Supply Chain Security: It's Everyone's Responsibility
Issues surrounding supply chain security top the corporate priority list these days. Do governments bear the burden of keeping the global supply chain safe, or, by working together more effectively, can the private sector get the job done? Which is steeper—the cost to implement security procedures, or the price we pay for being unprepared? Differing opinions, strategies, and outlooks abound. Two industry experts share their thoughts on mitigating the risks of today's threats to supply chain security.
By Boris A. Populoh, director of programs and education, Household Goods Forwarders Association of America.
It doesn't matter where in the world your business is located. In today's global market, a terrorist incident or attack involving a critical segment of the supply chain infrastructure will impact you, whether your business is in Berlin, Va., or Berlin, Germany.
While the interconnected nature of the global market is great for business, it is exactly what makes securing the supply chain so challenging. The need to implement security procedures has never been greater, but businesses may balk at the costs—after all, companies are not all starting from a level playing field.
A recent book, America the Vulnerable: How our Government is Failing to Protect us From Terrorism, by retired U.S. Coast Guard Commander Stephen Flynn, has received a lot of attention for its unabashed look at security shortfalls since Sept. 11. Flynn addresses a multitude of critical security failures and shortfalls by both the public and private sector.
A pivotal point Flynn makes is the "absence of clearly defined and well-enforced government security requirements," which hampers a company's ability to implement more effective security procedures.
Flynn believes the lack of clearly defined requirements has a negative impact on individual companies attempting to implement security procedures. Companies that "invest in protective measures for the part of the infrastructure that they own place themselves at a competitive disadvantage," due to an increase in cost of doing business—one that may not be shared by a competitor who chooses not to beef up on security.
Deciding not to invest in security protocols—both procedural and physical—because they are too expensive may, at first glance, appear to be a necessary and logical business decision.
If a company chooses to invest in new security protocols and its competitor does not, the company may have to raise its rates, which could in turn drive business toward the competitor.
Take the question of increased security, and apply it to the hotel industry. Four of five hotels in one city, for example, have great security procedures, but the fifth hotel has none. It is fair to assume that this hotel's guests are more at risk for robbery, assault, or even a terrorist attack.
Should the unsecured hotel fall victim to a terrorist attack, however, all hotels in the area will lose substantial revenue and business—not just the hotel that didn't invest in security procedures.
The same principle can be applied to companies operating within every aspect of the global logistics industry. A successful attack on this vital conveyor of the global economy will impact business around the world.
Tragedy of the Commons
Approaching security and protective measures investments on an individual company basis illustrates the "tragedy of the commons" theory, says Flynn—if left to their own accord, individuals and/or companies will not look out for the common good, but rather for themselves.
Apply the tragedy of the commons theory to investing in security measures: securing the assets of a particular company involved in the larger global economic infrastructure is accompanied by certain expenses.
A company may be reluctant to take on that additional financial burden due to intangible benefits. If that company does not believe other companies are willing or able to make a similar investment, then it faces the likelihood of losing market share while simply shifting the vulnerability to a competitor, says Flynn.
Business owners certainly don't want regulations that make conducting business more arduous. While those concerns are indeed valid, the burden of securing the global logistics infrastructure does not fall on the shoulders of national governments alone, but on every company and individual involved in, and profiting from, that industry.
Logistics and supply chain industry professionals bear responsibility as global citizens to incorporate deterrent procedures into their daily operations.
While completely shielding ourselves from those who wish to do us harm is unrealistic, the logistics and supply chain industry must commit itself to taking appropriate and rational deterrent measures to bolster security initiatives undertaken by both the public and private sector.
Security is everyone's obligation. The costs of implementing necessary security measures are insignificant compared to the potential costs incurred by damage to the worldwide supply chain infrastructure and the global economy.
Sacrificing Silos For Security
By Irvin Varkonyi, president supply chain operations, Preparedness Education LLC, and adjunct professor, transportation policy, operations and logistics, George Mason University.
A typhoon knocks out semiconductor chip production in Taiwan. A bridge collapse on Oklahoma's I-40 cuts the heartland in two. And a major East Coast blackout reminds us that even our basic services must not be taken for granted. Terrorism and disaster may unavoidable, but should the consequences on the supply chain be unavoidable as well?
The answer depends on what link of the chain you sit on.
Logisticians, financial analysts, information systems managers, security professionals, and employees of many other business units, or silos, will probably all have different definitions of supply chain security.
Too often, securing a company's supply chain gets shuffled among departments with a "not my job" mentality. Employees already juggling a heavy workload aren't eager for added responsibilities. And cooperation among departments is frequently minimal, as each silo focuses on its own functions.
The best way to secure a company against disasters and/or attacks is to break down those silos and make security everyone's job. A clear-cut plan for approaching security requirements is a must for the 21st-century global enterprise.
Drs. Keith Helferich and Robert Cook of Central Michigan University were among the first to delve into supply chain security. They co-authored Securing the Supply Chain, a work published shortly after Sept. 11, by the Council of Supply Chain Management Professionals.
Helferich and Cook offer tools to help companies answer the question of whether their supply chain is brittle or malleable in dealing with disruptions. These tools focus on the basics of disaster logistics—planning, detection, mitigation, response, and recovery—and they involve employees from all corners of a corporation.
Supply chain articles teach us the basics of visibility, variability, velocity, and value. What about vulnerability? The supply chain is clearly vulnerable, as are some of the substantial process gains the industry has made over the last few years.
The continual trend of just-in-time (JIT) manufacturing, for example, has actually reversed slightly despite its popularity. It's becoming obvious that JIT inventory is vulnerable not only to delays by the sub-manufacturer, assembler, or transporter, but also to conditions beyond our control.
Business is not immune to natural disasters, mechanical accidents, or terrorists. The Helferich/Cook model can deter business collapse, even in the face of a disaster. Breaking down the silos will allow a company to focus on mitigating disasters in order to recover rapidly.
Are We Doing Enough?
The actions of the Department of Homeland Security have the business community narrowly focused on imports as the greatest risk to the security of the country. Compliance with the Customs-Trade Partnership Against Terrorism (C-TPAT), and a stamp of approval from the Bureau of Customs and Border Protection (CBP) is now equated with security. But is it enough?
C-TPAT can constructively help a business focus on securing its supply chain by making it rethink some relationships. It does not, however, know if security professionals and logisticians have the same definition of supply chain security.
C-TPAT cannot, for example, convince a company's procurement unit to take into account vulnerabilities of trading partners and distribution systems, or rethink the consequences of geographical selection.
These standards also do not help financial executives to understand the obligations of the Sarbanes-Oxley Act—which are at the heart of a secure supply chain. Financial integrity of the corporation—and of its trading partners—requires proactive measures to ensure the continuity of relationships for the protection of the shareholders, employees, and customers.
All of these new security initiatives serve a purpose and are a step in the right direction. But they are not enough. We need to improve interaction among business units in order to more effectively drive systemic changes in the supply chain.