Editor’s Note: As we approach my 1,000th Procurement Insights blog post, over the next week I will be sharing with you the top 5 articles that garnered the most reads overall.
Today’s submission, which ranked number 5 with 6,195 reads, was written on April 18th, 2010 as a follow-up to my interview with Richard Stiennon. Stiennon, who is the founder of IT-Harvest, an independent IT security analyst firm, is also the author of the security blog ThreatChaos.com. He is a holder of Gartner’s Thought Leadership award and was named “one of the 50 most powerful people in Networking” by Network World Magazine.
“Because the United States is the most Internet-dependent and automated regarding supply chain, banking, transportation-control systems and other modern facilities, it’s also the most vulnerable to cyber attack, Clarke argues. And the military’s dependence on the Internet also means it would be susceptible to disruptions of it.” – From Fox Business “Cyber War”‘ author: the U.S. needs radical changes to protect against attacks” April 7th, 2010
Whenever the subject of cyber attacks and the potential threat it presents is raised, we often equate it with funny commercials like the one below in which a weary-looking, non-shaven everyday Joe speaks in a high-pitched valley girl voice about using a credit card to pay for a prom dress and various other sundries.
I am of course talking about the highly entertaining Citibank ads, such as the one below regarding identity theft.
However, in the virtual realms of a world in which countries such as the United States is considered to be the most internet-dependent of any nation, the risks are anything but amusing.
In fact, both the threat and consequences of a cyber attack or even a cyberwar are severe enough to warrant Karen Evans, the former federal CIO under the Bush administration, to call for a “focus on continuous monitoring and situational awareness by creating an early-warning system that could sniff out attacks.” Just as an aside, Karen will be my guest in an upcoming segment, so stay tuned.
In fact, in an April 7th, 2010 San Francisco Chronicle article titled “After Google-China Dust-up, cyberwar emerges as a threat,” Evans suggested that “the time has come for the government to formalize a national policy for dealing with cyberthreats.” This formalization includes identifying “which cyber attacks will be considered an act of war,” and establishing “who’s in charge among the different federal agencies that would respond to a cyber crisis,” and spelling out “when they are allowed to use that authority.”
Richard Stiennon, whose new book Surviving Cyber War examines in depth the recent “major” cyber attacks that have taken place around the world, shares Evan’s position. In an April 13th, 2010 post on his ThreatChaos.com Blog, Stiennon outlines the historical influences of why the virtual world may very well be a defining global battleground. In that post, Stiennon made reference to a Washington Post position piece by retired Navy Admiral and one-time Director of National Intelligence, Mike McConnell, who used the outcome of the Cold War to illustrate why the threat is higher than many of us estimate.
While the threat of a nuclear holocaust attracts a good deal of our attention, according to McConnell what is often overlooked is how the war was actually won. Citing “many theories” surrounding the reasons why totalitarianism succumbed to democracy and freedom, McConnell points to what he called “the economic front.” In short, he contends, “The West outspent the Soviet Union.”
It was the “technology, innovation, and a massive arms buildup” that required the outdated Soviet infrastructure to make the parallel investments necessary to maintain a balance of power that eventually “impoverished the country to the point where internal strife pulled it down.”
Based on the above conclusions, Stiennon suggests that that best way to deal with the threat of a cyber attack is using economic levers as the primary deterrent mechanism, “by increasing the costs for the attackers through the improvement of defenses.
Richard Stiennon will be my guest on the May 7th, 2010 PI Window on Business Show on Blog talk Radio to talk about his book and the implications of cyber attacks, including his suggested solutions to the vulnerabilities that made (and make) these attacks possible.
What is the risk to our supply chains?
A more important question to ask is, are we prepared to respond efficiently to any risk, let alone cyberattacks, to our supply chain?
On the May 26th, 2009 (For Want of a Nail: The Pandemic Effect) and May 28th, 2009 (Securing Your Supply Chain) PI Window on Business, we discovered that the majority of organizations are ill-prepared to deal with what the many in the industry recognize as serious threats.
Citing a McKinsey 2006 survey, almost two-thirds of the executives who responded indicated that the risk(s) to their supply chains has increased dramatically. Yet despite this realization, a “significant number” state that their respective companies do not make the necessary investment of time and resources to mitigate said risk(s).
Perhaps recent events will serve as an early warning call for the industry to finally take tangible and meaningful action.
Richard Stiennon
About Richard:
Richard Stiennon is the founder of IT-Harvest, an independent IT security analyst firm, and the author of the security blog ThreatChaos.com. He is a holder of Gartner’s Thought Leadership award and was named “one of the 50 most powerful people in Networking” by Network World Magazine. He lives in Birmingham, MI.
Richard’s Book:
This book examines in depth the major recent cyber attacks that have taken place around the world, discusses the implications of such attacks, and offers solutions to the vulnerabilities that made these attacks possible. Through investigations of the most significant and damaging cyber attacks, the author introduces the reader to cyberwar, outlines an effective defense against cyber threats, and explains how to prepare for future attacks.
Media Bite:
The Cybersecurity Challenge (The Churchill Club, June 28th, 2009)
Remember to use the following link to tune into both the On-Demand and Live “Surviving Cyber War” broadcast on May 7th, 2010 at 12:30 PM EST.
30
Procurement Insights 
Matthew Pena
December 3, 2012
It may take time and resources to mitigate the risk, but it might be worth it weighing the upfront costs compared to the losses that could occur if a cyber attack brought down a supply chain. Depending on the line of business, 1 day out of comission could result in plummeting performance with ripples affecting consumers at the end of the chain. With this much risk, there should be no question about implementing protection from cyber attacks.