Jaap Meijer, Cyber Security Officer & Advisor to the CEO at Huawei Technologies, speaks on the importance of cyber security end to end management within supply chain operations.
From our point of view there is not such a thing as the biggest disruptor in the supply chain. The biggest disruptor is the risk of breaking the integrity of the whole cyber security chain. Supply chain management is just one part of this but other parts, like R&D, logistics, partner management, implementation, manufacturing, etc. are equally important in order to manage the confidentiality, integrity, availability, traceability and authenticity of the products and services.
If we look further into the supply chain we can find a number of main threats for products to be tainted or counterfeited. Such threats are typically malware, unauthorized parts, unauthorized configurations, intentional damage or the use of substandard parts or unauthorized production. In order to create efficiency, security and resilience in the supply chain we will have to manage the end-to-end assurance of security of the supply chain, from development to product end-of-life. This includes assurance for the delivery of trusted materials, trusted manufacturing, trusted SW delivery and trusted logistics.
What is driving this change?
The whole chain is constantly being challenged by individuals (in and outside our organization), organized malicious groups, or organizations (potentially even hostile nation states) that are trying to hack into or unwittingly undermine the security of the products/services and networks that are we deployed by organizations worldwide. New products, services, processes, legislations are being released is being altered everyday which requires continuous monitoring and improvement constant review of the end to end chain.
What are the biggest risks associated with this disruptor?
The biggest risk all providers are facing in not managing the end-to-end chain are security and data breaches is losing the trust of customers and key stakeholders in relevant countries.
What are the biggest opportunities it [the disrupter] could bring?
Managing risk is directly related to quality and resilience of critical operations; therefore also contributes to the sustainability of the company. Quality and resilience are being adjusted more dynamically and the organization benefits from the cultural paradigm shift with respect to cyber security awareness and hence paving the way for continued business operations..
Who should be managing those risks and opportunities within the organisation?
Managing supply chain risk requires organizational commitment and governance, and a comprehensive end-to-end approach based on standards and best practices with strong oversight, independent verification for each critical component and performance incentives for key individuals and business units that are well aligned.
Key dynamics and true oversight is the key to maintain the chain. Internal controls are critical in managing the risk. To deliver our strategy across the whole company we are led by a board-led security and privacy committee, but all employees must “own” cyber security responsibility. The responsibilities are developed, distributed, integrated into the processes (all the way down to the suppliers and partners). This governance framework is in turn distributed and customized into all operating countries to ensure full alignment with local ways of working and applicable legislation.
What the future will look like for your business?
Understand that everyone is, and has to be, accountable within the risk ecosystem to help the overall global requirements better aligned. To achieve this development of International standards is needed and buyers of ICT should develop a better understanding of the requirements. Finally we should recognize that we can’t keep perfect security, but we can manage risk consistent with the organization’s risk posture and business objectives. We have to assume that our security will be breached and we have to make sure that we are ready to respond, recover, provide maximum resilience and have backups in place where needed to secure continued business operation.
Join the Third Party & Supply Chain Cyber Security Summit on 29th & 30th of June in Amsterdam and learn tailored solutions and best practical examples to embrace an end to end cyber security in your supply chain and business operations.
Reserve your pass today via online registration or contact us via details below:
+44 20 3441 0250