Is blockchain the answer to security risk in supply chains?

SUMMARY:

Digital connections add new security risks to the supply chain. Companies including IBM and Maersk believe blockchain may provide the answer

Chained business handshake © Andrey Popov - Fotolia.comCyber attacks such as the Target breach and NotPetya malware might be infamous for the resulting financial damage – around $250m and $900m respectively. What should perhaps be more frightening for businesses is that these losses occurred due to errors originating on the supplier side.

The 2013 hack on Target was a result of a spear phishing attack on one of the firm’s contractors. It resulted in the loss of 40 million credit card details, several senior executives – including the CEO – losing their jobs, and financial damages of over $250m. Similarly the NotPetya virus, which last year hit big-name brands including FedEx and shipping giant Maersk, was enabled when a number of Ukrainian businesses had their systems compromised by a malicious update to a popular local accounting software package.

Businesses have always had to be wary of exposure through their supply chain to risks such as fraud, quality failures, disruption and other contingencies. Today’s need to be digitally connected brings a new set of risks in its wake.

Although one approach to these attacks might be to lock down the supply chain so organizations are only doing business with a tiny number of suppliers, there are a few fundamental flaws here. First off, the global digital economy mandates that businesses wanting to thrive and succeed must open up their networks to a growing number of partners. More importantly, even if you tighten up and decrease your own list of trusted suppliers, those partners will all have their own suppliers and so a breach could occur anywhere down the line.

Blockchain’s role in supply chain security

The emerging technology of blockchain may provide an answer to improving supply chain security. It has been thrown into the spotlight thanks to the meteoric rise, rise and rise and then spectacular collapse in value of crypto currency Bitcoin, which is built on blockchain’s decentralized transaction ledgers. But the technology’s ability to establish a shared and unalterable record of events and transactions has broader applications. Since it gives verified parties access to real-time, trusted data, it has a role in bringing more secure transactions to the supply chain, reducing opportunities for fraud, counterfeit goods and theft.

As there is no centralized server location for unscrupulous individuals to aim for, blockchain reduces the chances of malicious cyber attacks and security threats. Instead, with the data residing on multiple decentralised PCs, the system is inherently more robust. As Adrian Clarke, CEO of blockchain company Evident Proof, explains:

Supply chain security is undoubtedly one area where blockchain will revolutionize the way we work. For organizations wanting to understand the provenance of an asset, product, or any data event and then track the transactions and exchanges of ownership that relate to it, it is the perfect technology solution.

Not only that, the network consensus and cryptographic features of blockchain make it highly resistant to cyber attack. The ledger of transactions is replicated and distributed across all computer nodes in the network, while the latest version of it is only agreed by a process of compute and consensus. Even if cyber attacks can shut down single computers within the network, consensus amongst the other nodes neutralises the impact of the attack.

Any extra measures to protect organisations from cyber attacks are to be welcomed. But this is especially the case with the introduction of the General Data Protection Regulation (GDPR) and Network and Information Systems (NIS) Directive in May, which will clamp down on companies falling victim to hacks, whether caused by internal failings or a weakness somewhere along the supply chain.

Reducing supply chain cost as well as risk

No doubt spurred on by its subsequent costly encounter with NotPetya, Maersk has teamed up with IBM to develop a blockchain platform to manage and track millions of shipping containers across the globe. By digitizing the end-to-end supply chain, the firms aim to make it simpler to move goods across trading zones.

The plans include providing visibility across the entire supply chain to make sure every party can securely share information about shipping events – and letting companies securely submit, validate and approve documents across organizational boundaries. Blockchain-based smart contracts mean the required approvals will be in place, helping to speed up approvals and reduce mistakes.

There is currently a vast amount of resources wasted across the shipping industry due to inefficient and error-prone manual processes. As example of that, a shipment of refrigerated goods from East Africa to Europe can go through nearly 30 people and organizations and involve more than 200 different communications.

Using blockchain for shipping could simplify the process, minimize security breaches and reduce the cost of doing business – the cost of the required trade documentation for moving goods is currently around one-fifth of the actual physical transportation costs. According to The World Economic Forum, by reducing barriers within the international supply chain, global trade could increase by nearly 15%.

IBM and Maersk team up to pilot blockchain

IBM – which is throwing a lot of resource and money into blockchain projects – and Maersk began working together in June 2016, and launched their joint blockchain venture in January. They hope to introduce the first product this summer.

Various organizations have already piloted the platform, including Dow Chemical, Tetra Pak and US Customs and Border Protection, while General Motors and Procter and Gamble are both investigating how the blockchain technology could be used to manage and secure their own complex supply chains.

The IBM and Maersk tie-up will be a useful project to track, in terms of how successful the firms are in encouraging enough companies operating across the shipping sector – and their partners – to sign up.

Peter Kinder, CTO at e-procurement specialist Wax Digital, can also see blockchain being a useful platform for securing financial transactions like invoicing, as it could guarantee that an invoice cannot be changed – deliberately or unknowingly – between the moment a supplier submits it to the time a buyer processes it. Any invoice transaction would have to be checked and approved by all participants, removing the risk of corruption throughout the invoicing process. Kinder explains:

It enables data to be distributed to known members within an agreed network. Each item of data – for example documents, information records, transaction receipts – is shared and stored with every member in the network who can accept its authenticity. Once an item has been created it can’t be copied or changed and it becomes a data ‘block’ that is added sequentially into the blockchain database.

Any subsequent changes to the supplier management process would require a new item [block] to be issued to the same network members, who would need to validate it. Without this, individuals internal or external to the organization could potentially make unauthorized changes to the supply chain that is for personal gain.

However, blockchain has its limitations and is certainly not the silver bullet for supply chain security. The nirvana is a digital contract for every process, transaction and payment, all stored in transparent and shared databases, and impossible to delete or alter.

But this is years away in reality, if it ever happens. Blockchain isn’t a quick-win, money-saving solution to supply chain security. Its potential lies in forming a foundation for secure transactions that would require buy-in from every organization operating along the chain to succeed.

Image credit - Chained business handshake © Andrey Popov - Fotolia.com

    Leave a Reply

    Your email address will not be published. Required fields are marked *