biden convened the first ever White House Council on Supply Chain Resilience.

Across the Atlantic, the EU has also implemented a broad array of supply chain-centric legislation. For example, the EU’s new Carbon Border Adjustment Mechanism sets a new standard for ESG supply chain scrutiny – which requires companies to disclose the full carbon footprint of any imported goods – and buy emissions offset certificates for any emissions in excess of the EU’s standards. And even more fast moving is the Digital Operational Resilience Act (DORA), a new European framework that focuses on embedding a more robust and resilient approach to delivering digital capabilities in financial markets.  By 2025, the framework shifts the focus from guaranteeing firms’ financial soundness to also ensuring they can maintain resilient operations through severe operational disruption caused by cyber security and information and communication technology (ICT) issues.

The financial sector in particular saw changes in expectations around third- and fourth-party risk – spurred by high profile financial failures like Silicon Valley Bank, which briefly upended a significant portion of the technology sector this year. The global finical market set a new standard for scrutiny within the sector and across the globe.

New regulations include the U.S.’ final Interagency Guidelines for Third Party Risk Management, to Canada’s B-10, APRA CPS 234: Best Practices for Meeting Third-Party Risk Management Requirements, the UK’s Financial Conduct Authority (FCA): FG16/5: Guidance for firms outsourcing to the ‘cloud’ and other third party IT services (PRA Compliant), to  European Banking Authority (EBA): EBA Guidelines on ICT and security risk management; and the EBA Guidelines on outsourcing arrangements. And lawmakers have made it clear: more is to come.

What’s Next

As I reflect on 2023, first, I want to say a heartfelt “Thank You” to our customers – this has been a journey, and we could not have done anything without the partnership we have with each one of you.

Next, what stays with me is the duality of risks and opportunities that define operational resilience. New capabilities, driven by a generational explosion in AI investment and enthusiasm, are changing the way businesses look at their supply chains – just as emerging and systemic threats have reshaped them.

Most of all, I see how enterprise has firmly shifted away from a laser focus on operational efficiency, to a more complex and nuanced agenda – where balanced risk management is a strategic imperative, markets mandate continuous visibility, and the next best action is a competitive advantage. As we look ahead, continued collaboration and innovation are certain to usher in more opportunities for growth in 2024.

The High Cost of Natural Disasters and How to Get Ahead of Them

By Geraint John

Wildfires, earthquakes, hurricanes, floods… just some of the catastrophic natural disasters that have devastated Libya and many other countries in recent weeks. The floods in Libya alone have killed over 11,000 people – with that number expected to rise. In addition to the tragic loss of life and destruction of people’s homes, these events also cost companies billions of dollars and can severely disrupt their supply chains.

Earlier this month, for example, Volkswagen was forced to suspend production at its Portuguese operations until November after a small sub-tier Slovenian supplier of engine parts had its sole valley-based factory wiped out by flooding. The shutdown is likely to cost VW tens of millions of euros in lost productivity.

The financial impact of natural disasters is rising almost as quickly as sea levels and global temperatures. Insurer Munich Re calculates that total economic losses have exceeded $200 billion worldwide in each of the past seven years (see chart below). Less than half of these losses were insured.

Figures for 2023 are on a pace to continue this upward trend, with damage estimated at $110 billion in the first half of the year – 12% higher than the average for the previous decade.

Global Losses From Natural Disasters

US$ billions, inflation adjusted

Chart showing global losses from natural disasters from 2013 - 2022 in billions of USD.

Supply chains bear much of this cost burden. Interos’ recent survey of 750 chief procurement officers (CPOs) found that the cost of extreme weather and natural catastrophes in their supply chains in 2022 was, on average, $45 million per organization.

Although supply shortages and commodity inflation led their list of risk concerns for the next 12 months, more than one-quarter ranked natural disasters in their top five. And just over one-fifth picked extreme weather/climate change.

While it is extremely difficult to predict, let alone prevent, catastrophic supply chain disruptions, CPOs and their teams need to be keenly aware of suppliers in potential disaster zones and closely monitor regional events as they unfold.

2023: A Catalogue of Devastation

Climate change is fueling more extreme weather patterns and more intense natural disasters, as global air, sea and land temperatures increase. A new Interos whitepaper on catastrophic risk notes that July 2023 was the hottest month on record, according to the World Meteorological Organization.

While the massive earthquake in Turkey and Syria in February, which claimed more than 50,000 lives, has been the most destructive and costly disaster in 2023 so far, there have also been many damaging climate-related events. They include:

  • The largest ever wildfires recorded in the European Union, in Greece in August, along with major fires last month in Canada and Maui, Hawaii.
  • Tropical storm Hillary in Southern California, also in August – the first time the U.S. National Hurricane Center has ever issued a tropical storm warning for the state.
  • Severe thunderstorms, tornadoes and hailstorms in the U.S., the most serious of which struck Texas in June, plus Hurricane Idalia in Florida on 30 August.
  • Unprecedented flooding in Hong Kong, due to record rainfall in September, and in New Zealand in late January and February, due in part to Cyclone Gabrielle – described as the worst storm to hit the country this century.

Key Supply Chain Hubs Susceptible to Natural Hazards

The supply chain impact of such events will, of course, vary depending on the physical presence of both upstream suppliers and downstream partners such as logistics providers. Interos’ whitepaper highlights the natural hazard risks associated with 10 major global supply chain hubs. These include earthquakes in Indonesia, Taiwan and the key U.S. port city of Los Angeles; drought and rising sea levels around the Panama Canal; and coastal flooding risks in Shanghai and at Europe’s largest port, Rotterdam.

Today, many organizations have limited visibility of how such events might impact their supply chains, and a lack of timely information about disruptions affecting critical suppliers. In Interos’ recent survey, just 4% of procurement leaders believed they would be aware of a supplier disrupted by extreme weather or a natural catastrophe at all tiers of their supply chains within a 48-hour period (see chart).

Almost half (44%) acknowledged that they needed to make “significant” or “major” improvements to their monitoring capabilities, since they would have either zero visibility during this time window or only be aware of events affecting their direct (tier-1) suppliers.

This is a serious constraint, since the research also found that disruptions in 2022 more commonly originated at indirect suppliers (those at tiers 2 and 3).

Visibility of Extreme Weather Events and Natural Catastrophes

Awareness of a supplier disruption within 48 hours of occurrence

Adapting Supply Chain Strategies to the ‘New Normal’

Overcoming these constraints means designing proactive assessments and continuous monitoring into supply chain and third-party risk management processes. Such measures include:

  • identifying which existing suppliers might be in areas more prone to natural hazards, and making adjustments to enable alternate locations and sources;
  • reviewing the geographic diversification of a supply chain to identify potential geographic concentration risks in disaster-prone areas;
  • integrating natural hazard risk as part of the evaluation process for new suppliers;
  • continuously monitoring natural hazard events to spot threats to operational business continuity faster and enable emergency response plans to be activated more rapidly.

To help organizations improve their visibility and awareness of natural disasters and weather-related events, Interos this month launched a new catastrophic risk model within its Resilience platform. Features of the new model include:

  • Comprehensive and timely hazard data: the most reliable meteorological real-time sources of information on hurricanes, earthquakes, floods, wildfires and other events.
  • Visualization of event impact zone: an intuitive world map that charts the path of tropical cyclones, impacted area of earthquakes and other natural hazard events as they relate to an organization’s global supply chain footprint.
  • Real-time catastrophic risk alerts: timely notifications of natural hazard events happening around the globe that could potentially impact suppliers at tiers 1, 2 and 3.
  • Dynamic supplier risk scores: historical location-based risk ratings for specific entities, plus a time-limited impact score that quantifies and applies a severity of risk only during a natural hazard’s duration and its aftermath.

With the upward trend in catastrophic events fast becoming the “new normal”, organizations need to adapt their supply chain strategies to take account of climate change impact.

Those that embrace this reality and deploy new digital capabilities to help them will be more resilient in the face of whatever Mother Nature decides to throw at them in the future.

A long time ago in a supply chain far, far away…

The Millennium Falcon might look like a piece of junk but it can do point five past lightspeed and
– as they say in the bars of Tatooine – it’s got it where it counts.

Not bad for a bucket of bolts won in a card game.

In celebration of May the Fourth, Interos turned its artificial intelligence-powered supply chain
risk management technology on the company that makes the ship that made the Kessel Run in
less than 12 parsecs.

Our report is based on a detailed analysis of Star Wars lore with all companies mentioned
appearing in canon, the official collection of stories and history that Lucasfilm accepts as part of
the Star Wars saga. Our analysts dove deep into the available data, conducting a legitimate
analysis using the Interos platform.

What we found is a supply chain littered with risks as the Falcon operates in a universe with just a little bit of political instability, making it more than difficult to ensure the procurement of the
right part at the right time. This may go without saying, but it turns out an intergalactic war
fought between all-powerful space-wizards is bad for the widespread availability of necessary
parts and raw materials.

Let’s dive into our insights. Please note that none of our analysts died to bring you this
information, but there were algorithms and machine learning involved.

1. Koensayr Manufacturing (power converter): Medium Financial Risk

The Falcon uses a power converter from Koensayr Manufacturing, perhaps one of the top
makers of starfighters in the galaxy. However, Koensayr took a hit when the Empire took control
of the galaxy, losing out on several government contracts it held with the Galactic Republic. This
is not great news for Koensayr’s financial stability, so Han and Chewie may want to keep an ear
open for a new power converter supplier, just in case.

2. Torplex (deflector shield): Low Financial Risk | Medium Operational Risk

As partners with the Corellian Engineering Corporation (CEC) and later Sienar-Jaemus Fleet
Systems, Torplex deflector shields were quite common in a galaxy rife with competitors. That
gives them a low financial risk, but the company may find itself at risk for espionage with other
players in their field, so we tag them with a medium operational risk.

3. Coaxium (hyperfuel): High ESG Risk | High Operational Risk

A necessary part of a hyperdrive’s ignition chamber and sometimes used as fuel, coaxium
comes from planets like Kessel, known for its enslaved workforce and reputation for corruption.
After its rise, the Empire began to attempt to monopolize production of the substance as well.

4. Girodyne (sub-light engines): High Operational Risk

The company that makes engines for starfighters and other galaxy-traversing ships has a fairly
diverse product set. All these moving parts, though, require specialization and we worry
Girodyne finds itself at a high operational risk, since it leans so heavily on its own suppliers for
success.

5. Phylon Transport (tractor beam): Low Political Risk | Low Financial Risk

The maker of the Falcon’s tractor beam emitter found itself in a good spot, thanks to
relationships with CEC and the Kuat Drive Yards, two major ship producers.

6. Cloud City (gas mining colony): High Political Risk

The Falcon likely used tibanna gas to cool its hyperdrive, which would be abundantly available
in Cloud City. Sadly, Han and Chewie’s last trip there ended… poorly. Cloud City remains on
many intergalactic restrictions lists as of this writing, so the Corellian Engineering Corporation
may want to look for suppliers elsewhere.

The Official Interos i-Score™

The Millennium Falcon’s supply chain certainly has its challenges. The galaxy is filled with
spaceships and spaceship parts, meaning that if Han and Chewie cannot get a replacement
part directly from a supplier, there are certainly secondary options available.

However, and this should go without saying, an intergalactic economy that includes the
presence of the Death Star can never be completely safe. (Our system is not calibrated to
calculate how vaporizing an entire planet like Alderaan impacts intricate supplier models, but we
safely assume it’s high.)

For these reasons, we will give the Corellian Engineering Corporation, makers of the Millennium Falcon, an Interos i-Score™ of 77, indicating medium overall risk. If Han or any other pilot is
worried about their ship’s supply chain and ever wants to improve their operational resiliency, they
can find us at the cantina in Mos Eisley.

Special thanks to Lucasfilm for its input on this project. All information was sourced through
official, canonical, Star Wars sources.