Trust in Supply Chain Management – Threats beyond the US Department of Defense
I know it has been quite awhile since the first Batman movie where Jack Nicholson starred as The Joker. However, I cannot help but think of Nicholson’s Joker when I think about Trusted Supply Chains when he said, “…And now, folks, it’s time for “Who do you trust!” Hubba, hubba, hubba! Money, money, money! Who do you trust? Me? I’m giving away free money. And where is the Batman? HE’S AT HOME WASHING HIS TIGHTS! “
My first take on the topic of supply chains is that it must be an abysmally dry topic, particularly in the context of the “white hot” world of cloud computing. At least that is what I believed until this week. With late notice last week, I had the distinct pleasure as an invited panelist at the inaugural Critical Technologies Conference that was held this week at NAVSEA in Crane, IN. The panel was about the threat to national security from DIS-trusted supply chains infiltrating their way into DoD platforms of all types. The conference was held in a quaint and picturesque setting at NAVSEA’s Crane Division in southern Indiana at the base’s club house situated on Lake Greenwood. Trust me when I tell you that I wasn’t the only attendee that was happy to have had the conference shuttle from Bloomington!
While the conference was limited to about one hundred attendees, the presentations and information were more than simply intriguing to the selective gallery of onlookers. The content was sobering and in some ways startling. While the focus of the conference was on interests for the US Department of Defense (DoD), the epiphany that hit me square between the eyes is the very nasty impact that globalization is reeking on the supply chains of legitimate commercial interests. In this blog, I want to talk about Trusted Supply Chains and the positive impact that cloud computing architectures can have on what should be considered the lifeblood of a product, it’s supply chain.
I’m an electrical engineer by training, not an industrial engineer, so I haven’t given a great deal of thought into the subject of supply chains until my MBA days. That’s the funny thing about MBA training for engineers, it actually forces you get your head out of the calculus book and think about why you need calculus anyway. But back to the subject matter at hand. I’ve blogged ad nauseam about Christensen’s Value Chain Evolution (VCE) Theory. I’m afraid I have to do so again, because it is precisely VCE Theory that is responsible for the disaggregation in complex supply chains.
The interesting thing about VCE Theory in supply chain disaggregation is that it seems impervious to the granularity of the inflection point. It doesn’t seem to matter whether the inflection point in the supply chain is outsourcing diesel locomotive engines, steel factories, a few cleverly connected transistors on an integrated circuit, or a few lines of software code in a middleware module. The one thing that is discriminatory in VCE-affected supply chains is the “digital content ratio” exhibited by the supply chain. The more the supply chain is driven by information content that is inherently digital, the faster the absorption rate of VCE inflection points and the more subject the supply chain is to disaggregation.
Disaggregated supply chains can have very positive effects on extracting cost efficiencies in products. As with any pro, there is a con, and in this case the cost efficiency comes at the price of TRUST! Why do I think of the opening quote by The Joker? Because as a systems integrator when it comes to Supply Chain Risk Management (SCRM), who are you going to trust while saving money in assembling products? “…hubba, hubba, hubba! Money, money, money! Who do you trust?” These two issues, trust and money, go hand in hand in disaggregated supply chains.
“Hell isn’t merely paved with good intentions, it is walled and roofed with them” Aldous Huxley
Engineers, Supply Chains, Business Capital, Free Markets, and Good Intentions
I am no advocate for commercial isolationism, nor am I a proponent for a global free trade zone. However, we must be willing to take a candid look at the reality of industrial and commercial policies with enough open mindedness to step back when we see those policies start backfiring. With that said, I am also a dog lover, and dogs do the darnedest things, almost always with an intent to please their masters. The same great intentions can be aspired to the creators of disaggregated, VCE-shaped supply chains. However, just as our furry friend in the illustration shows, past habits that we learned that have previously pleased our masters, may now end up with unexpected and sometimes undesirable results!
The evolution of the disaggregated inflection points in a supply chain occur because there is no longer a differentiated advantage to maintaining that point in the supply chain vertically within the company. The value of outsourcing the service or part has become “good enough” and can be competitively sought after on the open market. The operative words “good enough” and “open market” impose a Supply Chain Management (SCM) responsibility on the consumption side of the supply chain, and the following questions must be considered:
- Is the outsource service truly “good enough”, i.e. will using the outsourced version of the component degrade the overall quality of the final product and ultimately the company’s reputation?
- How will we maintain an ongoing quality control program in collaboration with the supplier?
- Does the supplier operate a sustainable business model?
- Will they be in business as long as I need them to be?
- Do we have acceptable alternative supply sources in our contingency plans?
- Is the supplier “trusted”?
- Is the supplier honest, reputable?
- What indemnification rights protect our company from transacting with this supplier?
- Are the parts/service that I am receiving counterfeit?
- Is the supplier operating under nefarious auspices?
- What about the distribution channels of the supplier?
- What international tariffs or laws must be considered to integrate the supplier into our manufacturing processes?
- How can we implement Just-In-Time manufacturing process efficiencies?
“Executive Decisions”…unexpected consequences from honest intentions…
Hard choices always start at the top
The electronics and software supply chains are characterized through high digital content ratios. These two supply chains are also very synergistic and have complex, interrelated dependencies. We are now observing practices in foreign markets that have degraded the integrity and trust of the electronics and software supply chains. The first and foremost practice is a market of counterfeit electronic parts. The second is digital content Intellectual Property (IP) theft that once compromised and disseminated, the control and recovery of that IP is effectively lost forever.
At the Critical Technologies Conference, the Supply Chain panel featured Tom Sharpe, CEO from SMT Corporation. SMT Corporation specializes in trusted electronics supply chain management. What I learned from Mr. Sharpe’s presentation is that knowing that counterfeit electronics exist and understanding the magnitude and prevalence of the problem are entirely two different things. A comment from Mr. Sharpe that strikes at the heart of the problem was this, “I guarantee you that if you have more than a few consumer electronics products in your home, there are counterfeit parts in one of those products!”
To most of us that statement does not translate into a serious threat, until one of the products that has been compromised with counterfeit electronics fails, malfunctions, or worse creates a hazard. In most cases, the product seems to work fine, but the unseen crime at work takes money out of the rightful pockets of the original manufacturers. Crime! Did I say crime! Yes, I did. When we examine the counterfeit electronics supply chain, what we find is that it is not all that hidden from view. In fact, we know a great deal about every step of the process. Most noteworthy is the cultural mindset that those engaged in the counterfeit electronics market do not associate any criminality in the activity, but in many respects see their market as a “green initiative” in recycling what is considered waste products.
The RnD cost that goes into designing, qualifying, testing, and supporting electronic components is staggering. Specification of the dozens of parameters for a specific component that are characterized by the component’s packaging labels are negated when counterfeiters re-mark the component with a higher performance designation. The situation becomes even more egregious when completely different components that have the same physical package are mislabeled. The fraudulent device is inserted into the product. The product test fails, gets ejected in manufacturing to a quality assurance line, and the counterfeit manufacturing cycle begins anew.
The situation becomes much more arduous when the malfeasance penetrates the silicon die in terms of digital content controlled intellectual property. This process of compromise in a trusted supply chain can be likened to an organ transplant and never knowing or finding the transplant recipient. In electronic component design & manufacturing, digital IP references the actual functional specification of a particular capability the component exhibits or delivers. That IP will undergo a series of content transformations that lead to a final manufacturing description. At each transformation stage the IP is in a human or machine readable digital format that if stolen or compromised can be used to complete the manufacturing process.
The problem becomes intractable once the IP is removed from its intended application or component and transferred into a completely different component architecture. The stolen IP simply becomes another functional element of a black box system that is practically impossible to detect, akin to someone disappearing into a large crowd of people. The IP, along with the component that is now contaminated with stolen IP, becomes part of the landscape of a black market supply chain. While not identical in process, in context, the problem of theft and compromise of software IP may be easier to execute, but just as hard to recover from after the theft has occurred.
Tony Bent, Business Operations Director for National Semiconductor’s trusted foundry operations represented on the same Supply Chain panel, talked about the additional supply chain controls that National is manufacturing into their components to make it easier to detect counterfeit components earlier in the supply chain cycle. Tony also mentioned the brazenness exhibited by counterfeiters. He discussed situations in which National engineers have received calls from overseas persons who ask why certain transistors are part of a particular circuit, clearly with an aim at replicating the silicon die for counterfeiting. The fact that the counterfeiting party has no reservation about contacting the original manufacturer borders on obscene!
Adding the “Trusted” cloud computing component into a disaggregated supply chain!
The issue of IT intellectual property rights, security, privacy, and protection is without dispute or question the single highest calling and priority for cloud computing service providers! There can be no effort minimized, no corners taken, no expense incurred in fulfilling this mission statement for a cloud computing service providers. Simply stated, without total IT intellectual property control and security, a cloud computing service provider does not have a service to sell.
Information control and management is a crucial component in SCM. While the information content associated with SCM is not in a strict sense technical or engineering intellectual property controlled through patents and copyrights, it is valuable to the company’s operations and must be considered a form of intellectual property and treated with appropriate security concerns. When a supply chain is vertically integrated within a single organization or company, control and management of SCM data is a simpler task. Disaggregate and distribute that SCM database across dozens of independent, international ongoing concerns, and SCM data management flies out the window. If the information flow across a supply chain could be likened to the glue that holds the flow of components across the supply chain, then SECURE, COLLABORATIVE information flow across that supply chain could be considered SUPER GLUE for the flow of components.
I suspect by now that you’ve probably surmised where I am going this with this…enter the disruptive world of collaborative cloud computing enterprise architectures. I personally love the application of a disruptive technology that solves a VCE-driven disruption.
True disruptions always look funny at first glance and often end up as mainstream solutions.
For most companies, the transition to a cloud architecture in itself is scary enough, much less a public cloud. Therefore, the initial focus of my comments here will be on “community cloud computing” architectures, i.e. a collaborative, demand-based, multi-tenant, utility computing model designed to serve the interests of a specific community of users. The concepts stated here are just as applicable to public clouds. The key concept to retain from the previous statement is that the multi-tenancy is the critical component in a community cloud service that binds collaboration with disaggregation.
Now let’s apply the vision a supply chain workflow implemented as a secure, collaborative, cloud computing enterprise architecture.
Identity Profiles – Trust component for Cloud-based Supply Chain Management
“Identity in the Age of Cloud Computing”, J.D. Lasica, Communications and Society Program
“Technology enables companies to build and tear apart alliances and partnerships on an as-needed basis. Product decisions are becoming less dependent upon a fixed list of suppliers than on the range of suppliers available. Relationships come together based on a particular product or project and then disband at the end.”
“The beginnings of this move toward specialization is already on display in certain global supply chains, where workers in disparate venues focus on one aspect of the manufacturing process. For instance, eighteen companies were involved in developing and manufacturing the first Apple iPod.”
“Improved global coordination allows companies that have found unique ways to deliver products in certain markets to go global with those advantages.”
More to come…