Industry-wide security efforts could benefit from a smaller, more agile approach.

One of the major trends, or more specifically, major needs, over the past decade is the quest to beef up security methods and protocols to protect intellectual property (IP) and secure the numerous long and global supply chains. As with any emerging trend, opinions are varied as to exactly what “security” means, as well as how to best define “supply chain.”

Over the past quarter century, the global supply chain has grown, prospered and become increasingly complex. The flourishing of such a complex and efficient manufacturing environment has required deployment of advanced technology – not just in how product is manufactured on the production floor but also in how data are transferred. Data include everything from Controlled Unclassified Information (CUI) to all the myriad details required to logistically make sure items and sub-items are shipped and arrive in time – anywhere in the world – at the required location for assembly. This is where the concept of security gets interesting.

Long gone are the days in which a single company invented or designed a product, manufactured all the various components and parts in-house, and delivered them to in-house final assembly, test and packaging. Today, design centers can be located anywhere, with components sourced from across the globe. Many of those components and parts have firmware or software pre-programmed, with the source, again, being located anywhere and everywhere in the world. The global economy is truly amazing, and the global economy can be increasingly scary!

With the global economy becoming increasingly complex and products becoming increasingly rich with technology and CUI, it’s no wonder that the concern to protect the security of product and supply chain(s) that enable its production has become such an important and hot topic – especially when so many bad actors are nibbling away at the necessary pipelines. The challenge is balancing the ability to effectively enhance security while not creating a monster that will jeopardize robust supply chain(s).

Many initiatives are in place to strengthen security, especially cybersecurity, to protect the data pipelines that contain CUI and developing IP. The ongoing challenges, however, revolve around the yin and yang of the time to develop the protocols and processes to protect security versus the speed at which technology moves, thus making those protocols and processes obsolete. In addition, the cost required to implement any protocol and process is often much higher than many smaller suppliers can reasonably afford.

All companies in all the supply chains in the world aspire to communicate instantaneously via unhackable networks when communicating CUI, IP or critical logistics data, with the ability to immediately communicate a data breach to all critical parties if one takes place. Ditto, businesses globally wish to be audited to existing standards and certified that their physical and cybersecurity systems, protocols and procedures are world-class and secure. Despite all the best efforts and resources invested, however, industry has moved remarkably slowly toward achieving those much-needed common goals.

Time to market has always been a challenge for companies trying to launch the latest and greatest product. Whether hardware, software or service, it takes time to think through the need, concept and doable solutions and/or develop to fill a gap. But when the latest and greatest is also a hefty and ongoing cost instead of a lucrative profit generator, and so much informational static gets in the way of solid ideas and pie-in-the-sky dreams, the challenge becomes that much more daunting. And when said challenges need to be addressed with a sense of urgency, a better approach could be the creation of a consortium that tackles the challenge akin to how a SWAT team jumps in to squelch a dangerous foe.

Currently, significant efforts are taking place to ensure a more secure global supply chain and protect critical IP and CUI. Regrettably, none are coordinated, too many have overlapping objectives, and all are moving slower than needed. It may be time for many, if not all, of these efforts to come together under a consortium. This consortium could put together a small, empowered SWAT team to quickly develop the necessary protocols and processes while utilizing the best aspects of what each group has already developed and/or brought to the table and harnessing existing, readily available technologies and platforms to dramatically reduce time to market. It would not be the first time industry and government joined teams. In a different but equally critical hour of need in 1940, the British took such an approach, and the North American P-51 “Mustang” went from initial concept to flight in just 102 days! Maybe it’s time government and industry come together and think outside the traditional box!

Peter Bigelow is president of FTG Circuits Haverhill; (imipcb.com); pbigelow@imipcb.com. His column appears monthly.

• Next