Immunizing your supply chain network from terrorism

With the unfortunate rise of terrorism in the last couple of decades, it is imperative that companies incorporate immunizing their supply chain networks as part of their core risk mitigation strategies.

I have listed down some of these mitigation techniques below:

1. For starters, you must opt for transportation insurance. This will protect them from other disasters or shortfalls as well.
2. You must look to distribute the risk by avoiding total dependence on any one particular transport medium (railways, airways or waterways). In case any one of these mediums is disrupted, they can still rely on the other one.
3. You must maintain adequate buffer inventory. An optimized point must be found between just-in-time principle and the just-in-case principle. Use of predictive and prescriptive analytic techniques can help you achieve this.
4. You must shorten their supply chains in terms of distance and the number of parties involved. This will reduce the vulnerability of the network as the attackers will then have lesser points of attacks. Conversely, it also reduces the complexity and is easy for the company to manage the supply chain.
5. You must build a strategic alliance with your suppliers and logistics providers and not just a business relationship. This will ensure that if need be they prioritize your consignment and the entire model stays stable (at least for your company).
6. You must collaborate and educate your suppliers and logistics providers about the associated risks and the mitigation techniques so that the strategies are deployed across the entire network.
7. Lastly, you must also collaborate with your customers (to whom you are the suppliers) so that they understand risks of the supply chain. If collaboration doesn't work, then you must incorporate clauses in your agreements to avert dire consequences.

Reference: http://spendmatters.com/2010/11/01/terrorism-and-the-supply-chain-strategies-for-coping-with-a-form-of-supply-risk-we-cant-ignore/

Smart Dust & RFID privacy

http://www.nanotech-now.com/images/golem-dust-penny-large.jpg

The Science Daily article Nano-Based RFID Tags Could Replace Bar Codes [1] announces with breathless excitement that we may be on the verge of nano-scale RFIDs. The implications extend far beyond tracking inventory in warehouses, even if the devices perform only passively at the hoped for range of 300m.

These devices would be by design tiny and ubiquitous, likely embedded in products such that they are not only undetectable when the product is in use, but also integrated into the product in such a way that their removal would be impossible without damaging or destroying the object in question.

There are already some grave concerns [2] regarding tradeoffs in efficiency versus privacy and safety in RFID-enabled passports: do you really want anyone who cares to install the proper equipment to be able to identify you as carrying a U.S. passport the moment you walk though their door? There are certainly places today where such identification could be actively dangerous to the passport holder. Passports, at least, are specific enough items that it might not be unreasonable to expect that those carrying them should take measures to protect them from casual snooping, just as one might take care where one carries a wallet or credit card. Use your favorite search engine to see how many hits you get for “passport RFID blocker” – there are already multiple products on the market designed to address this concern.

Imagine instead that nearly everything on or about your person is labeled with an RFID which identifies manufacturer and item number – not at all unreasonable if you are the manufacturer working to track your inventory, but potentially problematic if you are the end consumer. From an arbitrary distance, say, that 300m or less figure quoted in the Science Daily article someone can generate a profile of you without even needing to focus upon you as a specific individual. You might pass through a portal or doorway and be identified as having $3000 worth of clothing and electronics on your person. You might subsequently be selected for a targeted sales pitch or to be followed with intent for unspecified mayhem.

One might sprinkle nano RFIDs on or about one’s premises for simple inventory – sprinkle first then catalog later: the rough collection of these RFID IDs correlates to the printer, and those to the postage meter. If a few fall off, so be it, there are still a few hundred with unique identifiers; more than enough to specify a particular item. This would be wonderful for tracking material through a manufacturing process or simply for keeping track of what is where. It might also be useful for a third party wishing to track you without your knowledge. If the little nano RFIDs are a bit more capable, they enter the realm of smart dust [3] – able to record and transmit data. [4] Again, incredibly useful if you want to monitor conditions in your shipping container or warehouse, but potentially problematic from a privacy standpoint.

Concerns regarding privacy issues and potential for abuse aside, this technology is coming: the world of ubiquitous sensors is not so much “if” but “when and how.” There is just too much upside for manufacturers or any entity that desires to track and inventory . . . anything.

Question: how will we mitigate the new set of risks that will be created as this technology evolves? Disabling all the RFIDs on your gear/clothing will eventually make you as noticeable as disabling none of them . . .

Further reading

Pister: Smart Dust in 2010. He has the timing off (obviously) but many of his projections are being developed actively.

Privacy concerns grow with the use of RFID tags Martínez-Cabrera, A. SF Gate (September 6 2010). Short consumer article outlining some broad concerns regarding RFID use.

References

[1] Nano-Based RFID Tags Could Replace Bar Codes. ScienceDaily. (Mar. 19, 2010) http://www.sciencedaily.com/releases/2010/03/100318113300.htm accessed 9 October 2012.

[2] A Threat Analysis of RFID Passports. Waldo, J. et al Queue. (October 1 2009) http://queue.acm.org/detail.cfm?id=1626175 accessed 9 October 2012

[3] 'Smart dust' aims to monitor everything. Sutter, J.D. CNN (May 03, 2010) http://articles.cnn.com/2010-05-03/tech/smart.dust.sensors_1_smart-dust-sensors-kris-pister?_s=PM:TECH accessed 9 October 2012.

[4] SMART DUST: Autonomous sensing and communication in a cubic millimeter. Website: http://robotics.eecs.berkeley.edu/~pister/SmartDust/