In the last few months, the vulnerability of the UK’s supply chain has become a topic of increasing concern among UK citizens and government watchdogs. The issue has been brought to light following a series of shortages and shipping bottlenecks that the COVID pandemic and Brexit have spurred.
The UK operates on a ‘just in time’ supply chain, meaning there are no surplus or back stores of the supplies imported into the country every day. The UK imports over £301bn worth of goods from the EU every year, including fruit and vegetables, livestock, clothing, cars, medicines, technology, beverages, gas, crude oil and chemicals. Each of these are critical to the efficient running of society.
However, these commodities are co-dependent to keep the supply chain running. For example, shipping tankers rely on fuel providers to carry out their journeys to bring imports into the UK. Retailers rely on lorries to bring stock onto supermarket shelves; supermarkets and retailers rely on plastics and packaging companies to receive goods and send out products to customers; plastics companies rely on chemical imports to produce packaging.
Essentially, everything is interlinked, and if the supply of one service breaks down, it can have a domino effect taking down other services with it. An example of this was demonstrated last year when the UK suffered a shortage in cardboard boxes, which was caused by a lack of HGV drivers and a surge in online home deliveries. Packaging companies were unable to keep up with the supply and demand. This had a knock-on effect on retailers and consumers as many online purchases could not be fulfilled or were severely delayed.
This incident highlights the far-reaching consequences when one link in the UK’s supply chain breaks down. As a result, the industrial organizations that make up the foundations of the UK’s supply chain must now start thinking about other potential risks that could impact their services. When looking at threats, there are multiple factors that could put the UK’s supply chain at risk. However, few are as impactful as a cyber-attack.
Today almost all industrial organizations will use some form of automation and internet connectivity within their operational environments. This added connectivity improves efficiency and cuts costs. However, it also makes industrial organizations more susceptible to cyber-attacks.
"When looking at threats, there are multiple factors that could put the UK's supply chain at risk"
Industrial environments are complex and present significant challenges when it comes to security. For example, updates are difficult to apply, visibility across operational technology environments is usually poor and some systems are so crucial they can’t be taken offline to run security updates. This often leaves many industrial organizations unclear on how to build out effective security programs to protect their networks against cyber-attacks. So, what are the best steps?
When building out security programs for industrial organizations, it is essential that they cover people, process and technology. This includes allocating resources to improve their security programs, training, equipping and growing personnel with the needed skill sets to improve cybersecurity while deploying technology to support cyber protections and detection capabilities. This technology should have visibility across the entire network, clearly understand what software and hardware are being run and apply security updates and patches as new threats and vulnerabilities are discovered.
Industrial cybersecurity programs should also identify the potential threats that could impact the organization and then detail exactly how each scenario can be mitigated. Everyone in the organization must be briefed on cybersecurity and clearly understand incident escalation and response.
The organization’s crown jewels must also be identified. Security teams must understand how they are segmented from other areas of the network and how well they are protected from external attackers. Prioritizing crown jewels allows for accurate scoping of security strategies, tailored threat hunting and performing assessments that analyze and evaluate the overall security postures while keeping malicious actors at the forefront of strategy.
The efficient running of the UK’s supply chain is essential to the proper functioning of society, so hardening industrial organizations against cyber-attacks must be a top priority. By implementing programs that take into account network complexities and focus on building security around people, process and technology, the resilience of the UK’s supply chain against cybercrime can be significantly improved.
