On May 7th, Colonial Pipeline, the nation’s largest refined oil transporter, released a statement announcing that they had fallen victim to a strickening ransomware attack. In an effort to stem the infection, Colonial took their systems offline, blocking a major artery used to supply gasoline, diesel and jet fuel to nearly half of the East Coast.
Now, after weeks of restoration work, Colonial is once again fully operational and the overall supply chain is beginning to show signs of recovery. Progress aside though, this breach carries with it implications that extend far beyond immediate operating losses or even regional price volatility. The Colonial Pipeline hack, like others before it, has revealed not just a degree of vulnerability in our cyber defenses, but an inherent fragility in the supply chains in which they protect.
As made evident by the executive order signed into action just days after the incident, cybersecurity investments are set to take on a heightened level of importance as hackers continue to succeed on a broad and unsettling scale. With low skill barriers required to launch such attacks due to popular ‘ransomware as a service’ (RaaS) models, combined with their increasingly sophisticated nature, companies are faced with a unique challenge spanning cyberspace and supply tiers.
Recognizing the impact of years of underinvestment in cybersecurity within the private sector, the U.S. will need to adopt a far more ambitious playbook in order to ensure supply chain security and, therefore, national security. To do so, public and private entities must not only mitigate the threat of recurrent, intentional disruptions, they must be able to accommodate and contain the unforeseen.
Perhaps the greatest risk our critical infrastructure faces, aside from bad actors and plotting nation states, is climate change, a brooding force of our own making. With it comes many unknowns and potential consequences that demand far more than a one-time ransom payment. If we wish to build resilient, more secure supply chains, we need to first begin by aligning design principles with this new reality of ours.
In practice, reconfiguration will look different across sectors. With that said, though, there are certain considerations that are universal in both their appeal and importance. For instance, as companies consider resiliency, supply chain executives will be faced with the ever-more important role of measuring the cost of risk mitigation against overall efficiency. More specifically, a particular emphasis will be placed on cost efficiency as companies pursue the coveted goal of improved performance through risk mitigation.
While conventional supply chain management has long advanced a ‘one-or-the-other’ narrative where companies have to choose between resilience and cost efficiency, this idea seems to rest on shaky grounds today. As found in a joint report conducted by the World Economic Forum and Boston Consulting Group, 40% of supply chain emissions associated with the fast moving consumer goods (FMCG) sector, under which laboratory products fall, can be abated at very low costs (<$12 per ton CO2e). Better yet, the technologies to do so exist and are readily available.
When assessing various abatement levers designed to achieve net-zero emissions, circularity strategies rank highest in terms of feasibility, implementation and cost-effectiveness. In zeroing in on the FMCG space, supply chain emissions can be cut by 15% through recovery and recirculation efforts alone. When factoring in process improvements and the adoption of renewables, emissions reductions of upwards of 35% can be achieved.
So how does an abatement strategy with clear planetary benefits lend itself to the twin threat of cybersecurity? For one thing, because circularity prioritizes the meaningful reuse of materials already within existence, companies that deploy such approaches rely less on virgin feedstocks and the volatile commodity markets to which they are tied. Second to this, circular projects typically result in significant cost-savings with relatively short payback times, allowing companies to reinvest savings in key priority areas, like cybersecurity.
In a year that has felt far more like a failed simulation, we as a society are presented with a set of circumstances that speak a resounding, unavoidable truth. We can no longer afford to operate in the space between rhetoric and practice when it comes to systemic threats like climate change or national security. When it comes to designing with intention and the future in mind, it is critical that our approach to supply chain management reflects our need for supply chain resilience.