This article appeared in Law and strategy on computer security, an ALM publication for privacy and security professionals, information security managers, key information managers, key technology managers, business consultants, Internet and technology practitioners, internal consultants. Visit the website to learn more.
With the growth of supply ecosystems and the proliferation of vulnerability points, companies will have to switch to distributed accounting technology.
The supply chains of companies are becoming increasingly complex in the global and ultra-competitive economic environment. The production of products tends to involve many parts and components created by specialized factories scattered in different parts of the world.
This means that there are a growing number of different actors in supply chains, each with their own technology platforms. This makes supply chains more vulnerable to cyber attacks.
That's why cybercriminals looking for new ways to leverage corporate networks are focusing their attention on privileged access to the network given to the many actors involved in supply chains.
This is a serious risk for businesses. Through a single compromise, supply chain attacks can affect a large number of machines connected to the supply chain. And these attacks can be much more difficult to detect than traditional malware.
The importance of the supply chain
Get a simple product like a sports shoe. Nine or 10 suppliers worldwide could be involved in the creation of materials. These materials could then be shipped to a dozen different factories for processing. So they could be sent to another factory to put the shoe together.
It might seem like a complex supply chain. But it is relatively simple compared to the complexity of sourcing for cars like cars or factory equipment.
Whether it's shoes, cars or factory machinery, these global and multi-player supply chains offer essential efficiencies. But they require all those involved in them to communicate within a central system to avoid problems such as failure to report inventory, unforeseen failure and supply chain fraud.
These types of open supply chain networks make systems highly vulnerable to cyber attacks.
An increase in attacks
At the beginning of this year, Crowdstrike's cybersecurity experts revealed that research suggests that two-thirds of the organizations surveyed suffered an attack on the software supply chain last year. The average cost of an attack was over $ 1.1 million.
In an era of Internet of Things, digital purchasing platforms and automated process automation, vulnerabilities will continue to proliferate.
But organizations are held back by developing robust security strategies due to the time and costs involved in auditing suppliers and third parties. According to the Crowdstrike report, 90% of companies agreed that security is critical when making supplier decisions, but only 37% said they were able to control everyone.
So what should companies do? How can they ensure that each member of the supply chain has the IT tools and protection to defend against attacks?
Blockchain technology helps prevent and contain attacks
Instead of continually patching old security systems, blockchain technology offers companies a way to create protection in the supply chain by design, while simplifying supply chain processes. Blockchain is a non-editable and practically inaccessible transaction log. New information can be written to the blockchain, but previous information (stored in what is known as blocks) can not be adjusted. Every single block (or piece of data) added to the chain is assigned an encrypted identity.
Encryption effectively links the contents of each block you just added to each previous block. So any change to the contents of a previous block on a chain would invalidate the data in all the blocks after it.
Blockchains work in almost sterile environments. The only way to get data on them is through the chain itself. So it is highly unlikely that a cyber attack will work. And if they ever did, it would leave clues that would date back to the attacker.
This means that the number of stakeholders involved in a blockchain-based supply chain would not really be relevant from a security point of view. There would be no more weak links if everyone worked through the same blockchain.
The blockchain does not store data in a single centralized location, but through a vast network of computers that constantly checks information between them. In order to compromise data as part of a cyber attack, a hacker would need to violate most computers on the network at the same time. This is almost impossible.
That's why protecting a supply chain is a perfect case for blockchain technology. Naturally, the truthfulness of the data must be established before being added to the blockchain. This means that devices that acquire data (such as sensors) must be certified and authenticated. Ensuring the connection between the physical and the digital world is a problem that can not be solved by blockchain technology alone.
Transparency and security
In addition to security, blockchain technology also provides essential transparency to supply chains.
For example, in the manufacturing sector, many parts need to know where products come from, whether they are children's toys, cosmetics or electrical appliances. The world needs confidence in the fact that the goods are not counterfeit, that they have been created correctly and that they are safe to consume.
In these cases, manufacturers need a way to demonstrate data on their supply chain. And more and more they need to have evidence ready for operational details that are reliable and verified just enough to help them in case of a lawsuit or questions about authenticity. In order for this trust to exist, it is necessary that the data are immutably correct.
Blockchain technology provides a solution here. The fundamental value of blockchain, based on distributed consent, offers a way to transform data into immutable evidence of evidence that can not be destroyed or violated.
For example, in the case of a manufacturer dealing with counterfeit goods in its supply chain, the company could register on the blockchain when a genuine product was manufactured and follow it through the chain. In this way, he could prove that a counterfeit was not theirs. If a serial number has been copied, the company could show where the original product is located and prove that the counterfeit product is a fake.
Companies may also have the power to monitor supply chains for events such as inventory transfer, money exchange from the time the raw material is purchased and the sale of the final product to the consumer.
Fundamentally, all this can be established without the need for multiple technology platforms to be included in the supply chain information flow. It is important to stress that with the evolution of blockchain technology, supply chain management will become more efficient by increasing visibility, reducing monitoring costs, avoiding accounting discrepancies and providing predictive analytics.
A future built on Smart Contracts
An epoch widely described as the fourth industrial revolution is already underway. The Internet of Things provides companies with the means to monitor and master the supply chains, obtaining enormous amounts of corporate value in the process.
However, as the number of data points in each supply chain continues to grow, companies' vulnerability to attack grows and the implications of such attacks increase.
The protection of a supply chain from cybernetic risk can no longer relate to the updating of security systems linked to supply chain ecosystems with multiple vulnerabilities. Designing security and immutability in the platform itself is by far the safest option.
Blockchain technology can also help us to store this valuable information securely, then sift it to show that a recorded event was right or wrong. That's why it's about to transform supply chains.
Adrian Clarke, former Microsoft CTO, is the founder of the technology startup Evident Proof, a blockchain-based platform that transforms documents, transactions and data events into tests that can be used to meet compliance, sourcing, and other verification requirements. some data.