Trade War and Cybersecurity - What is important to consider in the supply chain?
Although no company was mentioned by name, it was clear to everyone that the reference was directed against Chinese technology companies, especially Huawei, a leading Chinese company whose security concerns American officials claim stem from its close ties to the Chinese government, among other reasons, allowing Chinese intelligence to use the equipment it sells for espionage purposes. The American concern is that if Huawei establishes the next-generation 5G cellular infrastructure, it would effectively provide the Chinese government with free access to all the information transmitted through this infrastructure. This threat is perceived as so severe that the US Department of State is also pressuring US allies to refrain from using Huawei equipment for the same reasons and claims that intelligence cooperation will be affected if they do not comply, as they cannot be sure that the transmitted information will remain confidential.
Whether it is a genuine concern or President Trump is using a security pretext to harm the Chinese economy as part of the trade war between the US and China, there is no doubt that the event serves as a wake-up call to the importance of information security in the supply chain. The supply chain is global and complex, consisting of numerous segments and indicators that demonstrate the efficiency of the supply chain – low costs, rapid innovation, location, price, a wide range of products, and more.
These points also represent the vulnerability of the supply chain since every link in the chain can be exposed to malicious factors, ranging from the infrastructure and the products themselves (as in the case of Huawei) to the procurement stages, inventory management, packaging, and product or service delivery to manufacturing companies or end customers.
Ensuring the security of information in each of these stages is not necessary solely to protect the product from damage or industrial espionage. As the example shows, there are far-reaching implications for a company that cannot demonstrate beyond any doubt that it secures its information at the highest level, as it may risk being included in a “blacklist” of companies that cannot do business with.
Since securing information in the network and supply chain, in particular, involves countless layers of information traffic and users, the first and most significant step towards securing the supply chain is the proper allocation of access rights – at the data access level and the ability to perform operations. In other words, if a company works with multiple subcontractors through a digital management system, each subcontractor should only be allocated access to relevant information through end-to-end data encryption. Moreover, decisions must be made regarding the permissions granted to the subcontractor – whether it is writing, updating, and editing information in the system or only viewing it. The more limited their range of actions, the more secure the system will be.
This principle, known as the principle of least privilege (PoLP), also defines who the individuals are who will be granted permissions to perform actions within the system – from the operations vice president to the operational employees, or the leading driver, for example. In 4 words? Minimum users, maximum security.