Abstract
Successful supply chain management involves balancing multiple objectives, such as cost, responsiveness, sustainability, and flexibility. These objectives are dependent upon a secure and functioning information system, especially with the integration of information technology (IT) platforms to perform multiple supply chain management functions. Securing the materials, information, and finances transmitted along the supply chain is paramount, as supply chains have become the target of malicious supply chain attacks which can result in costly data breaches, physical impacts, and other compromises. Even the most secure information systems are vulnerable due to information exchanges with third parties, thereby incentivizing malicious parties to often target the weakest links in information-sharing partnerships. In this chapter, we will review the theoretical and methodological approaches to supply chain security, identify emerging challenges across a variety of technological use cases, and provide managerial recommendations for managing risk and ensuring a secure supply chain.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Abkowitz, M., Lepofsky, M., & Cheng, P. (1992). Selecting criteria for designating hazardous materials highway routes. Transportation Research Record, 1333(2.2).
Ackerman, E. (2021). This year, autonomous trucks will take to the road with no one on board. IEEE Spectrum. https://spectrum.ieee.org/this-year-autonomous-trucks-will-take-to-the-road-with-no-one-on-board
Alvarez, M. J., Alvarez, A., De Maggio, M. C., Oses, A., Trombetta, M., & Setola, R. (2010, March). Protecting the food supply chain from terrorist attack. In International Conference on Critical Infrastructure Protection (pp. 157–167). Springer.
Anderson, R., & Moore, T. (2006). The economics of information security. Science, 314, 610–613.
Austin, P. (2021). Amazon drone delivery was supposed to start by 2018. Here’s what happened instead. Time. https://time.com/6093371/amazon-drone-delivery-service/
Bier, V. M. (2001). On the state of the art: Risk communication to the public. Reliability Engineering & System Safety, 71(2), 139–150.
Boehler, P. (2012). Bad eggs: Another fake-food scandal rocks China. Time. https://newsfeed.time.com/2012/11/06/how-to-make-a-rotten-egg/
Böhme, R., (2006). A comparison of market approaches to software vulnerability disclosure. Proceedings of ETRICS (March 19, 2006).
Bwanya, T. (2018). Achieving effective oversight where third parties are outsourcing to ‘fourth parties’ in the supply chain. Journal of Securities Operations & Custody, 10(2), 137–144.
Chohan, U. W. (2019). Are cryptocurrencies truly trustless? In S. Goutte, K. Guesmi, & S. Saadi (Eds.), Cryptofinance and mechanisms of exchange (pp. 77–89). Springer.
CISA. (2019). What is Cybersecurity?. https://us-cert.cisa.gov/ncas/tips/ST04-001
CISA. (2020). Alert (AA20-352A): Advanced persistent threat compromise of government agencies, critical infrastructure, and private sector organizations. https://us-cert.cisa.gov/ncas/alerts/aa20-352a
Closs, D. J., & McGarrell, E. F. (2004). Enhancing security throughout the supply chain (pp. 10–12). IBM Center for the Business of Government.
CMTC. (2021). Ready or not, robotics in manufacturing is on the rise. https://www.cmtc.com/blog/overview-of-robotics-in-manufacturing
Collier, Z. A., & Sarkis, J. (2021). The zero trust supply chain: Managing supply chain risk in the absence of trust. International Journal of Production Research, 59(11), 3430–3445.
Conger, K. (2020). Driver charged in Uber’s fatal 2018 autonomous Car crash. The New York Times. https://www.nytimes.com/2020/09/15/technology/uber-autonomous-crash-driver-charged.html
Conrad, S. H., Beyeler, W. E., & Brown, T. J. (2012). The value of utilizing stochastic mapping of food distribution networks for understanding risks and tracing contaminant pathways. International Journal of Critical Infrastructures, 8(2/3), 216–224.
De Montjoye, Y.-A., Radaelli, L., Singh, V. K., & Pentland, A. S. (2015). Unique in the shopping mall: On the reidentifiability of credit card metadata. Science, 347(6221), 536–539.
Deloitte. (2022). Supplier Relationship Management (SRM). https://www2.deloitte.com/content/dam/Deloitte/ch/Documents/process-and-operations/ch-en-operations-supplier-relationship-management.pdf
DHS. (2021). Natural Disasters. https://www.dhs.gov/natural-disasters
DiMase, D., & Zulueta, P. (2009). An industry united to fight counterfeiting. A counterfeit EEE parts solution. In SMTA International Conference.
DiMase, D., Collier, Z. A., Chandy, J., Cohen, B. S., D'Anna, G., Dunlap, H., Hallman, J., Mandelbaum, J., Ritchie, J., & Vessels, L. (2020, July). A holistic approach to cyber physical systems security and resilience. In 2020 IEEE Systems Security Symposium (SSS) (pp. 1–8). IEEE.
DiMase, D., Collier, Z. A., Carlson, J., Gray, R. B., Jr., & Linkov, I. (2016). Traceability and risk analysis strategies for addressing counterfeit electronics in supply chains for complex systems. Risk Analysis, 36(10), 1834–1843.
DiMase, D., Collier, Z. A., Heffner, K., & Linkov, I. (2015). Systems engineering framework for cyber physical security and resilience. Environment Systems & Decisions, 35(2), 291–300.
DiMase, D., Collier, Z. A., Muldavin, J., Chandy, J. A., Davidson, D., Doran, D., Guin, U., Hallman, J., Heebink, J., Hall, E., & Schaffer, A. R. (2021). Zero trust for hardware supply chains: Challenges in Application of zero trust principles to hardware. NDIA Electronics Division.
Donahue, T. (2019). The worst possible day: U.S. telecommunications and Huawei. PRism, 8(3), 14–35.
Dutta, P., Choi, T. M., Somani, S., & Butala, R. (2020). Blockchain technology in supply chain operations: Applications, challenges and research opportunities. Transportation Research Part E: Logistics and Transportation Review, 142, 102067.
Eling, M., & Schnell, W. (2016). What do we know about cyber risk and cyber risk insurance? The Journal of Risk Finance, 17(5), 474–491.
European Network and Information Security Agency. (2012). Introduction to Return on Security Investment. Available at: https://www.enisa.europa.eu/publications/introduction-to-return-on-security-investment
Fitzgerald, J., & Quasney, E. (2017). Using autonomous robots to drive supply chain innovation: A series exploring Industry 4.0 technologies and their potential impact for enabling digital supply networks in manufacturing. Deloitte Development LLC.
Francisco, K., & Swanson, D. (2018). The supply chain has no clothes: Technology adoption of blockchain for supply chain transparency. Logistics, 2(1), 2.
GDPR. (2021). What is GDPR, the EU’s new data protection law? https://gdpr.eu/what-is-gdpr/
Gentner, D. (1983). Structure-mapping: A theoretical framework for analogy. Cognitive Science, 7(2), 155–170.
Glusac, E. (2016). As Airbnb grows, so do claims of discrimination. New York Times. https://www.nytimes.com/2016/06/26/travel/airbnb-discrimination-lawsuit.html
Gong, N. Z., & Liu, B. (2018). Attribute inference attacks in online social networks. ACM Transactions on Privacy and Security (TOPS), 21(1), 1–30.
Gordon, L. A., & Loeb, M. P. (2012). The economics of information security investment. ACM Transactions on Information and System Security, 5(4), 438–457.
Graubart, R., & Bodeau, D. (2016). Cyber resilience metrics: Key observations. MITRE Corporation.
Greenberg. (2015). Hackers remotely kill a jeep on the highway – With e in it. Wired. https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
Greenberg, A. (2021). A hacker tried to poison a Florida city’s water supply, officials say. Wired. https://www.wired.com/story/oldsmar-florida-water-utility-hack/
Guin, U., DiMase, D., & Tehranipoor, M. (2014). Counterfeit integrated circuits: Detection, avoidance, and the challenges ahead. Journal of Electronic Testing, 30(1), 9–23.
Guin, U., Shi, Q., Forte, D., & Tehranipoor, M. M. (2016). FORTIS: A comprehensive solution for establishing forward trust for protecting IPs and ICs. ACM Transactions on Design Automation of Electronic Systems (TODAES), 21(4), 1–20.
Haimes, Y. Y. (1991). Total risk management. Risk Analysis, 11(2), 169–171.
Hassija, V., Chamola, V., Gupta, V., Jain, S., & Guizani, N. (2020). A survey on supply chain security: Application areas, security threats, and solution architectures. IEEE Internet of Things Journal, 8(8), 6222–6246.
Herbane, B., Elliott, D., & Swartz, E. M. (2004). Business continuity management: Time for a strategic role? Long Range Planning, 37(5), 435–457.
Hillson, D. (1999). Developing effective risk responses. In Proceedings of the 30th Annual Project Management Institute Seminars & Symposium.
Hintsa, J., Gutierrez, X., Wieser, P., & Hameri, A. P. (2009). Supply chain security management: An overview. International Journal of Logistics Systems and Management, 5(3–4), 344–355.
HIPAA Journal. (2021). What is considered protected health information under HIPAA law? https://www.hipaajournal.com/what-is-considered-protected-health-information-under-hipaa/
IBM. (2021a). Artificial Intelligence (AI). https://www.ibm.com/cloud/learn/what-is-artificial-intelligence
IBM. (2021b). IoT use cases: The Internet of Things in action. https://www.ibm.com/blogs/internet-of-things/iot-use-cases/
ISO. (2021). ISO 31000 risk management. https://www.iso.org/iso-31000-risk-management.html
Jackson, R. A. (2010). The complex sea of third-party risk: Dependence on outside business relationships for key activities raises new challenges for internal auditors. Internal Auditor, 67(2), 30–35.
Kaplan, S., & Garrick, B. J. (1981). On the quantitative definition of risk. Risk Analysis, 1(1), 11–27.
Keskin, O. F., Caramancion, K. M., Tatar, I., Raza, O., & Tatar, U. (2021). Cyber third-party risk management: A comparison of non-intrusive risk scoring reports. Electronics, 10(10), 1168.
Kindervag, J. (2010a). Build security into your Network’s DNA: The zero trust network architecture. Forrester Research.
Kindervag, J. (2010b). No more chewy centers: Introducing the zero trust model of information security. Forrester Research.
Kindervag, J. (2011). Applying zero trust to the extended enterprise: Preparing your network for any device, anywhere, any time. Forrester Research.
Kleindorfer, P. R., & Saad, G. H. (2005). Managing disruption risks in supply chains. Production and Operations Management, 14(1), 53–68.
Korolov, M. (2019). What is a supply chain attack? Why you should be wary of third-party providers. CSO. https://www.csoonline.com/article/3191947/what-is-a-supply-chain-attack-why-you-should-be-wary-of-third-partyproviders.html
Krell, E. (2006). Business continuity management. Published by The Society of Management Accountants of Canada and The American Institute of Certified Public Accountants.
Lau, J. (2020). Google Maps 101: How AI helps predict traffic and determine routes. https://blog.google/products/maps/google-maps-101-how-ai-helps-predict-traffic-and-determine-routes/
Lee, J., Kim, J., Kim, I., & Han, K. (2019). Cyber threat detection based on artificial neural networks using event profiles. IEEE Access, 7, 165607–165626.
Linkov, I., Anklam, E., Collier, Z. A., DiMase, D., & Renn, O. (2014). Risk-based standards: Integrating top–down and bottom–up approaches. Environment Systems and Decisions, 34(1), 134–137.
Linkov, I., Eisenberg, D. A., Plourde, K., Seager, T. P., Allen, J., & Kott, A. (2013). Resilience metrics for cyber systems. Environment Systems and Decisions, 33(4), 471–476.
Linkov, I., Wells, E., Trump, B., Collier, Z., Goerger, S., & Lambert, J. H. (2018). Blockchain benefits and risks. The Military Engineer, 110(714), 62–63.
Livingston, H. (2007). Avoiding counterfeit electronic components. Components and Packaging Technologies, IEEE Transactions on, 30(1), 187–189.
Manyika, J., & Sneader, K. (2018). AI, automation, and the future of work: Ten things to solve for. McKinsey & Company. https://www.mckinsey.com/featured-insights/future-of-work/ai-automation-and-the-future-of-work-ten-things-to-solve-for
Marks, G. (2021). A casino gets hacked through a fish-tank thermometer. Entrepreneur. https://www.entrepreneur.com/article/368943
Mason, S. J., Cole, M. H., Ulrey, B. T., & Yan, L. (2002). Improving electronics manufacturing supply chain agility through outsourcing. International Journal of Physical Distribution & Logistics Management, 32(7), 610–620.
McMillan. (2021). Ransomware hackers demand $70 million to unlock computers in widespread attack. The Wall Street Journal. https://www.wsj.com/articles/ransomware-hackers-demand-70-million-to-unlock-computer-in-widespread-attack-11625524076
Min, H. (2019). Blockchain technology for enhancing supply chain resilience. Business Horizons, 62(1), 35–45.
Ministry for Economic Development. (2021). No to fake: The counterfeiting in the food sector. Rome, Italy. http://www.uibm.gov.it/attachments/no_to_fake_food.pdf
Moeller, R. R. (2007). COSO enterprise risk management: Understanding the new integrated ERM framework. Wiley.
Mylrea, M., & Gourisetti, S. N. G. (2018). Blockchain for supply chain cybersecurity, optimization and compliance. In 2018 Resilience Week (RWS) (pp. 70–76). IEEE.
Nandi, S., Sarkis, J., Hervani, A. A., & Helms, M. M. (2021). Redesigning supply chains using blockchain-enabled circular economy and COVID-19 experiences. Sustainable Production and Consumption, 27, 10–22.
Nath, T., & Standing, C. (2010). Drivers of information technology use in the supply chain. Journal of Systems and Information Technology, 12(1), 70–84.
National Security Commission on Artificial Intelligence. The Final Report (2021). https://reports.nscai.gov/final-report/table-of-contents/
Newman, L. (2017). Equifax officially has no excuse. Wired. https://www.wired.com/story/equifax-breach-no-excuse/
NIST. (2017). Framework for cyber-physical systems: Volume 1, Overview. NIST Special Publication 1500-201, Version 1.0. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1500-201.pdf
NIST. (2018). Framework for improving critical infrastructure cybersecurity. Vol 1.1. https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
NIST. (2019). Developing cyber resilient systems: A systems security engineering approach. SP 800-160 Vol. 2. https://csrc.nist.gov/publications/detail/sp/800-160/vol-2/final
NIST. (2020). Zero trust architecture. NIST Special Publication 800-207. Gaithersburg, MD: National Institute of Standards and Technology. https://csrc.nist.gov/publications/detail/sp/800-207/final
NIST. (2021). Supply chain attack. NIST Computer Security Resource Center. https://csrc.nist.gov/glossary/term/supply_chain_attack
Nunez. (2019). Artificial intelligence can make the U.S. electric grid smarter. https://www.anl.gov/article/artificial-intelligence-can-make-the-us-electric-grid-smarter
Office of the US Trade Representative. (2021). Special 301 Report. https://ustr.gov/sites/default/files/files/reports/2021/2021%20Special%20301%20Report%20(final).pdf
Oliver Wyman. (2017). Use blockchain to secure the supply chain. https://www.oliverwyman.com/content/dam/oliver-wyman/v2/publications/2017/oct/digital-procurement-chapter-3.pdf
Outterson, K., & Smith, R. (2006). Counterfeit drugs: The good, the bad, and the ugly. Albany Law Journal of Science and Technology, 16, 525–543.
Ozbayoglu, A. M., Gudelek, M. U., & Sezer, O. B. (2020). Deep learning for financial applications: A survey. Applied Soft Computing, 93, 106384.
PCI. (2021). Maintaining payment security. https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security
Pecht, M., & Tiku, S. (2006). Bogus: Electronic manufacturing and consumers confront a rising tide of counterfeit electronics. IEEE Spectrum, 43(5), 37–46.
PEW. (2021). Florida hack exposes danger to water systems. https://www.pewtrusts.org/en/research-and-analysis/blogs/stateline/2021/03/10/florida-hack-exposes-danger-to-water-systems
Pfleeger, S., & Cunningham, R. (2010). Why measuring security is hard. IEEE Security & Privacy, 8(4), 46–54.
Polczynski, M. H. (2004). Protecting intellectual property in a global environment. Intellectual Property Journal, 18, 83–95.
Ramos, M. (2020). What is supply chain security? IBM. https://www.ibm.com/blogs/supply-chain/what-is-supply-chain-security/
Riggs, M. (2013). China’s frightening, unpleasant cooking-oil scandal. The Atlantic. https://www.theatlantic.com/china/archive/2013/10/chinas-frightening-unpleasant-cooking-oil-scandal/281000/
Ritchie, B., & Brindley, C. (2007). Supply chain risk management and performance: A guiding framework for future development. International Journal of Operations & Production Management, 27(3), 303–322.
Robertson, J., & Riley, M. (2018). The big hack: How China used a tiny chip to infiltrate U.S. companies. Bloomberg Businessweek. https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
Romanosky, S., Ablon, L., Kuehn, A., & Jones, T. (2019). Content analysis of cyber insurance policies: How do carriers price cyber risk? Journal of Cybersecurity, 5(1), tyz002.
Rosenquist, M. (2012). How do you “sell” security? Intel Corporation. Available at: https://itpeernetwork.intel.com/how-do-you-sell-security
Saberi, S., Kouhizadeh, M., & Sarkis, J. (2019a). Blockchains and the supply chain: Findings from a broad study of practitioners. IEEE Engineering Management Review, 47(3), 95–103.
Saberi, S., Kouhizadeh, M., Sarkis, J., & Shen, L. (2019b). Blockchain technology and its relationships to sustainable supply chain management. International Journal of Production Research, 57(7), 2117–2135.
Sahay, B. S., & Gupta, A. K. (2003). Development of software selection criteria for supply chain solutions. Industrial Management & Data Systems, 103(2), 97–110.
Saltzer, J. H., & Schroeder, M. D. (1975). The protection of information in computer systems. Proceedings of the IEEE, 63(9), 1278–1308.
Sarathy, R. (2006). Security and the global supply chain. Transportation Journal, 45(4), 28–51.
Schneier, B. (2003). Beyond fear: Think sensibly about security in an uncertain world. Copernicus Books.
Sheffi, Y. (2001). Supply chain management under the threat of international terrorism. The International Journal of logistics management, 12(2), 1–11.
Shokri, R., Stronati, M., Song, C., & Shmatikov, V. (2017). Membership inference attacks against machine learning models. In 2017 IEEE Symposium on Security and Privacy (SP) (pp. 3–18). IEEE.
Sjöberg, L. (2000). Factors in risk perception. Risk Analysis, 20(1), 1–12.
Skahill, E., & West, D. M. (2021). Why hospitals and healthcare organizations need to take cybersecurity more seriously. Brookings. https://www.brookings.edu/blog/techtank/2021/08/09/why-hospitals-and-healthcare-organizations-need-to-take-cybersecurity-more-seriously/
Smith, D. (2003). Business continuity and crisis management. Management Quarterly, 44(1), 27–33.
Sood, B., Das, D., & Pecht, M. (2011). Screening for counterfeit electronic parts. Journal of Materials Science: Materials in Electronics, 22(10), 1511–1522.
Spekman, R., & Davis, E. W. (2016). The extended enterprise: A decade later. International Journal of Physical Distribution & Logistics Management, 46(1), 43–61.
Spence, N., Bhardwaj, N., Paul, D. P., & Coustasse, A. (2018). Ransomware in healthcare facilities: A harbinger of the future? Perspectives in Health Information Management, 15, 1–22.
SRA. (2021). SRA Glossary. https://www.sra.org/wp-content/uploads/2020/04/SRA-Glossary-FINAL.pdf
Stevens, M. (2018). Mitigating third party risk in supply chains. Risk Management Magazine. http://www.rmmagazine.com/articles/article/2018/12/03/-Mitigating-Third-Party-Risk-in-Supply-Chains-
Su, X. (2006). An overview of economic approaches to information security management. Technical Report TR-CTIT-06-30, University of Twente.
Subramani, M. (2004). How do suppliers benefit from information technology use in supply chain relationships? MIS Quarterly, 28(1), 45–73.
Suresh, N. C., Sanders, G. L., & Braunscheidel, M. J. (2020). Business continuity management for supply chains facing catastrophic events. IEEE Engineering Management Review, 48(3), 129–138.
Torabi, S. A., Giahi, R., & Sahebjamnia, N. (2016). An enhanced risk assessment framework for business continuity management systems. Safety Science, 89, 201–218.
US Department of Commerce. (2020). Entity list. Bureau of Industry and Security. https://www.bis.doc.gov/index.php/policy-guidance/lists-of-parties-of-concern/entity-list
US Department of Defense. (2004). Encouraging industry participation in the trusted foundry pilot program. Under Secretary of Defense for Acquisition, Technology, and Logistics, Jan 27, 2004.
US Department of Homeland Security. (2020). Combating trafficking in counterfeit and pirated goods. Office of Strategy, Policy & Plans. https://www.dhs.gov/sites/default/files/publications/20_0124_plcy_counterfeit-pirated-goods-report_01.pdf
US FDIC. (2008). Guidance for managing third-party risk. FIL-44-2008. US Federal Deposit Insurance Corporation. https://www.fdic.gov/news/financial-institution-letters/2008/fil08044a.html
US OCC. (2013). Third-party relationships: Risk management guidance. OCC Bulletin 2013–29. US Office of the Comptroller of the Currency. https://www.occ.gov/news-issuances/bulletins/2013/bulletin-2013-29.html
Vasudevan, M., Townsend, H., Dang, T. N., O'Hara, A., Burnier, C., & Ozbay, K. (2020). Summary of potential application of AI in transportation (No. FHWA-JPO-20-787).
Verma, N. K., Sharma, T., Rajurkar, S. D., & Salour, A. (2016, October). Object identification for inventory management using convolutional neural network. In 2016 IEEE Applied Imagery Pattern Recognition Workshop (AIPR) (pp. 1–6). IEEE.
Vitunskaite, M., He, Y., Brandstetter, T., & Janicke, H. (2019). Smart cities and cyber security: Are we there yet? A comparative study on the role of standards, third party risk management and security ownership. Computers & Security, 83, 313–331.
Williams, Z., Lueg, J. E., & LeMay, S. A. (2008). Supply chain security: An overview and research agenda. The International Journal of Logistics Management, 19(2), 254–281.
Wolff, E. D., Growley, K. M., Lerner, M. O., Welling, M. B., Gruden, M. G., & Canter, J. (2021). Navigating the SolarWinds Supply Chain Attack. The Procurement Lawyer, 56(2), 3–10.
Zsidisin, G. A., Melnyk, S. A., & Ragatz, G. L. (2005). An institutional theory perspective of business continuity planning for purchasing and supply management. International Journal of Production Research, 43(16), 3401–3420.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive licence to Springer Nature Switzerland AG
About this entry
Cite this entry
Collier, Z.A., Thekdi, S.A. (2024). Supply Chain Security. In: Sarkis, J. (eds) The Palgrave Handbook of Supply Chain Management. Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-031-19884-7_30
Download citation
DOI: https://doi.org/10.1007/978-3-031-19884-7_30
Published:
Publisher Name: Palgrave Macmillan, Cham
Print ISBN: 978-3-031-19883-0
Online ISBN: 978-3-031-19884-7
eBook Packages: Business and ManagementReference Module Humanities and Social SciencesReference Module Business, Economics and Social Sciences