Supply chain security

Last updated April 23, 2023

Supply chain security (also "supply-chain security") activities aim to enhance the security of the supply chain or value chain, the transport and logistics systems for the world's cargo and to "facilitate legitimate trade".^[1] Their objective is to combine traditional practices of supply-chain management with the security requirements driven by threats such as terrorism, piracy, and theft. A healthy and robust supply chain absent from security threats requires safeguarding against disturbances at all levels such as facilities, information flow, transportation of goods, and so on. A secure supply chain is critical for organizational performance.^[2]

Credentialing of participants in the supply chain
Screening and validating of the contents of cargo being shipped
Advance notification of the contents to the destination country
Ensuring the security of cargo while in transit, for example through the use of locks and tamper-proof seals
Inspecting cargo on entry

Overview

According to the Office of the Director of National Intelligence in the United States, "adversaries exploit supply chain vulnerabilities to steal America’s intellectual property, corrupt our software, surveil our critical infrastructure, and carry out other malicious activities. They infiltrate trusted suppliers and vendors to target equipment, systems, and information used every day by the government, businesses, and individuals."^[3]

Local police departments often lack the resources to properly address supply chain security.^[4]

Transit theft

Theft and shrinkage can take place anywhere in the logistics chain: from the shipper, carrier, or consignee. It may be packages, pallet loads, and full truck loads. It can involve individuals with an opportunity to take cargo or can involve organized crime. Security systems involving surveillance systems, tracking systems, and broader corporate security are needed to reduce the theft of material. ^[5]

History

The terrorist attacks of 9/11 were the defining event for modern supply chain security. Before 9/11 supply chain security was primarily the concern of the insurance and risk management industries; after the attacks more structured approaches were implemented. Early efforts were dominated by concerns over the use of maritime shipping to deliver weapons of mass destruction. From 2001 to 2006 efforts focused on the physical security of goods and shipments but from 2012 on focus shifted to cybersecurity as the awareness of cyber threats grew.^[6]

In February 2021 US President Joe Biden made supply chain security one of his administration's priorities.^[7]

Key initiatives

There are a number of supply-chain security initiatives around the world, including:

The Customs Trade Partnership against Terrorism (C-TPAT), a voluntary compliance program for companies to improve the security of their corporate supply chains.^[8]
Operation Safe Commerce (OSC), a U.S. federal program designed to test and evaluate practices, policies and procedures aimed at improving the security of international containerized shipping.^[9]
The World Customs Organization (WCO) adopted the Framework of Standards to Secure and Facilitate Global Trade in 2005, which consists of supply-chain security standards for Customs administrations including authorized economic operator (AEO) programs.
The Container Security Initiative (CSI), a program led by U.S. Customs and Border Protection in the Department of Homeland Security (DHS) focused on screening containers at foreign ports.
The Global Container Control Programme (CCP), a joint United Nations Office on Drugs and Crime (UNODC)/World Customs Organization (WCO) initiative working to establish effective container controls at select ports across the globe with the aim to prevent trafficking of drugs, chemicals and other contraband and to facilitate trade by strengthening cooperation between the customs, trade and enforcement communities.
The Global Trade Exchange, a DHS data-mining program designed to collect financial information about shipments, with the objective of determining the safety of cargo shipments.
Pilot initiatives by companies in the private sector to track and monitor the integrity of cargo containers moving around the world using technologies such as RFID and GPS.
The BSI Group undertakes an annual survey of supply chain risk exposure, identifying and updating the main supply chain security concerns. In its 2020 report, drug smuggling, cargo theft of pharmaceuticals and medical supplies and increasing warehouse and facility theft were identified as particular concerns.^[10]
The International Organization for Standardization (ISO) has released a series of standards for the establishment and management of supply-chain security. ISO/PAS 28000 Specification for Security Management Systems for the Supply Chain, offers public and private enterprise an international high-level management standard that enables organisations to utilize a globally consistent management approach to applying supply-chain security initiatives. ISO/IEC 20243 is The Open Trusted Technology Provider Standard (O-TTPS) (Mitigating Maliciously Tainted and Counterfeit Products) that addresses supply-chain security and secure engineering.
The EU-US Summit held in Lisbon in November 2010, highlighting the need for their international "partnership to bring greater prosperity and security" for citizens on both sides of the Atlantic,^[11] provided a foundation for the Transatlantic Economic Council to build on, announcing at its December 2010 meeting an agreement "to deepen transatlantic cooperation in supply chain security policies".^[12]
The Common Criteria offers with EAL 4 an opportunity to include necessary evaluations that assure supply chain security for IT products

International agreements

Efforts for countries around the world to implement and enforce the International Ship and Port Facility Security Code (ISPS Code), an agreement of 148 countries that are members of the International Maritime Organization (IMO).
The European Union and the Government of Canada entered into an Agreement on Customs Cooperation with Respect to Matters Related to Supply-Chain Security in March 2013.^[1]

Supply chain cyber security

Supply chain cyber security is a subset of supply chain security which focuses on the digital aspects of the traditional supply chain as well as the supply chain for electronic and digital goods.^[6]

Related Research Articles

<span class="mw-page-title-main">World Customs Organization</span> Intergovernmental organization

The World Customs Organization (WCO) is an intergovernmental organization headquartered in Brussels, Belgium. The WCO works on customs-related matters including the development of international conventions, instruments, and tools on topics such as commodity classification, valuation, rules of origin, collection of customs revenue, supply chain security, international trade facilitation, customs enforcement activities, combating counterfeiting in support of intellectual property rights (IPR), illegal drug enforcement, combating counterfeiting of medicinal drugs, illegal weapons trading, integrity promotion, and delivering sustainable capacity building to assist with customs reforms and modernization. The WCO maintains the international Harmonized System (HS) goods nomenclature, and administers the technical aspects of the World Trade Organization (WTO) Agreements on Customs Valuation and Rules of Origin.

UN/CEFACT is the United Nations Centre for Trade Facilitation and Electronic Business. It was established as an intergovernmental body of the United Nations Economic Commission for Europe (UNECE) in 1996 and evolved from UNECE's long tradition of work in trade facilitation which began in 1957.

Cargo consists of goods conveyed by water, air, or land. In economics, freight is cargo that is transported at a freight rate for commercial gain. Cargo was originally a shipload but now covers all types of freight, including transport by rail, van, truck, or intermodal container. The term cargo is also used in case of goods in the cold-chain, because the perishable inventory is always in transit towards a final end-use, even when it is held in cold storage or other similar climate-controlled facilities. The term freight is commonly used to describe the movements of flows of goods being transported by any mode of transportation.

<span class="mw-page-title-main">Container Security Initiative</span> Security program

The Container Security Initiative (CSI) a.k.a. the 24-Hour Rule was launched in 2002 by the U.S. Bureau of Customs and Border Protection (CBP), an agency of the Department of Homeland Security. Its purpose was to increase security for container cargo shipped to the United States. As the CBP puts it, the intent is to "extend [the] zone of security outward so that American borders are the last line of defense, not the first."

<span class="mw-page-title-main">Customs and Excise Department (Hong Kong)</span> Department of the Hong Kong Government

The Customs and Excise Department (C&ED) is a government agency responsible for the protection of the Hong Kong Special Administrative Region against smuggling; the protection and collection of revenue on dutiable goods on behalf of the Hong Kong Government; the detection and deterrence of drug trafficking and abuse of controlled drugs; the protection of intellectual property rights; the protection of consumer interests; and the protection and facilitation of legitimate trade and upholding Hong Kong's trading integrity.

<span class="mw-page-title-main">Port security</span> Security of commerce ports

Port security is part of a broader definition concerning maritime security. It refers to the defense, law and treaty enforcement, and counterterrorism activities that fall within the port and maritime domain. It includes the protection of the seaports themselves and the protection and inspection of the cargo moving through the ports. Security risks related to ports often focus on either the physical security of the port, or security risks within the maritime supply chain.

Trade facilitation looks at how procedures and controls governing the movement of goods across national borders can be improved to reduce associated cost burdens and maximise efficiency while safeguarding legitimate regulatory objectives. Business costs may be a direct function of collecting information and submitting declarations or an indirect consequence of border checks in the form of delays and associated time penalties, forgone business opportunities and reduced competitiveness.

According to the World Customs Organization (WCO), an authorized economic operator (AEO) is

"a party involved in the international movement of goods in whatever function that has been approved by or on behalf of a national Customs administration as complying with WCO or equivalent supply chain security standards. Authorized Economic Operators include inter alia manufacturers, importers, exporters, brokers, carriers, consolidators, intermediaries, ports, airports, terminal operators, integrated operators, warehouses and distributors"

The Automotive Industry Action Group (AIAG) is a not-for-profit association founded in 1982 and based in Southfield, Michigan. It was originally created to develop recommendations and a framework for the improvement of quality in the North American automotive industry. The association's areas of interest have expanded to include product quality standards, bar code and RFID standards, materials management, EDI, returnable containers and packaging systems, and regulatory and customs issues.

The Global Trade Exchange (GTX) is, or was, a controversial Homeland Security intelligence project, related to maritime-ports data-mining, being one of three pillars of the Safe Ports Act-related Secure Freight Initiatives. The Global Trade Exchange has a mysterious history dating from conception in 2004, a 2007-2008 year of hype, and sudden placement on "hold" status. Described as a ready-to-buy, commercially available database, the GTX was rush-funded by Congress as part of and championed relentlessly by then-United States Secretary of Homeland Security Michael Chertoff in evident disregard of objections of confused and frustrated U.S. private sector trade groups. After a year-long spate of official support, media hype, and after award of Congressional funding of $13 million, the GTX was put "on hold for further study by the [U.S.] Navy" in April 2008, for reasons still yet to-be explained. Touted by senior U.S. officials and Congress in 2007 as an anti-terrorism database for tracking long-haul shipping containers, the Global Trade Exchange's principal focus appears to have a different focus, notably advance trade-finance information for market-making purposes.

Brand protection is the process and set of actions that a right holder undertakes to prevent third parties from using its intellectual property without permission, as this may cause loss of revenue and, usually more importantly, destroys brand equity, reputation and trust. Brand protection seeks primarily to ensure that trademarks, patents, and copyrights are respected, though other intellectual property rights such as industrial design rights or trade dress can be involved. Counterfeiting is the umbrella term to designate infringements to intellectual property, with the exception of the term piracy which is sometimes (colloquially) used to refer to copyright infringement.

ISO 28000:2022, Security and resilience – Security management systems – Requirements, is a management system standard published by International Organization for Standardization that specifies requirements for a security management system including aspects relevant to the supply chain.

Security seals are tamper-evident mechanisms that seal valuable material in a room, cabinet, vehicle, or other storage facility. One common use is to seal cargo in transit shipping containers in a way that provides tamper evidence and some level of rudimentary security. Such seals can help to detect theft or contamination, either accidental or deliberate. Security seals are commonly used to secure truck trailers, vessel containers, chemical drums, airline duty-free trolleys, and utility meters. Typically they are considered an inexpensive way of providing tamper evidence of intrusion into sensitive spaces.

Kunio Mikuriya is the Secretary General of the World Customs Organization (WCO).

Digital supply chain security refers to efforts to enhance cyber security within the supply chain. It is a subset of supply chain security and is focused on the management of cyber security requirements for information technology systems, software and networks, which are driven by threats such as cyber-terrorism, malware, data theft and the advanced persistent threat (APT). Typical supply chain cyber security activities for minimizing risks include buying only from trusted vendors, disconnecting critical machines from outside networks, and educating users on the threats and protective measures they can take.

<span class="mw-page-title-main">James Giermanski</span> American security specialist

James Giermanski is a specialist in supply chain security and container shipping programs of the U.S. Department of Homeland Security. He is a former U.S. Air Force Office of Special Investigations and a former FBI agent.

The Open Trusted Technology Provider Standard (O-TTPS) is a standard of The Open Group that has also been approved for publication as an Information Technology standard by the International Organization of Standardization and the International Electrotechnical Commission through ISO/IEC JTC 1 and is now also known as ISO/IEC 20243:2015. The standard consists of a set of guidelines, requirements, and recommendations that align with best practices for global supply chain security and the integrity of commercial off-the-shelf (COTS) information and communication technology (ICT) products. It is currently in version 1.1. A Chinese translation has also been published.

ISO/TC 292 Security and resilience is a technical committee of the International Organization for Standardization formed in 2015 to develop standards in the area of security and resilience.

The UN Counter-Terrorism Implementation Task Force (CTITF) was an instrument designed to roll out the UN Global Counter-Terrorism Strategy.

ISO 22300:2021, Security and resilience – Vocabulary, is an international standard developed by ISO/TC 292 Security and resilience. This document defines terms used in security and resilience standards and includes 360 terms and definitions. This edition was published in the beginning of 2021 and replaces the second edition from 2018.

References

1 2 Government of Canada, Agreement between Canada and the European Union on Customs Cooperation with Respect to Matters Related to Supply-Chain Security, signed 4 March 2013, accessed 18 August 2021
↑ P.N., Sindhuja (August 3, 2021). "The impact of information security initiatives on supply chain robustness and performance: an empirical study". Information & Computer Security. 29 (2): 365–391. doi:10.1108/ICS-07-2020-0128. ISSN 2056-4961.
↑ "Supply Chain Risk Management". www.dni.gov. Office of the Director of National Intelligence. Retrieved March 7, 2021.
↑ Zalud, Bill. "The Daily Challenges of Supply Chain Security". www.securitymagazine.com. Security Magazine. Retrieved March 7, 2021.
↑ Mayhew, C (2001), "The Detection and Prevention of Cargo Theft", Trends & Issues in Crime and Criminal Justice, retrieved January 25, 2023
1 2 Hayden, Ernie. "How supply chain security has evolved over two decades". searchsecurity.techtarget.com. Tech Target. Retrieved March 7, 2021.
↑ Starks, Tim (February 24, 2021). "Biden signs executive order demanding supply chain security review". www.cyberscoop.com. CyberScoop. Retrieved March 7, 2021.
↑ "Operation Safe Commerce". Office of the Federal Register. Federal Register (Daily Journal of the United States Government). November 20, 2002. Retrieved July 17, 2016.
↑ Operation Safe Commerce passes Round 1, Inside Logistics, published 8 September 2004, accessed 28 July 2022
↑ BSI Group, Cargo theft and labor exploitation incidents increase risk to supply chains, published 21 October 2020, accessed 1 January 2021
↑ Council of the European Union, EU-US Summit: Joint statement, published 20 November 2010, accessed 23 December 2020
↑ U.S.-EU Transatlantic Economic Council, Joint Statement, 17 December 2010, accessed 23 December 2020

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[eucanada-1] 1 2 Government of Canada, Agreement between Canada and the European Union on Customs Cooperation with Respect to Matters Related to Supply-Chain Security, signed 4 March 2013, accessed 18 August 2021

[2] P.N., Sindhuja (August 3, 2021). "The impact of information security initiatives on supply chain robustness and performance: an empirical study". Information & Computer Security. 29 (2): 365–391. doi:10.1108/ICS-07-2020-0128. ISSN 2056-4961.

[3] "Supply Chain Risk Management". www.dni.gov. Office of the Director of National Intelligence. Retrieved March 7, 2021.

[4] Zalud, Bill. "The Daily Challenges of Supply Chain Security". www.securitymagazine.com. Security Magazine. Retrieved March 7, 2021.

[5] Mayhew, C (2001), "The Detection and Prevention of Cargo Theft", Trends & Issues in Crime and Criminal Justice, retrieved January 25, 2023

[Tech_Target-6] 1 2 Hayden, Ernie. "How supply chain security has evolved over two decades". searchsecurity.techtarget.com. Tech Target. Retrieved March 7, 2021.

[7] Starks, Tim (February 24, 2021). "Biden signs executive order demanding supply chain security review". www.cyberscoop.com. CyberScoop. Retrieved March 7, 2021.

[8] "Operation Safe Commerce". Office of the Federal Register. Federal Register (Daily Journal of the United States Government). November 20, 2002. Retrieved July 17, 2016.

[9] Operation Safe Commerce passes Round 1, Inside Logistics, published 8 September 2004, accessed 28 July 2022

[10] BSI Group, Cargo theft and labor exploitation incidents increase risk to supply chains, published 21 October 2020, accessed 1 January 2021

[11] Council of the European Union, EU-US Summit: Joint statement, published 20 November 2010, accessed 23 December 2020

[12] U.S.-EU Transatlantic Economic Council, Joint Statement, 17 December 2010, accessed 23 December 2020

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]