Cyber-Attacks Effect on Supply Chains
In the past two months two ransomware cyber-attacks have knocked major companies from their feet. The first major cyber-attack began on May 12th, 2017 called Wannacry, it didn’t bring the world’s supply chains to a halt, but it did cause significant disruptions around the world (over 200,000 organizations affected in more than 150 countries). Companies as large as FedEx, Hitachi, and Renault were hit, as well as hospitals and government agencies. The next cyber-attack happened on June 27, 2017, called Petya, it began spreading to large organizations across Europe and the US. This ransomware uses what is called the Eternal Blue exploit in Windows computers. This attack affected Shipping giant A.P. Moller-Maersk which handles one out of seven containers shipped globally. Along with Maersk it affected other big companies including the advertising firm WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft. The food company Mondelez, legal firm DLA Piper, and Heritage Valley Health System, which runs hospitals and care facilities in Pittsburgh.
Given the physical and informational interdependencies between extended supply chain partners, cyber-attacks oftentimes have a ripple effect. Let’s consider the example of an ocean carrier that was hit hard by the Petya ransomware cyber-attack in June 2017. Among other impacts, the attack prevented the carrier from providing shipment status updates to many of its shippers and 3PL customers. The carrier’s systems that generate shipment status updates, predominantly via EDI, crashed because of the cyber-attack and prevented it from pushing updates out to its customers. This issue didn’t just affect shippers and 3PLs with direct connectivity to the ocean carrier, but also many other companies reliant on traditional supply chain visibility software solutions. These solution providers have established peer-to-peer connectivity to ocean carriers in order to collect EDI based shipment status updates. They then display the EDI status updates in their tracking reports and dashboards, and update their locations whenever they receive batch updates via EDI from carriers.
Beyond the fact that these status updates are latent, they are also subject to blackouts resulting from cyber-attacks. While a shipper may not fall victim to a cyber-attack, it may still experience disruptions if one of its supply chain partners does.
Organizations using IoT-based supply chain visibility and predictive analytics solutions are insulated from these issues. Digital supply chain solutions track shipments in real-time using radar, satellites, sensors, smartphones and other IoT devices. They are not reliant on trading partners to push status updates via EDI, web forms, or other means.
By providing real-time visibility via IoT devices vs. latent EDI-based status updates, and insulating shippers from the cyber-attack domino effect are just a few ways digital supply chains are reducing risk and improving operational and financial performance.