China Locks Down City Containing One of World’s Busiest Ports, Could Impact Supply Chain
Source: Newsweek
Published: January 7, 2022
The Chinese industrial city of Ningbo has been shut down due to COVID-19 and the lockdown has its port continuing to be backed up. Located in the Zhejiang province of China, Ningbo is home to the third-largest port in the world. However, lockdown measures could worsen the already-disrupted port as worldwide supply chain woes persist.
Log4j Highlights Need for Better Handle on Software Dependencies
Dark Reading
January 3, 2022
Log4j Highlights Need for Better Handle on Software Dependencies
It’s a new year and the cybersecurity community now faces the long-term consequences of yet another software supply chain security nightmare. After a year full of application security zero-day fallout, the Log4j vulnerability debacle (also referred to as Log4Shell) was like a thematic bookend for 2021 that closed out the year much in the way SolarWinds started it. The real-world consequences of these incidents schooled enterprise IT teams in too many ways to count. But perhaps the most important lesson to bubble up is how much work many organizations need to do to truly understand and manage what code is running under the hood across their software portfolios. Like the SolarWinds incident before it, the Log4j fiasco highlighted how many hidden software dependencies exist in enterprise software — and how hard it is to stamp out critical underlying flaws when these dependencies aren’t sufficiently understood.
The Impact of Business Intelligence on Supply Chain Performance with Emphasis on Integration and Agility–a Mixed Research Approach
International Journal of Productivity and Performance Management
Purpose
The paper aims to explore how business intelligence (BI), integration and agility influence supply chain performance.
Design/methodology/approach
The study was performed by the exploratory sequential mixed method in two phases including meta-synthesis as a qualitative method and survey as a quantitative method. Data were collected through a survey of 369 Iranian companies across various industries. Structural equation modeling was used to test hypotheses.
Findings
The results show that BI, integration and agility play an important role in achieving better supply chain performance. In the meantime, BI has the greatest impact on supply chain performance. Additionally, BI has a positive and significant effect on the integration and agility of the supply chain. The study also found that integration has a direct effect on supply chain agility.
Originality/value
To the best of the authors’ knowledge, the paper theoretically and empirically presents a new conceptual model of the relationship between BI, integration, agility and supply chain performance. The study helps researchers and practitioners to achieve insights into supply chain performance improvement.
2021 Semiconductor Industry Association (SIA) Annual Report
While the semiconductor industry has achieved great successes in 2021, it also faces significant challenges. Chief among them is a widespread global semiconductor shortage. Unanticipated rising demand for semiconductors needed during the pandemic response, coupled with significant fluctuations in chip demand for other products such as cars, triggered a rippling supply-demand imbalance felt across the world. The semiconductor
industry has worked diligently to increase production to address high demand, shipping more semiconductors on a monthly basis than ever before by the middle of 2021, but most industry analysts expect the shortage to linger into 2022.
Read the full report here: 2021-SIA-State-of-the-Industry-Report.pdf (semiconductors.org)
Cybersecurity Reference and Resource Guide
2019 Cybersecurity Resource and Reference Guide_DoD-CIO_Final_2020FEB07
The purpose of this document is to provide a useful reference of both U.S. and International resources, in order to develop cybersecurity programs and to build and maintain strong network protection. Extensive reference materials exist that support efforts to build and operate trusted networks and ensure information systems maintain an appropriate level of confidentiality, integrity, authentication, non-repudiation, and availability. The resources compiled here support security cooperation and shared best practices to help achieve collective cybersecurity goals. This guide provides readily available and unclassified information pertaining to cybersecurity norms, best practices, security cooperation, policies and standards authored and adopted by the United States (U.S.) government, the U.S. Department of Defense (DoD), and recognized international institutes and workforce development training resources provided by government, industry, and academia.
Aspects related to Cyber Supply Chain Risk Management in the document:
Cyber Supply Chain Risk Management (SCRM) is the process of identifying, assessing, and mitigating the risks associated with the distributed and interconnected nature of information and operational technology product and service supply chains. It covers the entire life cycle of a system (including design, development, distribution, deployment, acquisition, maintenance, and destruction) as supply chain threats and vulnerabilities may intentionally or unintentionally compromise an information and operational technology product or service at any stage.
Website: https://csrc.nist.gov/Projects/Supply-Chain-Risk-Management
NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, April 2015
Federal agencies are concerned about the risks associated with information and communications technology (ICT) products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the ICT supply chain. These risks are associated with the federal agencies decreased visibility into, understanding of, and control over how the technology that they acquire is developed, integrated, and deployed, as well as the
processes, procedures, and practices used to assure the integrity, security, resilience, and quality of the products and services. This publication provides guidance to federal agencies on identifying, assessing, and mitigating ICT supply chain risks at all levels of their organizations. This publication integrates SCRM into federal agency risk management activities by applying a multi- tiered, SCRM-specific approach, including guidance on supply chain risk assessment and mitigation activities.
Website: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161.pd
Cybersecurity and Information Systems Digest
Cybersecurity & Information Systems Information Analysis Center (CSIAC)
14 DECEMBER 2021
The Digest is a newsletter intended to provide readers with a greater awareness of the latest research and development trends in the four technical focus areas supported by CSIAC while also highlighting recent CSIAC activities, services, and products.
Find the latest issue at this link:
Application of AI in SCM or Supply Chain 4.0
Preparing Supply Chain for the Next Disruption Beyond COVID-19: Managerial Antecedents of Supply Chain Resilience
Ethan Nikookar, Yoshio Yanadori
International Journal of Operations & Production Management
Article publication date: 10 December 2021
Purpose
COVID-19 once again showed the importance of building resilience in supply chains. Extant research on supply chain resilience management has successfully identified a set of organizational antecedents that contribute to supply chain resilience. However, little is known about the mechanisms by which these antecedents are developed within a firm. Drawing on the dynamic managerial capabilities theory, the current study aims to investigate the critical role that supply chain managers play in developing the organizational antecedents. Specifically, this study shows that supply chain managers’ social capital, human capital and cognition are instrumental to the development of three organizational supply chain resilience antecedents: visibility, responsiveness and flexibility, which subsequently enhance the firm’s supply chain resilience.
The authors employ survey data collected from 598 manufacturing firms in Australia, and Hayes and Preacher’s (2014) parallel multiple mediator model to empirically test the hypotheses.
Findings
The findings of the study establish that supply chain managers’ social capital, human capital and cognition indeed have implications for developing supply chain resilience. Furthermore, the mediators through which managers’ social capital, human capital and cognition improve supply chain resilience are identified in the current study.
Originality/value
The study contributes to the extant literature on supply chain resilience, investigating the role that supply chain managers play in developing the resilience of their firm.
Four New Foreign Companies Added to Department of Commerce Entity List
NSO Group: Israeli spyware company added to US trade blacklist – BBC News
The US Commerce Department’s Bureau of Industry and Security (BIS) has added four foreign companies to its Entity List. The decision comes as these companies – two from Israel, and one each from Russia and Singapore – were deemed to act in a way that went against the national security or foreign policy interests of the United States. NSO Group and Candiru, the two companies from Israel, reported supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.
New Law Tightens U.S. Restrictions on Equipment in Supply Chain
Biden signs legislation to tighten U.S. restrictions on Huawei, ZTE | Reuters
New legislation signed in November – The Secure Equipment Act – will prevent companies that are deemed security threats from receiving new equipment licenses from U.S. regulators. The new law requires the Federal Communications Commission (FCC) to no longer review or approve any authorization application for equipment that poses an unacceptable risk to national security.