Connect with us

IOT

Developing a Critical Infrastructure Cybersecurity Strategy

Avatar

Published

on

Given the blossoming of attacks on organizations — from energy to health care firms — the need for robust critical infrastructure cybersecurity has expanded. 

Takeaways include the following:

  • Critical infrastructure protection is a long-standing priority, but many organizations lag in their response to cyberthreats. 
  • COVID-19 has broadened the definition of critical infrastructure while also providing a reminder for enterprise companies to question which systems are essential to operations. This article builds on the advice in chapter one of this series in “Addressing IoT Security Challenges From the Cloud to the Edge.” 
  • Organizations managing critical infrastructure should develop a proactive cybersecurity posture, but coronavirus-led disruptions heighten the challenge. 

By now, the need for comprehensive cybersecurity for critical infrastructure is clear. Public accounts are widespread concerning the risk of malicious actors targeting the electrical grid, dams, voting systems and other federally designated critical infrastructure. But the majority of organizations that provide essential services have taken only incremental steps in addressing cyber risk. “Many [operational technology] organizations have pretty nascent cybersecurity programs,” said Sean Peasley, a partner at Deloitte. 

The term “critical infrastructure” initially referred to public works such as transportation infrastructure and public utilities, but, since the 1990s, the definition has steadily expanded. Sectors under the rubric now include, among other things, health care, energy and utilities, and various manufacturers. “And practically speaking, we’re finding out in the era of COVID, that critical infrastructure is even broader than we thought,” said Kieran Norton, a principal at Deloitte. Makers of personal protective equipment, for instance, play a role in mitigating the crisis. “We’ve also learned that supply chain disruption during a pandemic, for instance, could potentially be catastrophic,” Norton said. Not surprisingly, logistics firms have cemented their role as essential. The U.S. government has declared that pulp and paper and meat-packing industries are essential as well. So the overlap between critical infrastructure and operational technology (OT) security continues to blur. No matter what the name, few of the industries in this domain have reached a high degree of cyber-effectiveness, according to research on industrial security from the Ponemon Institute underwritten by TÜV Rheinland. 

Traditional critical infrastructure entities may have decades of experience with traditional risk management and safety initiatives, but for many, cyberssecurity is a relatively new priority. And broadly speaking, organizations managing critical infrastructure tend to be slow moving. “My general experience is that OT security is about 10 to 15 years behind the IT security space,” said Andrew Howard, CEO of Kudelski Security.  

Meanwhile, the threat landscape for critical infrastructure organizations continues to grow more precarious. The number of attackers targeting such infrastructure is surging, as is the number of connected devices in many critical infrastructure environments. According to the X-Force Threat Intelligence Index 2020 from IBM, the volume of attacks on industrial control systems in 2019 was higher than the previous three years combined. 

Such attacks have made headlines in 2020. Ransomware attackers successfully targeted Honda and Taiwan’s energy utility and a U.S. natural gas facility. Israel’s water supply was reportedly attacked. The Japanese telecommunications firm NTT has had its internal network breached. 

Risk Assess Continually

If you can’t measure something, you can’t improve it. But that advice doubly applies to critical infrastructure cybersecurity, where risk and risk reduction can be challenging to quantify. Many organizations struggle to keep an accurate asset inventory, given the diversity and complexity of their environments. Meanwhile, experts specializing in OT cybersecurity are in short supply. Compounding this risk is the complicated nature of third-party risk management, including assessing potential vulnerabilities introduced via procured hardware, software or contractors.  

While risk assessment should be a continual process, critical infrastructure organizations should begin with periodic in-depth risk assessments designed to quantify threats, vulnerabilities and potential consequences of cyberattacks and other causes of operational disruption. Potential vulnerabilities include shared passwords, unpatched systems, software and hardware of unknown provenance and overly permissive firewalls.  

But such security assessments can be tricky to perform. There’s an array of device types to track, ranging from pumps and valves, legacy controllers and myriad computing devices. Additionally, understanding the ramifications of an industrial system breach necessitates an in-depth operational knowledge. In an environment with scores of different systems, the problem is compounded. 

Traditional network scanning techniques require care. Active network and vulnerability scanning techniques of industrial control systems can crash control systems. Using active scanning safely in a critical infrastructure environment generally can be done safely, according to Dale Peterson, a consultant specializing in industrial control system security. But it requires working closely with operations to address the risk. While passive techniques for network monitoring are less intrusive, they are also less accurate. “This debate is often where that IT security view clashes with the OT view. The IT security person is inclined to go with active scanning, but the person in charge of monitoring a critical infrastructure system often prefers a passive approach because they don’t want to put it at risk.” 

Especially with in-depth assessments, organizations are likely to uncover a long list of problems and question the remediation to prioritize. Also compounding the problem, many cybersecurity professionals generally don’t have direct experience with all equipment undergoing audit, and thus must rely on interviews with seasoned asset owners and operators to gauge their cyber risk.   

Organizations should weigh both severity and ease of remediation. Access control is often a theme here, Miklovic said. “Boundary interfaces always are the weakest part of any cybersecurity problem, whether it be a protocol boundary or a physical boundary,” he said. “Even in the industrial cybersecurity world, one of the biggest breach points still is USB drives.”    

While it is quick and inexpensive for a staff member to use super-glue or solder to plug unused USB drives, some organizations focus too much on addressing the “easy stuff” in their remediation, Howard said. “Yes, there are threshold mitigations you should knock out immediately. But after that, you should prioritize based on risk.”

Quantifying that risk is possible using a two-by-two matrix that weighs the likelihood of a vulnerability’s impact and potential severity, according to Joe Saunders, CEO of RunSafe. 

Building a risk profile for each system is rarely straightforward. Interviews with asset owners and operators are key to understand the impact if a given system were to crash. “You can have a machine that seems to be vulnerable and high risk,” Miklovic said. But if it goes down, it may cause only isolated problems rather than bringing everything”to a grinding halt.”  

Another factor that can complicate risk assessment is the tendency for organizations to prioritize cyber-priorities solely based on the time or money invested. “What an organization thinks is valuable may be quite different from what a cybercriminal thinks is valuable,” said Bill Malik, vice president, infrastructure strategies at Trend Micro. 

When it comes to legacy equipment, organizations can be  limited in their ability to reduce risk. A device running a decades-old operating system likely can’t be updated. “The strategy that’s typically taken on these systems is to isolate and monitor,” Howard said. “My experience is that the isolation is usually pretty porous.” 

New Risks in the New Normal

Risk management in critical infrastructure has become increasingly challenging with growing cybersecurity concerns. The need for those organizations to develop COVID-19 response plans while expanding remote working for some workers adds further complexity. “I think the main sort of change that we see in critical infrastructure environments is the work-from-home scenario,” said Jamil Jaffer, senior vice president for strategy, partnerships and corporate Development at IronNet Cybersecurity. 

The work-from-home paradigm has complicated protecting vulnerable systems, Howard said. “Now, you have employees using VPN to connect to production systems from home to make changes,” he said. “They would probably not have done that before.” 

Similarly, some organizations could be tempted to grant third-parties such as vendors and technicians remote access to sensitive systems. “There’s probably less focus on cybersecurity when many people are focused on getting their work done and keeping their job,” Norton said.  

Network availability is another consideration for organizations looking to scale up remote working capabilities in critical infrastructure contexts. “In the past, you had organizations with 10%–20% of their workers using traditional remote access infrastructure,” Norton said. As organizations have scaled up remote working capabilities, “many have run into problems with bandwidth, scale and deploying assets,” Norton said.

While expanding connectivity for industrial assets can potentially create more vulnerabilities, COVID-19 also underscored the risk of old-fashioned contingency plans that rely on workers’ physical presence, manual processes, and paperwork. 

Although traditionally slow to change, critical infrastructure organizations shouldn’t shy away from making wholesale changes to their technology architecture as they rethink core processes and workflows. “If this is the new normal, you probably need to redesign your infrastructure,” Norton said. 

Toward Proactive Cybersecurity 

Ultimately, critical infrastructure organizations seek to transition from entrenched, manual processes that offer incremental risk reduction toward a more-proactive cybersecurity posture. “Industrial environments tend to be complex and constantly evolving,” said Natali Tshuva, CEO of Sternum. “Security controls are needed not only to assess the current status but to also offer sustainable protection and peace of mind for years to come.” 

Traditionally, industrial and critical infrastructure security meant physical security, encompassing safety and access control within a physical perimeter. Many traditional industrial protocols are fundamentally insecure because their designers assumed only authorized personnel would have access to them. But the rise of remote working, cloud computing and IIoT have undercut the castle-and-moat security model. The influence of that legacy model, however, is one reason many critical infrastructure organizations — as well as enterprise companies — have a reactive security approach. 

The emphasis of such a redesign should be creating robust and efficient workflows based on universal security policies. “Move the security controls as close as possible to the assets,” Norton counseled. 

 The process includes creating a comprehensive and evolving security policy for the following assets:

  • Equipment and devices: Such hardware could range from legacy industrial equipment to IoT devices to corporate-issued laptops. “Understanding those devices in context relative to users is super important,” Norton said. Organizations should secure industrial controllers, advised Joe Saunders, CEO of RunSafe Security. Securing sensors and gateways, by contrast, is relatively straightforward. “But controllers are performance-sensitive and deep in the infrastructure.”      
  • Networks and users: As for users, security staff should constrain access as much as feasibly possible based on controls outlined in an organizational security policy. “You can have a policy engine that’s talking to those security controls that allows you to dynamically apply, through the context of the user and the application, logic,” Norton said. Organizations should also invest in network breach detection capabilities. 
  • Data. Data classification and discovery are valuable tools for evaluating the level of control needed to protect a given data type. 
  • Workflow, workloads and processes. The degree of protection required accounts for these processes’ intrinsic value to your organization and the likelihood of adversaries interfering with them. This task also includes fortifying the supply chain and ensuring that contractors and suppliers comply with a specified security controls level. 
  • Software development processes. Critical infrastructure organizations “should build security into software development, so the software you deploy is resilient,” Saunders said.    

While cyber-hygiene is  vital, a common pitfall in security is to under-prioritize threat detection, response and recovery. “A quick rule of thumb is to spend 50% of your effort on prevention, and detection and spend 50% of your effort on response recovery,” said Matt Selheimer, an executive at PAS Global. “Traditionally, the approach many organizations have taken is to put the preventive controls in place first,” Norton said. But given the complexity of examining risk in critical infrastructure environments, response and recovery sometimes take a back seat. “If something does go wrong, you want to be able to identify it quickly and shut it down,” Norton said. “That’s just as important as preventing something because you know that something’s eventually going to go wrong.” 

Organizations aspiring to transition to a proactive cybersecurity posture can draw inspiration from various frameworks, ranging from the comprehensive ISO 27002 and standards specific to industrial control systems such as ISA/IEC 62443. A relative newcomer is the Cybersecurity Maturity Model Certification (CMMC) from the Department of Defense — designed to specify the security level required for organizations to bid on various government programs. Broken into five tiers, the first three specify basic, intermediate and good cyber-hygiene. The two upper tiers require more sophisticated cybersecurity management. The fourth stipulates that “all cyber activities are reviewed and measured for effectiveness” with review results shared with management. The top tier adds standardized and comprehensive documentation related to all relevant units. 

CMMC Level 1 Basic cyber hygiene (performed) Select practices are documented where required
CMMC Level 2 Intermediate cyber hygiene (documented)   Each practice is documented and a policy exists for all activities 
CMMC Level 3 Good cyber hygiene (managed) In addition to practices above, a cyber plan exists and is operationalized to include all activities. 
CMMC Level 4 Proactive (reviewed)  All cyber-activities are reviewed and measured for effectiveness. Results are shared with management. 
CMMC Level 5 Advanced progressive (optimizing)  In addition to practices above, this stage adds a standardized documentation across the organization.

“It’s the first framework we’ve seen with a mapped-out maturity model specific to integrators and their subcontractors bidding on sensitive government programs,” said Tony Cole, chief technology officer at Attivo Networks. The framework could encourage critical infrastructure organizations to develop a more sophisticated understanding of internal cyber risk as well as the due diligence required from third parties. There’s a level of objectivity to the framework that could be helpful, Cole said. “According to the model, a third-party auditor has to come in and confirm the cybersecurity level of a contractor. No self-reported surveys,” he said. “Somebody has to audit it.” 

Automation is also an element to consider when designing a proactive security strategy. Techniques such as machine learning can help organizations automate routine security monitoring tasks such as network breach detection and implement controls to stop the spread of attacks.  

Embedded security protections, which are increasingly available on diverse, resource-constrained devices, provide intrinsic threat protection. On-device protection should also “include comprehensive asset management capabilities” Tshuva said. Such controls support network visibility and can provide automatic alerts for attacks. 

Organizations that rush to find ways to automate security monitoring without a robust and contextual security policy often face an explosion of false alarms, Selheimer warned. But in the end, all organizations should plan on investing time in tuning security controls. “It’s no different in OT than in IT. People in the [security operations center] spend a lot of time tuning firewall rules and security information, event management correlation rules to reduce the noise,” Selheimer said.

Complicating matters further is the unique and varied critical infrastructure landscape, which can complicate deploying off-the-shelf security automation and AI tools. “There are certainly some limitations. But there are also ways to address that, “Norton said. Organizations can, for instance, isolate sensitive operational systems and use automation and orchestration tools to protect the resulting enclave. “Through automation and orchestration, automate as much you can and then orchestrate where you can’t automate to make sure that you’ve got effective capabilities and are responding and adjusting to threats,” Norton said. 

In the end, critical infrastructure security threats will likely shift rapidly. “To be proactive means you’re constantly adjusting your cyber-posture to address what’s happening both in terms of direct impacts against the organization as well as what you’re seeing happen from an industry perspective,” Norton said.

Source: https://www.iotworldtoday.com/2020/06/12/developing-a-critical-infrastructure-cybersecurity-strategy/

IOT

The Lucrative IoT Opportunity for Communications Service Providers Post COVID-19

Avatar

Published

on

Illustration: © IoT For All

As we entered 2020, many Communications Service Providers (CSPs) were optimistic about finally fulfilling the early promise of IoT by harnessing the potential of 5G and Mobile Edge Computing (MEC) to offer a rich source of future growth. Many CSPs understood that to realize this opportunity, they needed to change. Enterprises wanted fuller solutions that would drive their digital transformation faster and that were simple to buy, fast to implement, and simple to consume.

In a recent Analysys Mason study, 59% of enterprise customers would only buy MEC as part of a solution. Solutions require a much fuller set of capabilities that typically come from partners. So, are CSPs successfully managing to offer compelling solutions that accelerate digital transformation for their customers?

The answer: not entirely. Omdia’s quarterly 5G innovation tracker reveals that so far, 32% of enterprises have chosen DIY (to go it alone and build their own 5G solutions), 40% looked to others like systems integrators for solutions, whilst only 21% purchased directly from CSPs. Although it is early days, CSPs must drive this ratio above 50% to make sense of their 5G investments.

The ‘Positive’ Impact of Covid-19

Regardless of Covid-19, the fact that only one in five early enterprise 5G solution deals are CSP-led, proves that the way CSPs want to sell is deeply at odds with the way in which their enterprise and SMB customers want to buy. What’s more concerning is that some of these early large enterprise deals, such as the ones we see in automotive with VW and BMW, cut out CSPs entirely – even for connectivity. Businesses want to buy complete solutions that meet their needs and help them solve business problems, rather than connectivity and separate technology products they need to integrate. This is a multi-billion-dollar opportunity that requires CSPs to collaborate and better understand their customers’ needs, becoming ecosystem-enabled solution providers to satisfy them.

The global pandemic is causing many enterprises to hit the ‘fast-forward’ button on IoT/5G technology solutions. Indeed, 5G investment in China is already recovering because enterprises there recognize the importance of automating processes to guard against a second wave of the pandemic. We expect this trend to unfold globally as Covid-19 makes digitalizing physical assets, automating through industry 4.0, and securing supply chains more relevant than ever.

As Covid-19 resets how enterprises use technology, major verticals including automotive, manufacturing, and logistics will look to rebuild differently. Within this is an opportunity to test the mettle of solutions that harness IoT, 5G, and MEC with AI. In the U.S. for example, 67% of businesses believe that 5G use cases can deliver 11%+ cost reductions over the next three years. Nearly a quarter (23%), believe that 5G use cases could deliver revenue growth of 11% or more. Now is a very good time for CSPs to change their approach to selling 5G and non-5G driven IoT propositions. But are enterprises willing to buy from CSPs?

Enterprise IoT & 5G Market

CSPs are pushing at an ‘open door’: 98% of European, 92% of Asian, and 87% of North American businesses are willing to buy advanced solutions from CSPs. In particular, North American businesses are most positive about the role CSPs will play in 5G, with 96% believing they will do more than provide connectivity. Large North American enterprises say they want to work with CSPs as they can orchestrate ecosystems of partners, manage complex programs, and are perceived to be more flexible than other potential 5G solution providers.

Enterprises, more than CSPs, recognize that building effective IoT solutions is a team sport. They don’t expect one organization to have all of the answers. But they do expect industry players to collaborate to provide solutions to their business challenges. This is where the problem currently sits. Enterprises are looking to buy solutions, CSPs want to sell products – in effect, to organize themselves in a way that best suits how they want to structure their business internally rather than how best to meet customer needs.

Businesses want to find the ‘perfect’ solution to their problem, rather than invent one by integrating multiple products – which is too slow and costly. Instead, they want to buy complete IoT solutions ready to be consumed in a bite-sized way, with no upfront investment and/or risk. It’s not about buying a network slice or MEC product. For businesses, it’s about finding pre-integrated solutions and the best available technologies to quickly drive efficiencies for customers or help them grow revenue as part of their digital transformation. For CSP, it’s about retaining customer relationships and growing revenue.

Even the larger enterprises don’t have the knowledge or capabilities to deal with the integration of new standalone technologies. So, they look to partners that understand their challenges, orchestrate the right ecosystem of technologies and players to deliver solutions that perfectly solve their problems. Covid-19 will only accelerate this trend as it renews pressure to digitally transform faster.

Ecosystems

Historically, CSPs have tended not to work in this way. Now, they really need to. One key step is to adopt a more open and collaborative mindset. This includes taking the lead in setting up and managing ecosystems with third-party partners.

Ecosystems are an effective way for CSPs to plug their knowledge and technology gaps, broaden their portfolio of services and solutions, and importantly encourage fresh ideas and new ways of thinking.

For CSPs to monetize IoT throughout the process of enterprise renewal during Covid-19, it will require having industry-specific solutions underpinned by an enabling technology layer that is massively scalable. Strong partner ecosystems will generate powerful network effects around a digital business platform that provides massive economies, frictionless process execution, and zero-touch operation for customers. These architectures and solutions need to be capable of being converted into technology wrappers and services.

IoT Innovation Requires Collaboration

Solving customer problems requires a broader set of perspectives and the exchange of customer insights and ideas for new products or services, as this rarely happens effectively and sustainably in silo. This is the concept behind an ecosystem-enabled solution provider. They bring together a broader set of capabilities around a digital business platform to prototype and test those new ideas with customers. In these new multi-sided business models, a partner ecosystem is key for generating new ideas, bringing new data sources, driving innovation, expanding offerings, and extending into the white space between old industry verticals and growing revenue.

The pandemic we’re experiencing is hastening change. There isn’t a single entity that hasn’t been affected by it. Our global economy is in a holding pattern and budgets are tightening. This laser focus on how to spend carefully will lead both enterprises and SMBs to accelerate investments in automation, remote business operation, and remote working in the short term. While this is process is in motion without a hard timeline, the CSPs that will prevail will be the ones that harness a powerful ecosystem to provide full solutions to problems and in so doing, build much strong and closer customer relationships.

CSPs are poised as ecosystem-enabled solution providers that can foster growth by combining 5G with technology – if they embrace platform-based business models and orchestrate partner ecosystems to satisfy the needs of their enterprise customers. This requires a change in mindset, experimenting with business models, accelerating innovation, and speed to test and monetize new offerings that are co-created with an ecosystem of partners and underpinned by the right IT platform to support these new ways of working.

Source: https://www.iotforall.com/the-lucrative-iot-opportunity-for-csps-post-covid-19

Continue Reading

IOT

Consumer Interest in IoT Devices Varies Among Gender, Need

Avatar

Published

on

🟥 We’ve all seen a horror movie where a killer finds a conveniently unlocked door, pushes open a window, or breaks a glass windowpane without alerting the unsuspecting residents. Bad news for Michael Myers: developments in smart home technology have made it a little harder for these intruders to break in — in fact, that’s the main draw of this technology for some people who buy them.

🚀 What if, upon hearing a suspicious noise outside, you could tell your phone to lock your doors? Or if you could call the police to your residence simply by shouting the command out loud?

It might make horror movies a little less interesting, but it also makes real people safer. 🔻

A survey conducted by home insurance company Hippo broke down what drives consumer interest in smart home devices, finding varied results among gender and purpose. The survey asked 1,000 smart tech users to share their opinions. ⤵

➤ Women look for safety first; men want convenience ⤵

👉 If life was a horror movie, women might have the upper hand. Survey data showed that women are most interested in purchasing home monitoring systems and technology that will keep them safe. The general consensus was that smart alarm systems are the way to go when shopping for smart home tech.

Men, on the other hand, are more interested in energy-saving technologies that will help lower their utility bills. They’re also looking for technologies that will make their lives easier. When it comes to protection, however, men tend to opt for camera systems.🔻

➤ Overall, convenience is key

More than just scaring away things that go bump in the night, smart home technology has opened up a world of possibilities for people looking to make their lives more convenient. You can unlock your front door with your cell phone, adjust the thermostat without leaving your seat, and ask Alexa for that final recipe step without having to wash off flour-covered hands.

🔺Among homeowners, this added convenience was the biggest driver of smart home excitement — 46% of them said this was why they decided to invest. Also driving smart home tech sales are home monitoring capabilities, 17%; added protection, 16%; and lower utility bills, 16%.👇

➤ Today’s smart homes ⤵

🚩 It’s more common than not for a home to have some sort of IoT device, whether it’s a Google Alexa device or a doorbell with a camera attached. Today’s smart homes have a variety of devices performing a variety of functions. The most common four are the following: 🔽

◆ Smart appliances: Appliances like laundry machines, dishwashers, and refrigerators can be hooked up to a smartphone to alert you when you’re out of milk or let you start preheating the oven before you leave work.

◆ Alarm systems: With a smart alarm system, your phone will let you know any time someone opens or closes a door, a window opens or smoke is detected in your home.

◆ Cameras: Smart cameras can send footage to your phone so you can monitor an outdoor pet’s activity, or make sure no one is snooping around your property.

◆ Smart thermostat: A smart thermostat lets you control the temperature from your smartphone and can let you set the temperature to automatically increase or decrease based on lifestyle patterns or weather.

If it sounds like we’re living in the world of tomorrow, it’s because we are. Smart devices have made life more convenient, safer, and more connected than ever — what once required time and effort can now be done seamlessly from your mobile device.

🔥🚀 With a smart camera that alerts you every time a door or window is opened, good luck to the slasher movie villains of yesteryear.

 

↘ Source: Emily is a content creator for Hippo. When she’s not typing away at a computer, you can find her hiking with her dog or doing a crossword.

Continue Reading

AI

Forecasting for Fall Uncertainties 

Avatar

Published

on

Here is how supply chain executives can prepare for the onset of fall and winter as pandemic forces continue to impact the business. (Credit: Getty Images) 

By Scott Lundstrom, Analyst, Supply Chain Futures 

Over the last several months, the supply chain planning community has been faced with the question of how to deal with increased uncertainty as we enter the fall. While we are adjusting to COVID-19, we are not overcoming it. Pandemic forces will continue to impact our business as we enter the fall and move into winter. Widespread vaccine availability is still 9 to 12 months away for most people. Environmental and climate disruption challenges continue unabated. Political instability and challenges still dominate the front page.  

Scott Lundstrom, Analyst, Supply Chain Futures

Our relatively stable world of global supply chains has been upended in ways we could never imagine. What is a supply chain executive to do? While it might sound obvious at this point, COVID has impressed upon us all the need for digital transformation to drive resiliency and agility into our operations. First and foremost, we need to adopt an outside-in view of the supply chain. Viewing the supply chain as a demand-driven business network is essential to avoid execution failures, excess inventories, and the inevitable bullwhip effects of the chaotic business environment. AI and advanced supply chain and data analytics can help, but only if we have the data and processes required to make use of intelligence in creating agility and resiliency. 

Changes in philosophy and strategy – from efficiency to resiliency. This really has little to do with technology. Change management among senior leaders can be incredibly challenging but is an absolute necessity. Adopting a focus on outside-in thinking and customer experience can be difficult after many years of internal process optimization to reduce costs and minimize inventory. Analytics can play a role in gaining a better understanding of where we are experiencing difficulties, and disappointing customers 

Changes in sourcing agreements to improve supply stability and demand forecasting – Supply chain is a team sport. It is only by working with our partner suppliers that we can improve resiliency. Moves toward more flexible agreements that allow a range of order actions across multiple categories based on demand and availability will help make supply chains less brittle and restrictive. Partner data about tier 2 and tier 3 suppliers can help us improve our planning models to incorporate uncertainty in geopolitical, climate, logistic, and pandemic dimensions. Utilizing better, more detailed data about suppliers may be one of the most important changes we can make in improving the resilience of our planning optimization models. This is also essential data if we hope to utilize machine learning and auto ML in our planning models.  

Changes in logistics planning embracing flexibility and local supply – One of the biggest changes we will see in supply chains this fall is a desire to move toward more local sources of supply. Geographical complexities driven by lockdowns, limited global shipping capacity, and geopolitical instability are causing the pendulum to swing back toward more local sources of supply. 

Changes in supply and demand data requirements and digital twins – Real improvements in supply chain performance require more real time data. Real time data from customers, suppliers, distributors and logistic suppliers needs to be integrated to provide a real time view of the end-to-end process of meeting customer needs. Increasingly, supply chain software providers are turning to digital twin and digital thread data models to help provide this visibility. Advanced analytics and machine learning algorithms are ideally suited to identify and resolve issues when provided with this type of operating framework. Preparing for uncertainty and creating resilience should be a focus of every supply chain organization as we move into the next wave of pandemic uncertainty. Prepared organizations will experience much higher levels of customer satisfaction, and will experience better business outcomes and performance. 

Scott Lundstrom is an analyst focused on the intersection of AI, IoT and Supply Chains. See his blog at Supply Chain Futures. 

Source: https://www.aitrends.com/ai-in-industry/forecasting-for-fall-uncertainties/

Continue Reading
AR/VR4 hours ago

What the VR is Going on at Facebook? Accounts, Store Content and the Splits

Cannabis6 hours ago

Jay-Z announces new line of cannabis products dubbed Monogram

Energy7 hours ago

The Rockefeller Foundation commits USD1 billion to catalyze a green recovery from pandemic

Energy7 hours ago

PJM Named a Top Adoption-Friendly Company in the United States for 14th Consecutive Year

Blockchain7 hours ago

Top 10 Blockchain-as-a-Service (BaaS) Providers

Energy7 hours ago

Defining Value in Supplier Selection: An NSK Perspective

AR/VR7 hours ago

LBE VR: Past, Present and Post Civid Future

Blockchain News7 hours ago

Do I need to Buy One Whole Bitcoin? 3 BTC Questions I’m Tired of Answering

Energy8 hours ago

ReneSola Power and Novergy to Form Joint Venture to Develop Solar Projects in the UK

Energy8 hours ago

S&P Global Platts Announces Finalists for ‘Leadership in Energy Transition Award’

Blockchain8 hours ago

Founder´s Packs now available for the first AAA blockchain game BLANKOS BLOCK PARTY

Blockchain News8 hours ago

Kevin Hart Jokingly Calls Crypto “Voodoo Money” While Kanye West Takes Bitcoin Seriously on Joe Rogan’s Podcast

AR/VR8 hours ago

Lenovo to Sell Varjo’s Enterprise VR Headsets

AR/VR9 hours ago

The Virtual Arena: The Ascendance of Arena-Scale Entertainment – Part 2

Energy10 hours ago

ICL Agrees to Acquire Fertiláqua, a Leading Brazilian Specialty Plant Nutrition Company

Fintech10 hours ago

How these fintech partnerships are shaking up finance

Esports11 hours ago

Four key storylines of BLAST Premier Fall Series

Energy11 hours ago

FMC Corporation Announces New Executive Role, Vice President and Chief Sustainability Officer, and Elects New Vice President of Procurement and Global Facilities

Blockchain News11 hours ago

Ant Group Chairman Eric Jing: Blockchain Will be the New Standard of the Future Financial Infrastructure

Payments11 hours ago

Cross border payments part 1: the competition is really, really old 

Energy11 hours ago

Decarbonization Plus Acquisition Corporation Completes Initial Public Offering

Energy11 hours ago

SESCO Lighting Announces new CEO

Esports11 hours ago

Discussing roster changes, recent tournaments, and NA teams in Europe on HLTV Confirmed S5E12 with smooya

Energy12 hours ago

Humic-based Biostimulants Market worth $848 million by 2025 – Exclusive Report by MarketsandMarkets™

Fintech12 hours ago

The Carlyle Group to acquire Calastone

Biotechnology12 hours ago

Tyler Jacks, founding director of MIT’s Koch Institute, to step down

Esports13 hours ago

How to Shiny Hunt in Dynamax Adventures in Pokémon Sword and Shield’s The Crown Tundra expansion

Esports13 hours ago

March joins T1’s Dota 2 roster as head coach

Cyber Security13 hours ago

Huobi expands fiat gateway to support AUD, GBP and EUR through Banxa

Crowdfunding14 hours ago

P2P Lending Platform SeedIn Rebrands to BRDGE, Plans Expansion Into Indonesia

Aviation14 hours ago

Malaysia Airlines Operates More Than 200 Rescue and Repatriation Flights During RMCO, CMCO

Energy14 hours ago

Water Treatment Chemicals Market to Surpass $85,341.8 Million Revenue by 2030: P&S Intelligence

Energy14 hours ago

Daqo New Energy Announces ADS Ratio Change and Further Amendment and Restatement to Deposit Agreement

Esports14 hours ago

How to Shiny Hunt the Regis in Pokémon Sword and Shield’s The Crown Tundra expansion

Energy14 hours ago

Third party tests confirm HYZON Motors’ new liquid-cooled fuel cell stack leads the world in power density

Energy15 hours ago

Polyethylene Furanoate Films Market Size Worth $800.9 Thousand By 2035: Grand View Research, Inc.

Energy15 hours ago

Elkem signs MoU with FREYR for supply of battery materials

Aviation15 hours ago

Air Canada Adding Doha To Its Route Network With A Boeing 787-9

Esports15 hours ago

How to get Volcanion and Diancie in Pokémon Sword and Shield’s The Crown Tundra expansion

Aviation15 hours ago

Woman ‘locked in’ ambulance for Doha Airport genital exam

Trending