Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 7-Day Trial for You or Your Team.

Learn More →

Cyber-Resilience: A Strategic Approach for Supply Chain Management

Cyber-Resilience: A Strategic Approach for Supply Chain Management Technology Innovation Management Review April 2015 Cyber-Resilience: A Strategic Approach for Supply Chain Management Luca Urciuoli Business is all about risk taking and managing uncertainties and turbulence. Gautam Adani Business magnate Risk management and resilience strategies in supply chains have an important role in ensur- ing business continuity and reliability in a cost-efficient manner. Preventing or recovering from disruptions requires access and analysis of large amounts of data. Yet, given the mul- tiple stakeholders, operations, and environmental contexts in which a global supply chain operates, managing risks and resilience becomes a challenging task. For this reason, informa- tion and communication technologies (ICT) are being developed to support managers with tailored tools and services to monitor disruptions, enhance instantaneous communication, and facilitate the quick recovery of supply chains. Hence, the objective of this article is to shed light on managerial strategies to improve the resilience of supply chains and thereby to point out how these could be automated by means of innovative ICT systems. In particular, this article concludes by warning about existing challenges to implementing such systems. If these challenges are not correctly addressed by managers, there is a major risk of further jeopardizing supply chains. Introduction Supply chains are often described as sets of organiza- tions joining a virtual network through which flows of Recent catastrophic events, such as terrorist attacks, nat- services/products, information, and money are moved ural disasters, and pandemics, have drawn attention to and exchanged. The common goal of these networks is the vulnerability of global supply chains to risks (Jüttner, to transform raw materials into components and 2005). Vulnerability means that supply chains are sus- products that are delivered to final consumers, at the ceptible to disruptions, meaning interruptions in busi- right time, quantity, quality, and place. In these net- ness operations that result in undesirable consequences works, strategies to manage risks and resilience have an such as delayed deliveries or lost sales (Svensson, 2002). important role in ensuring business continuity, delivery For example, the earthquake that hit Taiwan in Septem- reliability, responsiveness, etc. ber 1999 had a severe impact on the personal computer industry worldwide – 10% of the world’s computer chips To ensure the optimal management of risks and resili- and 80% of the world’s motherboards were produced in ence, managers of supply chains need to identify, ac- Taiwan – resulting in lost revenues of more than 200 mil- cess, and analyze large amounts of data through lion dollars due to production shut-downs (McGillivray, different information technology platforms and 2000). Supply chain trends such as globalization, spe- sources. In particular, specific ICT systems based on a cialization, complexity, and lean processes have been combination of push and pull services are indicated as largely indicated as the main drivers of these risks (Pfohl the most promising approaches to support risk manage- et al, 2010; WEF, 2012). Hence, in such a scenarios, sup- ment and resilience in a cost-effective manner. The ply chain managers are asked to improve their risk man- principle behind these systems is very simple: such sys- agement skills in terms of identifying, analyzing, tems consists of web-services providing common and mitigating, and finally monitoring risks. consistent access to data for all the different actors in www.timreview.ca 13 Technology Innovation Management Review April 2015 Luca Urciuoli the supply chain (e.g., suppliers, transport providers, In addition, companies may use flexible contract manufacturers, distributors, importers, retailers) but agreements, inspections to qualify suppliers, and also for governmental agencies worldwide (Williams et make-and-buy strategies to split production across al., 2002). Yet, given their novelty, there is still much un- different factories (Sheffi, 2006). certainty about how these systems should be best integ- rated in companies. • Inventory management: Safety stocks can be in- creased in order to avoid stock-outs in case of missed Hence, the objective of this article is to provide a general demand. Inventory redundancy may build additional overview of resilience strategies applied in supply capacity in firms, yet they are well known to generate chains and thereby shed light on how ICT systems can additional costs as obsolescence, product lifecycles, be exploited. By understanding and putting into prac- and inventory holdings (Sheffi, 2006; Tang, 2006; tice these conceptual links, this article aims to contrib- Tomlin, 2006). ute a visionary perspective of cyber-resilience in supply chains, illustrating how resilience in supply chains can • Ensure additional transport capacity and multiple be enhanced through the exploitation of innovative in- consignment routes: Plan in advance possibilities to formation technology services. transport cargo by means of multiple transportation modes, multiple carriers or providers, and con- The article is structured in a manner to build up and sequently multiple routes and distribution channels lead to the cyber-resilience topic: after the introduction, (Tang, 2006; Tomlin, 2006). Additional transport capa- it provides an overview of risk management and resili- city can also be ensured by investing in and maintain- ence strategies in supply chains. Next, it enumerates ing a dedicated transportation fleet (Sheffi, 2006). known challenges of these approaches, and thereafter it sheds light on the role of ICT in cyber-resilience. Finally, • Product-centric design: Aligning the design of the the article concludes by providing managerial implica- products with the supply chain efficiency targets. This tions and recommendations. process cannot happen in isolation, but it implies ver- tical cooperation and early involvement of suppliers Risk Management and Resilience Strategies in product concept development and design (Khan et in Supply Chains al., 2012; Zsidisin et al., 2000). Multiple designs of products can become useful in emergency situations, Besides risk management strategies, both researchers for example, in case a specific raw material or com- and practitioners point out that particular attention has ponent is unexpectedly not accessible (Sheffi, 2006). to be given to strategies improving the resilience of sup- ply chains, that is, the capability of supply chains to • Information sharing: Information sharing may im- bounce back to stable conditions after a disruption. Re- prove flexibility of supply chains or enable monitor- silience is important for two reasons: first of all, sooner ing of risks and the establishment of preventive or later, companies will have to face unexpected risks, actions (Skipper & Hanna, 2009; Tomlin, 2006). for which no mitigation strategies have been planned in advance. Hence, the capabilities to respond to these Challenges in Managing Risks and Resilience events need to be built into the management of the com- panies. Second, the reactions of governmental agencies Given the multiple stakeholders, operations, and envir- triggered after large catastrophes (e.g., terrorist attacks, onmental contexts in which a global supply chain oper- earthquakes, hurricanes) may also give rise to unexpec- ates, managing risks and resilience is a challenging ted events that supply chain companies need to deal task. These challenges are especially acute in the do- with in order to ensure business continuity and survival main of cross-border trade, where the organizations in (Sheffi, 2001). the virtual network need to be managed as single entit- ies across national borders, and where several regulat- Looking at the literature, diverse strategies to manage re- ory compliance frameworks exist. In practice, this silience have been enumerated. Some of those are: means that supply chain companies need to deal with different cultures, geopolitical and organizational is- • Diversification of suppliers: The access to a wider sup- sues, regulatory compliance frameworks, and ulti- ply base enables firms to exploit additional production mately with different ICT systems, standards, and lines and quickly shift volumes and production in case technologies operated by different actors and under of a disruption (Sheffi, 2006; Tang, 2006; Tomlin, 2006). different business logics (Urciuoli et al., 2013). www.timreview.ca 14 Technology Innovation Management Review April 2015 Luca Urciuoli The latest R&D initiatives are putting their efforts on of data containing bills of lading, invoices, packing lists, the development of ICT tools that may support com- country of origin, cargo quantity and type, etc. need to panies with this complex process. These tools aim to en- be shared by supply chain companies in order to im- hance visibility of risks along the supply chain by prove the prediction of estimated times of arrival enabling information collection through sensor techno- (ETAs). According to ETA estimations, transportation logies, sharing of data, and application of advanced and diverse resources can be optimally scheduled and business intelligence rules to analyze data; in particu- allocated, market campaigns can be punctually started lar, data are not being shared merely between the sup- to strategically retain major market shares, etc. Like- ply chain companies, but also between the supply wise, customs declarations in import and export coun- chains and the governmental agencies. This practice is tries can be submitted simultaneously by different fundamental to reduce the administrative costs that stakeholders (Urciuoli et al., 2011). cross-border supply chains entail (Urciuoli et al., 2013). Nowadays, web-services based on service-oriented ar- To give a sense of the burden experienced by compan- chitectures (SOAs) seem to be widely exploited to en- ies, it can be reminded that, to import goods into a sure connectivity of the supply chain in a plug-and-play country, companies have to produce export and import fashion. These services enable electronic data sharing, declarations, with licenses and other permits to be at- and with it may reduce the risk for mistakes or incom- tached, in order to demonstrate compliance with cus- plete data. In addition, web-based push and pull ser- toms regulatory frameworks. In Europe alone, customs vices can be exploited to avoid data redundancy and administrations are processing almost 200 million de- speed up response procedures in case of unexpected clarations every year; for example, in 2007, it was 183 disruptions: million (IBM, 2008). Each of these declarations consists of roughly 40 typologies of documents and in total • B2B pull services: Data may be pulled by a supply about 200 data elements need to be exchanged chain company in order to obtain the current status of between business and governmental entities, resulting a consignment/container or to interrogate the invent- in highly complex and costly data transfer, processing, ory levels of suppliers, distribution centres/whole- and storage challenges (ADB, 2005). salers, retailers, transport infrastructure capacity, traffic conditions, etc. The Role of ICT: Towards Cyber-Resilient Supply Chains • B2B push services: Push services are instead used to trigger alerts to companies whenever the status of in- Cyber-resilience may be achieved by smartly combin- ventory levels, demand, containers conditions. or pos- ing technologies and services that exist today on the ition change in an unexpected manner. In other marketplace or that are being developed in R&D pro- words, the service is able to sense whenever data out- jects. These are presented in this section as ICT systems range previously established upper and lower control for B2B (Business to Business) and B2G (Business to limits (UCLs and LCLs). These data ranges can be de- Government) information sharing and analysis. termined by means of advanced business intelligence techniques. B2B information sharing Several IT companies are struggling to develop multiple The combination of the above push and pull services data interfaces in order to guarantee full interoperabil- enables full visibility and control in the supply chain. ity and access to data to supply chains stakeholders. By pulling key data, managers may monitor, in real Data is actually being shared between companies in a time, inventory levels, shipping statuses, environment- supply chain, however, often in paper and sometimes al conditions of cargo and containers, arrival time at in electronic format. In particular, the usage of paper- specific nodes in the supply chain network, etc. This in- based information exchange has been indicated as not formation improves decision making in terms of optim- effective, because of the risk for mistakes, data loss, as izing inventory levels, scheduling and planning well as redundant transfer and collection of the same transport assignments, allocating resources, designing data. Hence, the usage of sophisticated electronic sys- networks, etc. On the contrary, push services are more tems to collect, store in a common repository ecosys- suitable to handle risks and manage resilience. Hence, tem, and analyze data has received a lot of attention in case of deviations from planned routines, alerts may because of the abundant cost savings that could be be triggered to recover or activate response procedures. earned. For instance, in an international shipment, files Examples of push services could be alerts triggered by www.timreview.ca 15 Technology Innovation Management Review April 2015 Luca Urciuoli environmental sensors in containers, alarms installed in supply chain. For instance, companies will be able to vehicles, panic buttons, geofences, timefences, etc. easily manage and control portfolios of suppliers online, make more accurate ETA estimations, monitor in real B2G information sharing time the transport infrastructure capacity, learn and ap- Nowadays, to enable resilience strategies, supply chain ply any sudden changes in trading regulations, rapidly companies work with different contract typologies and submit electronic orders and comply with regulatory portfolios of suppliers located in various countries frameworks, etc. across the globe. However, despite contracts being in place, in case of a disruption, companies will suddenly Despite the promising future visions, there is still much need to deal with several different regulatory frame- work to be done in order to ensure that these ICT sys- works and customs procedures. Not only that, different tems will be fully accepted and integrated into supply countries require different data formats or usage of dif- chain companies. Many challenges are being en- ferent information technology interfaces, implying high- countered and need to be solved in order to move a step er costs in terms of translation and adaptation efforts forward towards cyber-resilient supply chains. These needed to bridge between different national systems. Ex- are, in sequential order, the following: perts believe that future information technology sys- tems will ensure that companies’ systems can easily 1. Exploit/develop reliable and robust information connect to customs administrations’ web-platforms collection and sharing (both B2B and B2G). Collec- (i.e., e-Customs) and facilitate filing of customs declara- tion and sharing of information is still a major con- tions or provide easy access to international trade-re- cern, especially for small companies, both in terms of lated documentation (Urciuoli et al., 2013). In addition, technical development, know-how, and monetary in- push and pull services developed in prototype platforms vestments. may play a fundamental role in managing resilience: 2. Exploit business intelligence rules. Develop tailored • B2G pull services: Pull services connected to e-Cus- push and pull web services that enable cyber-resili- toms platforms may be used to control existing trade ence. Yet, to develop reliable business intelligence regulations, necessary documentation for import/ex- rules, resources need to be allocated to identifying, port procedures, status of release and clearance of con- modelling, and assessing risks in a systematic manner. tainers, customs declarations, licenses, etc. 3. Ensure public–private partnerships. Partnerships • B2G push services: Push services are instead planned should focus on the implementation of ICT systems to include alerts in case of changed trading regula- to exchange data with public agencies and aim at de- tions, tariffs or taxes, deviations of containers inspec- veloping up-to-date standards and legislative frame- tions and release, etc. These systems may eliminate works. unnecessary delays, reduce paper redundancy, and in this way, reduce costs to companies and governments. 4. Solve potential data confidentiality issues. Sharing information implies that data will need to be held in Conclusion repositories or remote locations. For obvious reason, this requirement is not accepted by many business ICT has already been indicated as playing a major role companies that fear their business strategies will be in controlling and managing more complex value net- disclosed to competitors. works in a cost-efficient manner. However, additional capabilities, mainly aiming to improve cyber-resilience, 5. Ensure cybersecurity. In several instances, it has may be exploited to ensure quick response to risks and been pointed out that, although the information tech- disruptions in supply chains. These capabilities are sup- nology layer of supply chains is relevant to optimizing ported by the development of common repository IT supply chain management, it may also expose com- ecosystems where B2B or B2G push and pull web ser- panies to criminal actions (e.g., theft, fraud, forgery, vices are created and contemporarily accessed by sup- industrial espionage) or sabotage, hackers, and terror- ply chain actors, but also governmental agencies. ists aiming to promote ideological issues and hurt the economy of a nation or a single industry (e.g., hacktiv- Enabling B2B and B2G data sharing may allow compan- ism, sabotage). Hence, this risk naturally implies that ies to access an unimaginable amount of data and ser- cyber-resilience strategies should be followed by in- vices that can enhance the cyber-resilience of the whole formation technology security management systems. www.timreview.ca 16 Technology Innovation Management Review April 2015 Luca Urciuoli In conclusion, it is strongly believed that, without com- mon data access, managers may struggle to fully devel- About the Author op, apply, and coordinate resilience operations in companies. Resilience becomes even more challenging Luca Urciuoli is an Associate Research Professor in in global supply chains, where managers need to deal the MIT International Logistics Program within the with threats and recovery operations outside their com- Zaragoza Logistics Center in Spain, where he panies and in different and multi-faceted environment- teaches and performs research in supply chain net- al contexts. Current R&D initiatives are demonstrating work design, supply chain risk, and security manage- that ICT systems for B2B and B2G data exchange, when ment. He holds an MSc degree in Industrial combined with business intelligence techniques, may Engineering from Chalmers University of Techno- provide supply chain managers with advanced capabil- logy in Gothenburg, Sweden, and a Doctorate in ities to improve resilience. Hence, supply chain com- Transportation Security from the Engineering Uni- panies could be only "a click away" from fully versity of Lund, Sweden. He has been working at the automated cyber-resilience. research unit of the Volvo group as a project man- ager developing on-board transport and telematics Acknowledgements services. He also led the research of the Cross-bor- der Research Association in Switzerland and collab- The author of this paper would like to thank the CORE orated in several FP7 research and consultancy project (Consistently Optimised Resilient Secure Global projects, with a focus on topics such as e-Customs, Supply Chains, Grant Agreement No. 603993), a project trade facilitation, supply chain security, waste secur- funded under the European Union’s Seventh Frame- ity, and postal security. He is also an editorial board work Programme for research, technological develop- member for the Journal of Transportation Security, ment, and demonstration. This publication reflects the and he has published his research in several scientif- views only of the author, and the EU Commission can- ic and practitioner journals. not be held responsible for any use which may be made of the information contained therein. Contact: [email protected] References ADB. 2005. ICT for Customs Modernization and Data Exchange. Sheffi, Y. 2006. Resilience Reduces Risk. Logistics Quarterly, 12(4): Manila, Philippines: Asian Development Bank. 12–14. IBM. 2008. Implementing e-Customs in Europe: An IBM Point of View. Skipper, J. B., & Hanna, J. B. 2009. Minimizing Supply Chain Somers, NY: IBM Corporation. Disruption Risk through Enhanced Flexibility. International Journal of Physical Distribution and Logistics Management, 39(5): Jüttner, U. 2005. Supply Chain Risk Management: Understanding the 404–427. Business Requirements from a Practitioner Perspective. http://dx.doi.org/10.1108/09600030910973742 International Journal of Logistics Management, 16(1): 120–141. http://dx.doi.org/10.1108/09574090510617385 Svensson, G. 2002. A Conceptual Framework of Vulnerability in Firms' Inbound and Outbound Logistics Flows. International Khan, O., Christopher, M., & Creazza, A. 2012. Aligning Product Journal of Physical Distribution & Logistics Management, 32(2): Design with the Supply Chain: A Case Study. Supply Chain 110–134. Management, 17(3): 323–336. http://dx.doi.org/10.1108/09600030210421723 http://dx.doi.org/10.1108/13598541211227144 Tang, C. S. 2006. Robust Strategies for Mitigating Supply Chain McGillivray, G. 2000. Commercial Risk Under JIT. Canadian Disruptions. International Journal of Logistics Research and Underwriter, 67(1): 26–30. Applications, 9(1): 33–45. http://dx.doi.org/10.1080/13675560500405584 Pfohl, H.-C., Köhler, H., & Thomas, D. 2010. State of the Art in Supply Chain Risk Management Research: Empirical and Conceptual Tomlin, B. 2006. On the Value of Mitigation and Contingency Findings and a Roadmap for the Implementation in Practice. Strategies for Managing Supply Chain Disruption Risks. Logistics Research, 2(1): 33–44. Management Science, 52(5): 639–657. http://dx.doi.org/10.1007/s12159-010-0023-8 http://dx.doi.org/10.1287/mnsc.1060.0515 Sheffi, Y. 2001. Supply Chain Management under the Threat of Urciuoli, L., Hintsa, J., & Ahokas, J. 2013. Drivers and Barriers International Terrorism. International Journal of Logistics Affecting Usage of E-Customs — a Global Survey with Customs Management, 12(2): 1–11. Administrations Using Multivariate Analysis Techniques. http://dx.doi.org/10.1108/09574090110806262 Government Information Quarterly, 30(4): 473–485. http://dx.doi.org/10.1016/j.giq.2013.06.001 www.timreview.ca 17 Technology Innovation Management Review April 2015 Luca Urciuoli Zsidisin, G. A., Panelli, A., & Upton, R. 2000. Purchasing Organization Urciuoli, L., Zuidwijk, R., & van Oosterhout, M. 2011. Adoption and Involvement in Risk Assessments, Contingency Plans and Risk Effects Extended SICIS. In Proceedings of the 2011 Hamburg Management: An Explorative Study. Supply Chain Management, International Conference of Logistics (HICL). 4(4): 187–197. WEF. 2012. New Models for Addressing Supply Chain and Transport http://dx.doi.org/10.1108/13598540010347307 Risks. Geneva, Switzerland: World Economic Forum. Williams, L. R., Esper, T. L., & Ozment, J. 2002. The Electronic Supply Chain: Its Impact on the Current and Future Structure of Strategic Alliances, Partnerships and Logistics Leadership. International Journal of Physical Distribution & Logistics Management, 32(8): 703–719. http://dx.doi.org/10.1108/09600030210444935 Citation: Urciuoli, L. 2015. Cyber-Resilience: A Strategic Approach for Supply Chain Management. Technology Innovation Management Review, 5(4): 13–18. http://timreview.ca/article/886 Keywords: IT, ICT, supply chain management, cross-border trade, cyber-resilience, risk management www.timreview.ca http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Technology Innovation Management Review Unpaywall

Cyber-Resilience: A Strategic Approach for Supply Chain Management

Urciuoli, Luca
Technology Innovation Management ReviewApr 20, 2015
Download PDF
6 pages

Loading next page...
 
/lp/unpaywall/cyber-resilience-a-strategic-approach-for-supply-chain-management-fQKVPNzQdb

References

References for this paper are not available at this time. We will be adding them shortly, thank you for your patience.

Publisher
Unpaywall
ISSN
1927-0321
DOI
10.22215/timreview/886
Publisher site
See Article on Publisher Site

Abstract

Technology Innovation Management Review April 2015 Cyber-Resilience: A Strategic Approach for Supply Chain Management Luca Urciuoli Business is all about risk taking and managing uncertainties and turbulence. Gautam Adani Business magnate Risk management and resilience strategies in supply chains have an important role in ensur- ing business continuity and reliability in a cost-efficient manner. Preventing or recovering from disruptions requires access and analysis of large amounts of data. Yet, given the mul- tiple stakeholders, operations, and environmental contexts in which a global supply chain operates, managing risks and resilience becomes a challenging task. For this reason, informa- tion and communication technologies (ICT) are being developed to support managers with tailored tools and services to monitor disruptions, enhance instantaneous communication, and facilitate the quick recovery of supply chains. Hence, the objective of this article is to shed light on managerial strategies to improve the resilience of supply chains and thereby to point out how these could be automated by means of innovative ICT systems. In particular, this article concludes by warning about existing challenges to implementing such systems. If these challenges are not correctly addressed by managers, there is a major risk of further jeopardizing supply chains. Introduction Supply chains are often described as sets of organiza- tions joining a virtual network through which flows of Recent catastrophic events, such as terrorist attacks, nat- services/products, information, and money are moved ural disasters, and pandemics, have drawn attention to and exchanged. The common goal of these networks is the vulnerability of global supply chains to risks (Jüttner, to transform raw materials into components and 2005). Vulnerability means that supply chains are sus- products that are delivered to final consumers, at the ceptible to disruptions, meaning interruptions in busi- right time, quantity, quality, and place. In these net- ness operations that result in undesirable consequences works, strategies to manage risks and resilience have an such as delayed deliveries or lost sales (Svensson, 2002). important role in ensuring business continuity, delivery For example, the earthquake that hit Taiwan in Septem- reliability, responsiveness, etc. ber 1999 had a severe impact on the personal computer industry worldwide – 10% of the world’s computer chips To ensure the optimal management of risks and resili- and 80% of the world’s motherboards were produced in ence, managers of supply chains need to identify, ac- Taiwan – resulting in lost revenues of more than 200 mil- cess, and analyze large amounts of data through lion dollars due to production shut-downs (McGillivray, different information technology platforms and 2000). Supply chain trends such as globalization, spe- sources. In particular, specific ICT systems based on a cialization, complexity, and lean processes have been combination of push and pull services are indicated as largely indicated as the main drivers of these risks (Pfohl the most promising approaches to support risk manage- et al, 2010; WEF, 2012). Hence, in such a scenarios, sup- ment and resilience in a cost-effective manner. The ply chain managers are asked to improve their risk man- principle behind these systems is very simple: such sys- agement skills in terms of identifying, analyzing, tems consists of web-services providing common and mitigating, and finally monitoring risks. consistent access to data for all the different actors in www.timreview.ca 13 Technology Innovation Management Review April 2015 Luca Urciuoli the supply chain (e.g., suppliers, transport providers, In addition, companies may use flexible contract manufacturers, distributors, importers, retailers) but agreements, inspections to qualify suppliers, and also for governmental agencies worldwide (Williams et make-and-buy strategies to split production across al., 2002). Yet, given their novelty, there is still much un- different factories (Sheffi, 2006). certainty about how these systems should be best integ- rated in companies. • Inventory management: Safety stocks can be in- creased in order to avoid stock-outs in case of missed Hence, the objective of this article is to provide a general demand. Inventory redundancy may build additional overview of resilience strategies applied in supply capacity in firms, yet they are well known to generate chains and thereby shed light on how ICT systems can additional costs as obsolescence, product lifecycles, be exploited. By understanding and putting into prac- and inventory holdings (Sheffi, 2006; Tang, 2006; tice these conceptual links, this article aims to contrib- Tomlin, 2006). ute a visionary perspective of cyber-resilience in supply chains, illustrating how resilience in supply chains can • Ensure additional transport capacity and multiple be enhanced through the exploitation of innovative in- consignment routes: Plan in advance possibilities to formation technology services. transport cargo by means of multiple transportation modes, multiple carriers or providers, and con- The article is structured in a manner to build up and sequently multiple routes and distribution channels lead to the cyber-resilience topic: after the introduction, (Tang, 2006; Tomlin, 2006). Additional transport capa- it provides an overview of risk management and resili- city can also be ensured by investing in and maintain- ence strategies in supply chains. Next, it enumerates ing a dedicated transportation fleet (Sheffi, 2006). known challenges of these approaches, and thereafter it sheds light on the role of ICT in cyber-resilience. Finally, • Product-centric design: Aligning the design of the the article concludes by providing managerial implica- products with the supply chain efficiency targets. This tions and recommendations. process cannot happen in isolation, but it implies ver- tical cooperation and early involvement of suppliers Risk Management and Resilience Strategies in product concept development and design (Khan et in Supply Chains al., 2012; Zsidisin et al., 2000). Multiple designs of products can become useful in emergency situations, Besides risk management strategies, both researchers for example, in case a specific raw material or com- and practitioners point out that particular attention has ponent is unexpectedly not accessible (Sheffi, 2006). to be given to strategies improving the resilience of sup- ply chains, that is, the capability of supply chains to • Information sharing: Information sharing may im- bounce back to stable conditions after a disruption. Re- prove flexibility of supply chains or enable monitor- silience is important for two reasons: first of all, sooner ing of risks and the establishment of preventive or later, companies will have to face unexpected risks, actions (Skipper & Hanna, 2009; Tomlin, 2006). for which no mitigation strategies have been planned in advance. Hence, the capabilities to respond to these Challenges in Managing Risks and Resilience events need to be built into the management of the com- panies. Second, the reactions of governmental agencies Given the multiple stakeholders, operations, and envir- triggered after large catastrophes (e.g., terrorist attacks, onmental contexts in which a global supply chain oper- earthquakes, hurricanes) may also give rise to unexpec- ates, managing risks and resilience is a challenging ted events that supply chain companies need to deal task. These challenges are especially acute in the do- with in order to ensure business continuity and survival main of cross-border trade, where the organizations in (Sheffi, 2001). the virtual network need to be managed as single entit- ies across national borders, and where several regulat- Looking at the literature, diverse strategies to manage re- ory compliance frameworks exist. In practice, this silience have been enumerated. Some of those are: means that supply chain companies need to deal with different cultures, geopolitical and organizational is- • Diversification of suppliers: The access to a wider sup- sues, regulatory compliance frameworks, and ulti- ply base enables firms to exploit additional production mately with different ICT systems, standards, and lines and quickly shift volumes and production in case technologies operated by different actors and under of a disruption (Sheffi, 2006; Tang, 2006; Tomlin, 2006). different business logics (Urciuoli et al., 2013). www.timreview.ca 14 Technology Innovation Management Review April 2015 Luca Urciuoli The latest R&D initiatives are putting their efforts on of data containing bills of lading, invoices, packing lists, the development of ICT tools that may support com- country of origin, cargo quantity and type, etc. need to panies with this complex process. These tools aim to en- be shared by supply chain companies in order to im- hance visibility of risks along the supply chain by prove the prediction of estimated times of arrival enabling information collection through sensor techno- (ETAs). According to ETA estimations, transportation logies, sharing of data, and application of advanced and diverse resources can be optimally scheduled and business intelligence rules to analyze data; in particu- allocated, market campaigns can be punctually started lar, data are not being shared merely between the sup- to strategically retain major market shares, etc. Like- ply chain companies, but also between the supply wise, customs declarations in import and export coun- chains and the governmental agencies. This practice is tries can be submitted simultaneously by different fundamental to reduce the administrative costs that stakeholders (Urciuoli et al., 2011). cross-border supply chains entail (Urciuoli et al., 2013). Nowadays, web-services based on service-oriented ar- To give a sense of the burden experienced by compan- chitectures (SOAs) seem to be widely exploited to en- ies, it can be reminded that, to import goods into a sure connectivity of the supply chain in a plug-and-play country, companies have to produce export and import fashion. These services enable electronic data sharing, declarations, with licenses and other permits to be at- and with it may reduce the risk for mistakes or incom- tached, in order to demonstrate compliance with cus- plete data. In addition, web-based push and pull ser- toms regulatory frameworks. In Europe alone, customs vices can be exploited to avoid data redundancy and administrations are processing almost 200 million de- speed up response procedures in case of unexpected clarations every year; for example, in 2007, it was 183 disruptions: million (IBM, 2008). Each of these declarations consists of roughly 40 typologies of documents and in total • B2B pull services: Data may be pulled by a supply about 200 data elements need to be exchanged chain company in order to obtain the current status of between business and governmental entities, resulting a consignment/container or to interrogate the invent- in highly complex and costly data transfer, processing, ory levels of suppliers, distribution centres/whole- and storage challenges (ADB, 2005). salers, retailers, transport infrastructure capacity, traffic conditions, etc. The Role of ICT: Towards Cyber-Resilient Supply Chains • B2B push services: Push services are instead used to trigger alerts to companies whenever the status of in- Cyber-resilience may be achieved by smartly combin- ventory levels, demand, containers conditions. or pos- ing technologies and services that exist today on the ition change in an unexpected manner. In other marketplace or that are being developed in R&D pro- words, the service is able to sense whenever data out- jects. These are presented in this section as ICT systems range previously established upper and lower control for B2B (Business to Business) and B2G (Business to limits (UCLs and LCLs). These data ranges can be de- Government) information sharing and analysis. termined by means of advanced business intelligence techniques. B2B information sharing Several IT companies are struggling to develop multiple The combination of the above push and pull services data interfaces in order to guarantee full interoperabil- enables full visibility and control in the supply chain. ity and access to data to supply chains stakeholders. By pulling key data, managers may monitor, in real Data is actually being shared between companies in a time, inventory levels, shipping statuses, environment- supply chain, however, often in paper and sometimes al conditions of cargo and containers, arrival time at in electronic format. In particular, the usage of paper- specific nodes in the supply chain network, etc. This in- based information exchange has been indicated as not formation improves decision making in terms of optim- effective, because of the risk for mistakes, data loss, as izing inventory levels, scheduling and planning well as redundant transfer and collection of the same transport assignments, allocating resources, designing data. Hence, the usage of sophisticated electronic sys- networks, etc. On the contrary, push services are more tems to collect, store in a common repository ecosys- suitable to handle risks and manage resilience. Hence, tem, and analyze data has received a lot of attention in case of deviations from planned routines, alerts may because of the abundant cost savings that could be be triggered to recover or activate response procedures. earned. For instance, in an international shipment, files Examples of push services could be alerts triggered by www.timreview.ca 15 Technology Innovation Management Review April 2015 Luca Urciuoli environmental sensors in containers, alarms installed in supply chain. For instance, companies will be able to vehicles, panic buttons, geofences, timefences, etc. easily manage and control portfolios of suppliers online, make more accurate ETA estimations, monitor in real B2G information sharing time the transport infrastructure capacity, learn and ap- Nowadays, to enable resilience strategies, supply chain ply any sudden changes in trading regulations, rapidly companies work with different contract typologies and submit electronic orders and comply with regulatory portfolios of suppliers located in various countries frameworks, etc. across the globe. However, despite contracts being in place, in case of a disruption, companies will suddenly Despite the promising future visions, there is still much need to deal with several different regulatory frame- work to be done in order to ensure that these ICT sys- works and customs procedures. Not only that, different tems will be fully accepted and integrated into supply countries require different data formats or usage of dif- chain companies. Many challenges are being en- ferent information technology interfaces, implying high- countered and need to be solved in order to move a step er costs in terms of translation and adaptation efforts forward towards cyber-resilient supply chains. These needed to bridge between different national systems. Ex- are, in sequential order, the following: perts believe that future information technology sys- tems will ensure that companies’ systems can easily 1. Exploit/develop reliable and robust information connect to customs administrations’ web-platforms collection and sharing (both B2B and B2G). Collec- (i.e., e-Customs) and facilitate filing of customs declara- tion and sharing of information is still a major con- tions or provide easy access to international trade-re- cern, especially for small companies, both in terms of lated documentation (Urciuoli et al., 2013). In addition, technical development, know-how, and monetary in- push and pull services developed in prototype platforms vestments. may play a fundamental role in managing resilience: 2. Exploit business intelligence rules. Develop tailored • B2G pull services: Pull services connected to e-Cus- push and pull web services that enable cyber-resili- toms platforms may be used to control existing trade ence. Yet, to develop reliable business intelligence regulations, necessary documentation for import/ex- rules, resources need to be allocated to identifying, port procedures, status of release and clearance of con- modelling, and assessing risks in a systematic manner. tainers, customs declarations, licenses, etc. 3. Ensure public–private partnerships. Partnerships • B2G push services: Push services are instead planned should focus on the implementation of ICT systems to include alerts in case of changed trading regula- to exchange data with public agencies and aim at de- tions, tariffs or taxes, deviations of containers inspec- veloping up-to-date standards and legislative frame- tions and release, etc. These systems may eliminate works. unnecessary delays, reduce paper redundancy, and in this way, reduce costs to companies and governments. 4. Solve potential data confidentiality issues. Sharing information implies that data will need to be held in Conclusion repositories or remote locations. For obvious reason, this requirement is not accepted by many business ICT has already been indicated as playing a major role companies that fear their business strategies will be in controlling and managing more complex value net- disclosed to competitors. works in a cost-efficient manner. However, additional capabilities, mainly aiming to improve cyber-resilience, 5. Ensure cybersecurity. In several instances, it has may be exploited to ensure quick response to risks and been pointed out that, although the information tech- disruptions in supply chains. These capabilities are sup- nology layer of supply chains is relevant to optimizing ported by the development of common repository IT supply chain management, it may also expose com- ecosystems where B2B or B2G push and pull web ser- panies to criminal actions (e.g., theft, fraud, forgery, vices are created and contemporarily accessed by sup- industrial espionage) or sabotage, hackers, and terror- ply chain actors, but also governmental agencies. ists aiming to promote ideological issues and hurt the economy of a nation or a single industry (e.g., hacktiv- Enabling B2B and B2G data sharing may allow compan- ism, sabotage). Hence, this risk naturally implies that ies to access an unimaginable amount of data and ser- cyber-resilience strategies should be followed by in- vices that can enhance the cyber-resilience of the whole formation technology security management systems. www.timreview.ca 16 Technology Innovation Management Review April 2015 Luca Urciuoli In conclusion, it is strongly believed that, without com- mon data access, managers may struggle to fully devel- About the Author op, apply, and coordinate resilience operations in companies. Resilience becomes even more challenging Luca Urciuoli is an Associate Research Professor in in global supply chains, where managers need to deal the MIT International Logistics Program within the with threats and recovery operations outside their com- Zaragoza Logistics Center in Spain, where he panies and in different and multi-faceted environment- teaches and performs research in supply chain net- al contexts. Current R&D initiatives are demonstrating work design, supply chain risk, and security manage- that ICT systems for B2B and B2G data exchange, when ment. He holds an MSc degree in Industrial combined with business intelligence techniques, may Engineering from Chalmers University of Techno- provide supply chain managers with advanced capabil- logy in Gothenburg, Sweden, and a Doctorate in ities to improve resilience. Hence, supply chain com- Transportation Security from the Engineering Uni- panies could be only "a click away" from fully versity of Lund, Sweden. He has been working at the automated cyber-resilience. research unit of the Volvo group as a project man- ager developing on-board transport and telematics Acknowledgements services. He also led the research of the Cross-bor- der Research Association in Switzerland and collab- The author of this paper would like to thank the CORE orated in several FP7 research and consultancy project (Consistently Optimised Resilient Secure Global projects, with a focus on topics such as e-Customs, Supply Chains, Grant Agreement No. 603993), a project trade facilitation, supply chain security, waste secur- funded under the European Union’s Seventh Frame- ity, and postal security. He is also an editorial board work Programme for research, technological develop- member for the Journal of Transportation Security, ment, and demonstration. This publication reflects the and he has published his research in several scientif- views only of the author, and the EU Commission can- ic and practitioner journals. not be held responsible for any use which may be made of the information contained therein. Contact: [email protected] References ADB. 2005. ICT for Customs Modernization and Data Exchange. Sheffi, Y. 2006. Resilience Reduces Risk. Logistics Quarterly, 12(4): Manila, Philippines: Asian Development Bank. 12–14. IBM. 2008. Implementing e-Customs in Europe: An IBM Point of View. Skipper, J. B., & Hanna, J. B. 2009. Minimizing Supply Chain Somers, NY: IBM Corporation. Disruption Risk through Enhanced Flexibility. International Journal of Physical Distribution and Logistics Management, 39(5): Jüttner, U. 2005. Supply Chain Risk Management: Understanding the 404–427. Business Requirements from a Practitioner Perspective. http://dx.doi.org/10.1108/09600030910973742 International Journal of Logistics Management, 16(1): 120–141. http://dx.doi.org/10.1108/09574090510617385 Svensson, G. 2002. A Conceptual Framework of Vulnerability in Firms' Inbound and Outbound Logistics Flows. International Khan, O., Christopher, M., & Creazza, A. 2012. Aligning Product Journal of Physical Distribution & Logistics Management, 32(2): Design with the Supply Chain: A Case Study. Supply Chain 110–134. Management, 17(3): 323–336. http://dx.doi.org/10.1108/09600030210421723 http://dx.doi.org/10.1108/13598541211227144 Tang, C. S. 2006. Robust Strategies for Mitigating Supply Chain McGillivray, G. 2000. Commercial Risk Under JIT. Canadian Disruptions. International Journal of Logistics Research and Underwriter, 67(1): 26–30. Applications, 9(1): 33–45. http://dx.doi.org/10.1080/13675560500405584 Pfohl, H.-C., Köhler, H., & Thomas, D. 2010. State of the Art in Supply Chain Risk Management Research: Empirical and Conceptual Tomlin, B. 2006. On the Value of Mitigation and Contingency Findings and a Roadmap for the Implementation in Practice. Strategies for Managing Supply Chain Disruption Risks. Logistics Research, 2(1): 33–44. Management Science, 52(5): 639–657. http://dx.doi.org/10.1007/s12159-010-0023-8 http://dx.doi.org/10.1287/mnsc.1060.0515 Sheffi, Y. 2001. Supply Chain Management under the Threat of Urciuoli, L., Hintsa, J., & Ahokas, J. 2013. Drivers and Barriers International Terrorism. International Journal of Logistics Affecting Usage of E-Customs — a Global Survey with Customs Management, 12(2): 1–11. Administrations Using Multivariate Analysis Techniques. http://dx.doi.org/10.1108/09574090110806262 Government Information Quarterly, 30(4): 473–485. http://dx.doi.org/10.1016/j.giq.2013.06.001 www.timreview.ca 17 Technology Innovation Management Review April 2015 Luca Urciuoli Zsidisin, G. A., Panelli, A., & Upton, R. 2000. Purchasing Organization Urciuoli, L., Zuidwijk, R., & van Oosterhout, M. 2011. Adoption and Involvement in Risk Assessments, Contingency Plans and Risk Effects Extended SICIS. In Proceedings of the 2011 Hamburg Management: An Explorative Study. Supply Chain Management, International Conference of Logistics (HICL). 4(4): 187–197. WEF. 2012. New Models for Addressing Supply Chain and Transport http://dx.doi.org/10.1108/13598540010347307 Risks. Geneva, Switzerland: World Economic Forum. Williams, L. R., Esper, T. L., & Ozment, J. 2002. The Electronic Supply Chain: Its Impact on the Current and Future Structure of Strategic Alliances, Partnerships and Logistics Leadership. International Journal of Physical Distribution & Logistics Management, 32(8): 703–719. http://dx.doi.org/10.1108/09600030210444935 Citation: Urciuoli, L. 2015. Cyber-Resilience: A Strategic Approach for Supply Chain Management. Technology Innovation Management Review, 5(4): 13–18. http://timreview.ca/article/886 Keywords: IT, ICT, supply chain management, cross-border trade, cyber-resilience, risk management www.timreview.ca

Journal

Technology Innovation Management ReviewUnpaywall

Published: Apr 20, 2015

There are no references for this article.