News – Page 4 – SCRM Portal

February 1, 2024February 1, 2024

A Maturity Model for supply chain risk management

Purpose

Supply chains are among the most important, complex and risky systems in the modern world. Thus, managing risk is no longer an option, but a fundamental process in organizations. Given the lack of pathways that guide companies toward supply chain risk management (SCRM), the purpose of this study is to provide a conceptual reference, in the form of a maturity model, to support them in the evolution and improvement of this process.

Design/methodology/approach

The proposal covered a broad literature review, a survey and a multiple case study. The research was conducted in the aerospace industry and included companies from the supply chain of a leading aircraft manufacturer.

Findings

The model elaborated with the research results has eight attributes and four levels, addressing critical issues for SCRM to achieve its scope and purposes. The attributes include the structuring and scope of the SCRM process, the importance it receives within the organization, the resources used and the qualification of employees, the role of leadership and the inter-organizational collaboration.

Practical implications

Managing risk along supply chains is particularly challenging, demands resources and knowledge and requires a continuous effort. The proposed model offers a reference for improvement, helping to identify areas that need to be strengthened and practices to be implemented. Thus, it can guide the focus and efforts in a more efficient and systematic way, in addition to support evaluations and comparisons.

Originality/value

Although maturity models are abundant in different fields and several are available for risk management, models specifically developed for SCRM are scarce. This study broadens the understanding of SCRM with novel insights about how to improve this process in an evolutionary way. While many researchers focused their efforts on the SCRM process steps, this study identified critical issues that transcend these steps. The research was carried out in a sector with a long tradition in risk management and included companies belonging to a same supply chain, that is, using an approach still little explored in studies on SCRM or risk management maturity models.

Read Full Publication

January 31, 2024February 1, 2024

Johnson Controls says ransomware attack cost $27 million, data stolen

Johnson Controls International has confirmed that a September 2023 ransomware attack cost the company $27 million in expenses and led to a data breach after hackers stole corporate data.

Johnson Controls is a multinational conglomerate that develops and manufactures industrial control systems, security equipment, air conditioners, and fire safety equipment.

Read Full Article

January 29, 2024January 30, 2024

Zero-day, supply-chain attacks drove data breach high for 2023

Zero-day exploits, supply chain attacks fuel 72% increase over previous record for incidents of compromise. Another increase is expected for 2024.A new record for data breaches reported to the Identity Theft Resource Center (ITRC) was set in 2023, spurred by zero-day and supply chain attacks, according to the organization’s annual data breach report released Thursday. The report noted that the number of data compromises in 2023 jumped 78% over 2022, to 3,205 from 1,801 and exceeded, by 72%, the previous high of 1,860 breaches recorded in 2021.

Read Full Article

January 11, 2024January 12, 2024

Chips Trade War ‘Will See Surge in E-Recycling’ – Deloitte

In its Tech, Media and Telecom Predictions 2024 report, Deloitte says the supply chain sector will face “significant” raw material shortages, particularly gallium and germanium – vital minerals needed for chip manufacturing.

Deloitte says that interest in electronic waste (e-waste) recycling is likely to grow in response to these shortages. E-waste recycling is the disassembly and separation of components and raw materials of waste electronics from devices such as PCs and mobile phones.

Read Full Article

January 2, 2024January 12, 2024

States and Congress Wrestle With Cybersecurity After Iran Attacks Small Town Water Utilities

The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international cyberattack.

It had never had outside help in protecting its systems from a cyberattack, either at its existing plant that dates to the 1930s or the new $18.5 million one it is building.

Then it — along with several other water utilities — was struck by what federal authorities say are Iranian-backed hackers targeting a piece of equipment specifically because it was Israeli-made.

Read Full Article

December 11, 2023December 21, 2023

Report: hackers target third-party suppliers in automakers’ supply chains

Nine out of 10 cyber attacks launched at automotive manufacturers are not aimed at the original equipment manufacturers (OEMs) themselves, but at other companies in their supply chains, according to a study from cybersecurity software and service provider VicOne.

Read Full Article

December 1, 2023December 7, 2023

Federal investigators confirm multiple US water utilities hit by hackers

Following a recent cyberattack at a Pennsylvania water utility, federal officials have confirmed that multiple additional water utilities in the US running the same industrial equipment have been breached by hackers, two people briefed on the matter told CNN.

Read Full Article

November 30, 2023December 1, 2023

Biden-Harris Administration Announces Supply Chain Resilience Center to Protect U.S. Supply Chain from Evolving Threats

WASHINGTON – As part of the inaugural meeting of the White House Council on Supply Chain Resilience, President Biden and Secretary of Homeland Security Alejandro N. Mayorkas unveiled the Supply Chain Resilience Center (SCRC), a new U.S. government entity designed to collaborate with the private sector to better secure our supply chains. The SCRC will analyze vulnerabilities and conduct scenario planning with private sector stakeholders to help mitigate supply chain disruptions, ensure reliable and efficient deliveries of goods and services, and lower costs for the American people.

Read Full Article

November 22, 2023November 22, 2023

NSA and ESF Partners Release Recommended Practices for Software Bill of Materials Consumption

The National Security Agency (NSA), Office of the Director of National Intelligence (ODNI), the Cybersecurity and Infrastructure Security Agency (CISA), and industry partners have released a cybersecurity technical report (CTR), “Securing the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption.” The guidance in this release aids software developers, suppliers, and customer stakeholders in ensuring the integrity and security of software via contractual agreements, software releases and updates, notifications, and mitigations of vulnerabilities.

Read Full Report

November 8, 2023November 16, 2023

DHS Launches New Critical Infrastructure Security and Resilience Campaign

The DHS and two of its agencies, CISA and FEMA, on Tuesday announced the launch of a new campaign whose goal is to help critical infrastructure organizations become more secure and resilient.

The new campaign, called Shields Ready, complements an existing campaign named Shields Up, which focuses on providing recommendations and other resources that can help critical infrastructure organizations reduce risk in response to specific threat intelligence.

Read Full Article