PERSPECTIVES FROM THE CAMPUS

One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name "Perspectives from the Campus Series”, we invite experts -- immersed in the pursuit of educating their students -- to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.

In the latest installment of this series, David Dungan, who serves as the Executive Director at the Center for Security Services and Cyber Defense at Anderson University, shares some important information regarding the significance of our supply chain. As we celebrate National Supply Chain Integrity Month in April and National Supply Chain Day, Dungan provides his perspective on why cybersecurity is critical for making sure businesses stay protected and the supply chain is secure.

By David Dungan

When it comes to cybercriminals taking aim at a critical sector of our economy, there are few bigger targets than our supply chain.

And whether you’re talking about the massive docks that operate as maritime superhighways to deliver products and goods across the country and around the world, or those that rely on what is known as the Information and Communications Technology (ICT) supply chain, it can impact our entire life cycle; encompassing everything from our hardware, software and managed services to the people, whose livelihoods rely on the efficiency and security of its operations.

April is National Supply Chain Integrity Month and April 29th is National Supply Chain Day, and it’s a good opportunity to understand just how vast our systems reach and what we can do to help make sure it stays secure and protected.

In the modern era of the internet, the number of IoT devices has exponentially expanded, as has the amount of threat vectors. In fact, it’s estimated that the number of active IoT devices globally will reach 24.1 billion by 2030. An example of what we’re talking about can be found right in our own home, while watching TV.

Adding a smart TV to your local network at home adds another vector where, if not properly secured, could expose your network to a threat actor. The same principle applies to businesses, as the more entities are involved with a business, the risk for a cyber incident or cyberattack increases.

Some of the most common sources of supply chain attacks involve commercial software, open-source supply chains, and foreign products. And, just within the last year, there has been a notable surge in these types of attacks involving numerous vendors; a concerning trend that underscores the need for more robust security measures.

Among the resources that are available and are free to download includes the “Best Practices in Cyber Supply Chain Risk Management” from the National Institute of Standards and Technology (NIST) and a free cybersecurity guide from the National Motor Freight Traffic Association (NMFTA).

That said, it’s a challenge to ensure that every step in a business's supply chain is completely secure, especially when you consider the sheer number of levels that exist within the supply chain in the modern era. Nonetheless, there are several measures that can be taken to help mitigate potential cyber threats.

• Fully understand supply chain management risks and threats.
  • The necessary personnel should take time to understand the current threat landscape, not just for their own business, but for industry partners within their supply chain.
• Assess your cybersecurity measures.
  • After taking the time to understand all current threats in the landscape, the cybersecurity team should install the necessary hardware and software protocols to counter assessed threats, as much your budgets and operations will allow you to do.
• Treat cybersecurity as an ongoing process.

  ○ Cybersecurity is a never-ending race; at times, it can seem as though it’s a marathon without a finish line. With the rate of change always accelerating, companies need to routinely schedule and reevaluate their own defenses. The average cost of a supply chain related attack is $4.45 million dollars. Even for a small business, the average cost of a breach is estimated at $25,000.

By prioritizing cybersecurity measures and adopting a proactive approach to risk management, a business is better able to protect themselves against attacks in their supply chain. Not only does it help safeguard their own operations, it allows them to contribute to the very economic environment, in which they compete in.