Air Date

October 14, 2020

Featured Guests

Grant Schneider
Senior Director for Cybersecurity, Venable

Clete Johnson
Partner, Wilkinson, Barker, Knauer, LLP

Doug Clare
Vice President of Fraud Compliance and Security Solutions, FICO

Gonda Lamberink
Senior Business Development Manager in the Identity Management and Security Division, Underwriters Laboratories

Moderator

Trevor H. Rudolph
VP Global Digital Policy and Regulation, Schneider Electric

Share

Supply chain security has always been an important practice, but it’s becoming even more critical in today’s digitized business world. In the U.S. Chamber of Commerce’s second installment of its Now+Next series, Trevor H. Rudolph, VP of global digital policy and regulation at Schneider Electric, asked experts how we can strengthen our global supply chain security efforts in the current climate.

To Move Forward With Supply Chain Security, We Must Harmonize Existing Regulations and Policies

Grant Schneider, senior director for cybersecurity at Venable, noted that while there are a lot of supply chain regulations and policies out there, he doesn’t believe we have just one right solution. He does, however, believe we should harmonize the efforts that already do exist.

Schneider also noted that the industry needs to better understand and agree on what a supply assessment really is. While the definitions don’t have to be exactly the same across the board, they should share the same characteristics and attributes.

“I think we need to funnel back towards more synergy and more harmonization, and less divergence,” he said.

Supply Chain Digitization Requires Quicker, More Automated Vendor Assessments

Doug Clare, VP of fraud compliance and security solutions at FICO, noted that COVID-19 has sparked greater digitization in the business world, which has greatly impacted and altered the supply chain vendor assessment process.

“A lot of the face-to-face interactions that businesses had been depending on have become digitized in a much more accelerated fashion, and organizations have had to scramble to bring new suppliers in,” he said.

As a result, the typical vendor onboarding/assessment process has decreased from about six weeks to six days. Companies no longer have the time to vet each vender via questionnaires, site visits and interviews with their security teams. Instead, said Clare, this calls for either late assessments after already bringing a vendor on, or replacing traditional onboarding practices with more automated risk quantification for quicker assessments.

Businesses Should Wait for Security Initiatives To Mature, Not Create New Ones

There have been countless new security solutions brought to market, especially over the past few years. However, Schneider noted that it’s too soon to know which ones will stick.

“A lot of the initiatives that we've seen come out recently … I think we're going to have to see how some of them mature in order to see if any of them are going to be a good model,” he said.

One of the biggest challenges is that different policies, regulations and laws solve different problems, Schneider added. However, as these existing solutions mature, businesses can decide which models work best for which threats.

“What I don't think we need are more … whack-a-mole solutions,” Schneider said. “I think we've got enough.”

Experts Call for a More Holistic Approach to Supply Chain Management and Security

Gonda Lamberink, senior business development manager in the identity management and security division at Underwriters Laboratories, said there needs to be more alignment in and clearer expectations for supply chain assessment criteria.

To take a holistic look at supply chain management, we must “dive deeper into the actual systems, products [and] components that they're providing and also maintaining [them] over the lifetime that they are active on a network,” she said.

Additionally, Lamberink stressed the importance of bridging the divide between IT and OT management.

“I think there's a lot to be gained [from] providing a more holistic criteria set, assessing your suppliers from an IT but also OT management's perspective — and then creating a level playing field by creating transparency around the uniform product methods to be used,” she said.

From the Series

NOW + NEXT