Supply chain: A value chain is a private case of a supply chain

Supply chain: A value chain is a private case of a supply chain

Where a supply chain supports organization and process, a value chain supports a necessary production chain between manufacturers where there is no alternative.

For example, to enjoy electricity in homes, we have built a system of connections between players so that the grid gets its power supply from a gas pipeline, and the gas pipeline gets its power from an oil rig.

Each supplier has its own supply chain, but the system between them is an instance of a value chain. (figure 1)

From a national cybersecurity perspective, we must identify the relevant value chains and find the weak areas.
As we are always saying, the chain is only as strong as its weakest link.

By exploring value chains, we can find and define new critical infrastructure (CI).

In my opinion, CI is not just prominent in manufacturing; it can also be part of the value chain ecosystem that covers basic needs.

The second issue is to create a cyber BCP that is different from regular plans.
An example of such a change is disaster recovery (DR) which, in the case of earthquake preparedness, should be split from listed primary systems to a minimum of 150 km.
In the case of a ransomware attack on our systems, we would need unique architecture and a different DR; distance is not a necessary factor.

For a comprehensive solution, we should calculate total risk.

The third issue is to develop value chain alerts for general or direct risks.
Such alerts would include the suppliers of each manufacturer and their systems as a part of an overall cyber vision.

In my opinion, alert mechanisms should be built through information sharing between value chain actors including vulnerabilities, IOCs, common suppliers, and weakness of choke point.

Figure-1 Summary

Supply chain and value chain should cover in any cyber security plan .
Unfortunately, most of the organization protecting the organization yards.
An advanced organization make third party cyber plan, but they should consider developing a cyber value chain as part of total resilience.

The author is a former deputy director-general – INCD
All rights reserved – Rafael Franco 2021