In the last few years, enterprise owners, politicians, and consumers alike have learned the hard way how disruptions in one part of the supply chain can have far-reaching effects on the entire system, impacting companies, industries, and even national economies.
The COVID-19 pandemic exposed the fragility of the global supply chain network, with raw-material shortages, logistics bottlenecks, and border closures forcing companies to reassess their supply chain strategies and find ways to mitigate the risks of future disruptions.
But how well do past disruptions foretell future ones? And how applicable are the lessons learned in 2020 and 2021 to whatever crisis is coming our way in 2023?
These are some of the questions Andrea Little Limbago, Ph.D., will be debating at next week’s RSA Conference in her panel discussion, “The World in Crisis: Prepare for Extreme Events via Supply Chain Resilience.” Limbago, senior vice president of research and analysis at Interos, will be joined by Edna Conway, CEO of EMC Advisors and former chief security and risk officer for Microsoft Cloud; and Erin Joe, a senior executive with Mandiant Strategy and Alliances at Google Cloud. (Limbago’s panel will take place Monday, April 24, at 5:20 p.m. ET / 2:20 p.m. PT, at RSAC 2023, which runs April 24-27 at the Moscone Center in San Francisco.)
Focal Point spoke with Limbago about domino effects, isolationism, and her hopes for the cybersecurity community.
The pandemic emphasized the domino effect of the global supply chain. Do you think organizations learned the lesson?
Yeah. But some are still counting on it to be a one-off thing. They think they’ll be fine the next time around—and then the next time around turns out to be Russia invading Ukraine. No one ever thought that was going to happen.
These companies say, “We’re gonna be fine. We’ve got nothing in Ukraine.” Well…, it turns out to have a much broader impact.
And these companies say, “We’re gonna be fine. We’ve got nothing in Ukraine.” Well, it turns out you have dominoes and a ripple effect and it turns out to have a much broader impact.
As nations and companies adapt to these challenges, how can we balance protecting against supply chain risk without becoming isolationist?
My concern is that we do swing the pendulum way too far in the other direction. That’s what we did in the 1930s, and that led to another world war.
I’m fairly optimistic that we will not go that far. It depends very much on how different elections go. That really is one of the big issues. But when I think about it, absent electoral issues, discussions right now are pretty good. Let’s build up our manufacturing and reinvest. I see benefits in doing that, because you don’t want to be entirely dependent on one country, especially if that country is your major geopolitical competitor at the same time.
Although, because of the way the supply chains work, it’s actually almost impossible to be as isolationist as countries were nearly 100 years ago. We can’t make every part in the U.S. And so given that, we’re seeing a realignment of alliances and we’re seeing new alliance initiatives based on technology in critical minerals and supply chains.
Can you tell me a little about your panel members? Why did you choose them?
Edna has worked at the biggest technology companies in the world, leading security and broader cloud integrations, and so she brings a really great private-sector and technology-sector focus on the interdependencies of technologies and how they’re creating new risks on the supply chain side.
You don’t want to be entirely dependent on one country, especially if that country is your major geopolitical competitor at the same time.
She actually does a fair amount at the intersection with politics. Microsoft has to deal with GDPR, for instance, right? [General Data Protection Regulation, or GDPR, is a 2018 law in the European Union requiring enterprises around the world to protect the personal data and privacy of EU citizens. Organizations that fail to do so risk hefty fines.] They’re seeing the impact of data sovereignty; it’s forcing them to think about how they handle their data, how they structure their data, and where some of the risks are going to be. So she’ll bring in a really great perspective in that regard.
Then there’s Erin, who has been at Mandiant—which was acquired by Google last year—and is also former FBI, so she brings in the public-sector angle and what the government has been doing over the course of the last decade or two.
They each provide a unique perspective on how things used to be, where the world is going, and what we need to do as a community to help address that. And we need to get the cybersecurity community to be thinking in this regard. There’s a large role this community can play in shaping the resiliency of supply chains—and society—to prepare us for these changes that are imminent or, in many cases, already here.