Supply chain 2013: Stop playing whack-a-mole with security threats

As supply chain threats grow ever more sophisticated, companies tap new technologies to protect their assets and deliver the goods.

IT leaders can be excused for feeling like their supply chains are one link away from disintegration these days. The news over the past few months has been alarming, from outcries over horsemeat in Europe and mislabeled fish in New York to the longer-term impacts on supply chains from environmental events like the tsunami in Japan, monsoons in Thailand and the volcano in Iceland.

And those are just the highly publicized issues. Increasingly, CIOs are challenged to protect their supply chain from physical and cybertheft, counterfeiting, potential scarcity of materials and regulatory mandates such as removing lead from materials. Welcome to Whack-a-Mole, supply chain-style, where you attack one problem, only to have another pop up elsewhere.

Experts say the problem is only going to get worse. "Globalization lengthens supply chains and increases complexity," says Emma Scott, spokesperson for the Chartered Institute of Procurement and Supply (CIPS) in London, the professional organization of procurement professionals. "When supply chains are leaner, any disruption affects you more" -- and, thanks to a decade or more of globalization and cost-cutting, supply chains these days are very lean.

This makes the issue of visibility into the supply chain -- or the lack of same -- that much more critical, says Matt Smith, founder and chief strategy officer of Icix, a cloud-based exchange for supply chain partners based in South San Francisco, Calif. "Companies have visibility into purchasing and logistics, but not into where materials or ingredients or components are actually grown or manufactured. When you lose visibility, you get horsemeat in meatballs, e coli in spinach, lead in toys and worse."

Then there's velocity to consider. "You have to move information faster to enable the supply chain to react to changes. Velocity allows us to plan more aggressively. That's what wakes me up in the morning," says Nathan Johnson, CIO of Ports America, which manages 42 ports around the United States. One of his big concerns: spikes in transport costs because of fuel prices. "The only way to get around that is more productivity and more efficiency."

The good news: Technology can address the issues of productivity, efficiency, visibility and risk. The challenge: When supply chain experts say "technology," they're talking about more than RFID tags, GPS and temperature sensors.

The world is changing at such a fast pace, people have to think on their feet. The risks are unprecedented. Emma Scott, Chartered Institute of Procurement and Supply

CIOs need to think about supply chain metadata -- the information about the supply chain that's stored, transmitted and updated in such a way that IT can help procurement experts monitor and protect all of the intricate, interconnected pieces of the supply chain.

"The world is changing at such a fast pace," sums up CIPS' Scott. "People have to think on their feet because the risks are unprecedented."

Monitor multiple points of vulnerability

Perhaps the biggest challenge relating to supply chain vulnerability comes from the unforeseen risk that any given link will fail, an increased scenario given today's extended, multi-tier supply chains. "The points of vulnerability are greater than they ever were," says Ben Zelinsky, director of the supply chain technology practice at PricewaterhouseCoopers. "Because supply chains are outsourced and subcontracted, controlling each point becomes more difficult."

Explains his colleague Glen Goldbach, director of operations and supply chain practice, "You may have protected yourself by having two tier-1 suppliers for the same component, but if the same tier-2 supplier serves both of them, and that company fails, you lose the entire chain."

At the same time, analyzing all the elements of an entire supply chain is "an arduous and complex task," says Goldbach. Even documenting something as simple as a fast food burger with just seven ingredients might involve as many as 20 tier-1 suppliers, and even more at the next tier down. "You have to understand where the potential is for failure and contamination."

It's not just a question within the food supply chain, either, as prevalent as that is in the news. Big-ticket items such as fashion, perfume, pharmaceuticals and wine face challenges of authenticity -- without knowing all of your suppliers, it's impossible to determine where counterfeit articles might have been introduced into the supply chain. "You'll never eliminate all your risk," says Icix's Smith. "You have to mitigate it."

Apply technology early and often

Technology can help CIOs efficiently untangle this web of risk and lack of visibility. The challenge CIOs face is applying technology -- or more commonly, multiple technologies -- to their specific industries.

Ports America, for example, utilizes optical character recognition (OCR) cameras to scan each container's equivalent of a license plate; RFID tags to match the contents with the trucks; and GPS sensors to identify equipment locations and plan movement.

CIO Johnson, who says he has increased the percentage of investments versus maintenance in his IT budget devoted to supply chain issues over the last few years, says he is exploring these technologies to improve safety as well. One example is having dock workers clip GPS sensors to their safety vests and utilizing the positioning systems to manage the locations of both people and containers, so that if there's even the remotest chance of a container being with a few yards of an unsuspecting worker, an alarm could sound or equipment could be shut down.

Beyond safety and risk-mitigation concerns, the system has the potential to cut costs and delivery times. "A majority of our operating costs relate to managing productivity in the loading and unloading of ships. If we can work with our shipping partners and their customers to better streamline the information flow, we can build a process so that shipments have the proper release and clearance, and we can unload it from the ship right onto the truck."

(Article continues on next page)

Supply chain shopping list

George Lawrie, principal analyst at Forrester Research looking at retail technologies, co-wrote a report in 2011 about supply chain visibility technologies that he says still applies today.

His recommendations:

  • Establish a firm foundation of master data and processes.
  • Consider sensor technologies.
  • Use the cloud to syndicate supply chain data among suppliers.

More specifically, Lawrie divides supply chain visibility tools into four categories of software, encompassing both data and metadata about the supply chain:

  • Asset tracking and management solutions
  • Goods-in-transit visibility solutions
  • Solutions based on highly granular supply chain visibility
  • Solutions based on document-level supply chain visibility

In the report, Lawrie and colleagues identified a half-dozen vendors in each category, some of whom -- epcSolutions, Exterprise, IBM, SAP and Savi Technology -- have products in multiple categories and thus overlap in functionality. The key, of course, is to identify which products fit a given company's needs, but all still represent today, as the report says, "visibility [which] benefits buyers and sellers in complex value chains while reducing wasteful fluctuations in logistics capacity utilization."

Everyone derives benefits in that scenario: the ship is unloaded faster, the logistics carrier waits a shorter time, and the customer gets the shipment faster, Johnson says.

In pharmaceutics, security is a big issue, according to Ian Rosenblum, associate director for IT at Weston, Mass.-based Biogen Idec. "Counterfeit products endanger patients, but also diminish revenue," he says, noting that he's seen reports that as much as 40% of pharmaceutical products in developing countries may be counterfeit. "The entire industry is concerned about it, and we're starting to see global regulations aimed at preventing it."

Counterfeit products endanger patients and diminish revenue. The entire industry is concerned about it. Ian Rosenblum, Biogen Idec

The result is a marked increase in traceability and serialization mechanisms. Traceability at Biogen Idec involves using two-dimensional data matrix bar codes (similar to QR codes) to label packaging. While these barcodes require line of sight, Rosenblum says, they bring additional functionality: You can read each code, create a new label for the case, scan the cases, and create a label that's associated with everything on the pallet. (RFID isn't feasible, he adds, because "with biologic products, we have to make sure the RFID waves don't affect their efficacy.")

Carlos Alvarenga, global lead for operations, finance and risk at consulting firm Accenture, sees these track-and-trace capabilities being used more frequently with high-end items such as cosmetics and wine, which are more vulnerable to theft and counterfeiting. "You apply the track-and-trace seal to the bottle. You can see if the seal has been tampered with, but it also tracks where the bottle has been to determine if it deviated from its designated route. It's like a product passport that authenticates where it's been before it arrived, while at the same time ensuring that the content hasn't been compromised."

Serialization involves creating unique numbering on each unit to be sold. "The number conforms to a standard GS1 that lets you track a container from the time it's manufactured to the time it's dispensed, the same way you'd track a package," says Rosenblum. Within Biogen Idec, the supply chain team and the security team are working to implement these capabilities.

Capture data and analyze it

Even with advanced track-and-trace technologies, reducing supply chain vulnerabilities can be cumbersome, Rosenblum warns, echoing a common concern among IT executives. "You have to be able to manage the data from an IT perspective. These new serialization systems generate unique numbers, and we have to allocate them to sites that do packaging, whether we own those sites or contract with them," he explains.

"That means making changes to the printing equipment on the assembly line, making sure they're readable on the pallets, compiling the unique numbers and transferring them accurately among all the parties in supply chain," Rosenblum says. It involves systems and standards issues, training and exception handling. You don't want to just react -- you want to be able to plan and adjust. Nathan Johnson, Ports America

Indeed, for CIOs, the challenge is not just getting the data -- it's sharing the data, analyzing the data and acting on the data.

At Ports America, Johnson's aim is to use information and analytics to drive productivity. Its ports are run as store-and-forward operations encompassing a 200-acre warehouse where containers are kept until they're loaded onto the next leg of the journey. Many times there are issues with unloading items or customs clearance.

"In a perfect world, I can optimize the supply chain by knowing exactly what was loaded overseas and streamline clearance through customs. All the technologies to do that are available today, but the challenge is getting the information to feed the technologies," Johnson explains. "The velocity of that information has to exceed the velocity of the product itself. You don't want to just react -- you want to be able to plan and adjust."

To that end, Johnson has launched an enterprise BI initiative to integrate the systems and upgrade existing data warehouses that track the data, which can be startlingly granular when it comes to the contents of pallets or containers. "It's not really a big data challenge -- it's a small data challenge. But to get to the small data, you have to go through the big data."

It's a small data challenge, but to get to the small data, you have to go through the big data. Nathan Johnson, Ports America

In addition to potentially smoothing out the supply chain at the beginning of the process, analytics technology can also help later in the process. Ranjit Thaker is CIO of Broomfield, Colo.-based Network Global Logistics, a third-party logistics (3PL) provider specializing in time-critical deliveries and aftermarket service support for the healthcare industry. "The supply chain challenges are totally different when you're a manufacturer getting supplies to a retailer versus getting an organ to the hospital when someone is being prepped for surgery."

Thaker cites the example of one client, a manufacturer whose medical devices cost six to seven figures each. "There's a high level of analytics involved in calculating where you need to warehouse replacement parts for those devices," he says. In order to avoid warehousing expensive parts that may be used infrequently, NGL's analytics involves mapping the physical location of manufacturers' warehouses, the ages of the machines at the medical facilities, the mean time between failure (MBTF) of those machines, the criticality of the parts and the cost of getting equipment to locations.

"It's complicated, because the parts may be critical but they cost thousands of dollars and may only have been needed ten times in the past five years," Thaker explains. "Doing the analytics helps them optimize their inventory."

Calculate cost vs. risk

The issue of cost is, of course, considerable in calculating supply chain risk and vulnerability. The conundrum facing manufacturers regarding cost is two-edged: Every time you audit the product, it creates friction in the supply chain.

And then there's the consumer to consider, especially when it comes to consumables and expensive goods that have a cachet. Supply chain advances are "changing in the food industry, any place where the product touches or goes into the human body, because of the health risk," says Accenture's Alvarenga. He believes that for certain products, the day will come when the consumer will be able to scan smart packaging using a smartphone camera and see exactly where a product came from.

The question is, will consumers pay more for a higher degree of integrity or a more ethical supply chain? That question has yet to be answered.

With the right technology, you can substitute information for inventory. Glen Goldbach, PricewaterhouseCoopers

In other areas, several sources say, costs are coming down. RFID chips are cheaper (though antennas aren't). XML is making electronic data interchange (EDI) feeds easier to integrate, and making data connections less onerous. Sensors are also cheaper and easier to incorporate; as sensors become inexpensive enough to incorporate in packaging, pallets, trailers and warehouses, commercial shippers like FedEx, which recently debuted its new Senseaware technology, are able to easily identify exactly where their packages are in transit.

Thaker points to specific technologies bringing costs down. "In the old days, we would have someone hand-carry a live organ to the transplant destination to ensure it was properly handled. But now you can buy temperature control sensors for $100 that keep the organ at the proper temperature when it's shipped as cargo."

PricewaterhouseCoopers' Goldbach also sees value in supply chain technology. "Companies can use it to reduce inventory in order to save capital. That's especially true for industries such as technology, where products have a short lifecycle and you don't want to be caught with inventory whose value goes to zero quickly. With the right technology, you can now substitute information for inventory."

Frequent contributor Howard Baldwin last wrote for Computerworld on email addiction in the enterprise..

Read more about security in Computerworld's Security Topic Center.

This story, "Supply chain 2013: Stop playing whack-a-mole with security threats" was originally published by Computerworld.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies