1

WM0823TU: Security & Technology

Lecture 9 Aligning S&S Concepts; Securing the Supply Chain

Jan van den Berg

Faculty of Technology, Policy and Management

2April 19, 2023 2

Course overviewWeek # Date Subjects Lecturer

35 (1) Tuesday August 31 introduction: the risk society and the goals of the security & technology course

JvdB

36 (2) Monday September 6 refresh first lecture; financial risks: dealing with market risk: Assignment 1

JvdB

36 (3) Wednesday September 8 financial risks cont.: dealing with credit risk, operational risk, …

JvdB

37 (4) Monday September 13 risk analysis of the infrastructure Internet, an analysis framework: Assignment 2

JvdB

37 (5) Wednesday September 15 information security: an introduction JvdB

38 (6) Monday September 20 information security: threats, cybercrime, and how to deal deal with them: Assignment 3

JvdB

38 (7) Wednesday September 22 masterclass safety science Ben Ale

39 (8) Monday September 27 Information quality in public safety networks: Assignment 4

NB

39 (9) Wednesday September 29

aligning S&S Concepts;securing the supply chain: a case study

JvdB

40 (10) Monday October 4 calculation techniques for risk analysis in river- and coastal engineering: Assignment 5

PvG

40 (11) Wednesday October 6 reliability of software, human factors, and their lessons for the management of the Maeslant storm surge barrier

JvdB

41 (12) Monday October 11 wrap-up, preparation for the final examination JvdB

3

Outline

• Aligning concepts of WM0822TU and WM0823TU

• Case study: the port of Rotterdam• System approach to the Supply Chain (SC)• Securing the SC• A possible solution approach: securing the supply

chain based on better information provision• Conclusions and References

4

HAZARD BARRIER TARGET

Hazard Barrier Target Model

If barrier is not effective (due to a vulnerability), the hazard results/may result into a safety/security incident w.r.t. the target

5

Refresh: operational definition of risk

• Concepts: valuable resource, threat = Pr (attack occurs) [11], exploited vulnerabilities safety & security incidents occur having a certain risk measures are taken

• Operational definition:

Risk = Expected Loss = i pi x li where

li = (expected) loss of incident i, and

pi = Pr(incident i occurs) = Pr(attack i takes place and vulnerability i is exploited)

Valuable resource

threats

measures

6

Operational definition of risk extendedIf Risk = Expected Loss = i pi x li where li = (expected) loss of incident i,

we can rewrite the probability pi as

pi = Pr(incident i occurs) = Pr(attack i occurs and vulnerability i is exploited) = Pr(attack i occurs) * Pr(vulnerability i is exploited|attack i occurs).

So the risk can be lowered by reducing– expected losses li : sometimes reducible by introducing a good detection mechanism

(sensors for high water, fire alarm, …) in combination with corrective measures – Pr(attack occurs): often hard to be reduced (water flood, dedicated attacker, …)– Pr(vulnerability is exploited): often focus of risk reduction by taking preventative

measures (higher dikes, use of non-inflammable materials, …)

decomposition may help to calculate risk estimations.

7

AND

Motive

Means

Opportunity

O

HAZARD/ATTACK

BARRIERS TARGET

M M

Looking further at the attacker

If MMO barriers are not effective, the hazard /attack may result into a safety/security incident w.r.t. the target

8

Terrorist and the Swiss Cheese model

• when calculating probabilities, this behavior of attackers should be taken into account…

Line of defense against occurence of incident

Attacker

(Terrorist)

motive barrier

means barrier

opportunity barrier

9

Definition of risk extended, cont.

• We can further decompose the probability:

pi = Pr(incident i occurs) =

Pr(attack i occurs and vulnerability i is exploited) =

Pr(attack i occurs) * Pr(vulnerability i is exploited|attack i occurs)

with

Pr(attack i occurs) = Pr(motive i and means i and opportunity i ) =

Pr(motive i ) * Pr(means i and opportunity i |motive i ) =

Pr(motive i ) * Pr(means i |motive i ) * Pr(opportunity i | motive i and means i )

• Interesting observation: there might be data available to calculate/estimate all different probability components

10

Extending operational definition, cont.• We can even further decompose the probability:

pi = Pr(incident i occurs) =

Pr(attack i occurs and vulnerability i is exploited) = Pr(attack i occurs) * Pr(vulnerability i is exploited|attack i occurs)

with (see previous sheet)

Pr(attack i occurs) = Pr(motive i and means i and opportunity i ) =

Pr(motive i ) * Pr(means i and opportunity i |motive i ) =

Pr(motive i ) * Pr(means i |motive i ) * Pr(opportunity i | motive i and means i )

AND with Pr(vulnerability i is exploited|attack i occurs) =

Pr(barrier of motive i fails and barrier means i fails and barrier opportunity i fails|attack i occurs) =

Pr(barrier of motive i fails |attack i occurs) * Pr(barrier means i fails | …) * Pr (…|…)

• Exercise: further elaborate correctly the last equation…

11

Relation to Fault-Tree Analysis (FTA)• MMO model resembles fault-tree analysis in safety science:

concerns analysis ofsystem failure incidents(Bell, 1962)

• It’s based ondeductive logic(here with operators and and or)

• In deductive reasoning,a conclusion necessarilyfollows from its premises

• Note that still certain causesof an incident may have been forgotten!!(remember 9/11)

12

Risk calculation and bow-tie model

• What about lowering li ?

• This concerns reducing the impacts or consequences of a critical event

• Modeling of all possible consequences (impacts) can be done using an event tree: this also concerns a (probabilistic) decomposition (next sheet)

• Risk = Expected Loss =

i pi x li

• Reducing pi concerns all measures of lowering the probability of the occurrence of a critical event/security incident i

• So, reducing pi concerns the left part in bow-tie model (!)

13

Risk calculation and bow-tie model, cont.

• event tree: this concerns an inductive decomposition ofpossible consequences againstwhich certain measures can be taken

• In inductive reasoning, the conclusion may follow from its premises (but this is not sure)

• Risk = Expected Loss =

i pi x li

• Reducing li concerns all measures of lowering the impacts/consequences of an occurring critical event/security incident i

• So, reducing li concerns the right part in bow-tie model (!)

14

Bow-tie and Risk Calculation, a summary • Risk = Expected Loss =

i pi x li

• Bow-tie model is in a natural way linked to Risk formula:– left-hand side concerns pi ,

– right-hand side concerns li• Preventive measures help to

reduce pi

• Both preventive and detective and corrective measures may help to reduce the losses li(why? give an example)

15

Estimating risk = i pi x li , some approaches

• Data-driven based by using historical data: applied in statistical and business intelligence approaches (like e.g. in financial risk estimation: VaR, volatility, stocks’ portfolio risk, operational risk; idem in complex technical systems, healthcare, first-aid services)

• Decompositions in cause-consequence diagrams (combinations of fault trees and event trees like in bow-tie models) may help a lot

• Simulation = scenario-based, e.g. assuming estimated probability distributions (normal, Poisson etc): applied if insufficient relevant data are available and/or other analytical mathematical methods are insufficient (see next lecture on flooding)

• Expert-driven based by using their experience: can be applied in rule-based systems including fault trees and event trees

16

Outline

• Aligning concepts of SPM6400 and WM0813TU

• Case study: the port of Rotterdam• System approach to the Supply Chain (SC)• Securing the SC• A possible solution approach: securing the supply

chain based on better information provision• Conclusions and References

17

A case study

Port of Rotterdam Problem:What are the Information Needs that support the safety, security, (efficiency, agility, resilience, …)

and other desired properties of the supply chain of containers?

18

SC defined

• “A SC, logistics network, or supply network is a coordinated system of organizations, people, activities, information and resources involved in moving a product or service in physical or virtual manner from supplier to customer.

• Supply chain activities (also known as value chain or life cycle processes) transform raw material and components into a finished product that is delivered to the end customer”

• Note: usually concerns a world-wide system/infrastructure

19

SC activities, and our focus

• A SC consists of five basic activities [1] namely: – Buy: choosing suppliers, …– Make: factory locations & product lines, … – Move (our focus): setting up a transportation

network, in our case, a container supply chain – Store: warehousing, … – Sell: marketing, demand prediction, …

It is said that SCs link value chains [theory of Michael Porter: http://en.wikipedia.org/wiki/Value_chain]

20

Original (naive) framework [2],[3]

• Different (future) security needs (of different actors in different possible future worlds) determine information needs and therefore influence the IA• Original hypothesis: higher SCS has a positive effect on the SC efficiency

• Let us widen this perspective

21

Outline

• Aligning concepts of SPM6400 and WM0813TU

• Immediate cause: the port of Rotterdam• System approach to the Supply Chain (SC)• Securing the SC• A possible solution approach: securing the

supply chain based on better information provision

• Conclusions and References

22

Generic SA Framework (policy analysis)

External Forces(X)

System Domain forStrategies/Policies (R)

Decision makers

OutcomesOf Interest (O)

Goals, Objectives,Preferences (W)

Strategies (S)

Other Stakeholders

Policymaking/Governance

23

Supply Chain

External Forces

Decisionmakers

OutcomesOf Interest

Goals, Objectives,Preferences

Policies/Strategies

Stakeholders

Growing transportation demandsNew lawsImproved technologySecurity threatsMarket pressureCompetitive pressure

Container logistics operatorsContainer logistics organizersCustomsSupervisorsInstitutions between ActorsInformation Architecture andSupporting ICT Systems

Efficiency, Agility, Resilience, Safety, Security, Compliance, Sustainability, Profitability, …

Interest groupsTransport operatorsGovernmentEtc….

Port SA Framework

24

Obtained insights

• External forces make SCs a dynamic field• Outcomes of interest are manifold making the

SC problem a complex multi-objective (=multi-criteria) optimization problem (compare, e.g., optimization of financial portfolios…)

• Safety and Security problems can not be solved without taken into account other criteria

• Exercise: provide examples where S&S measures in the SC lower fulfillment of other wishes…

25

System diagram for an SC

Port Community

PortCommunity

Origin Destination

Su

ppl

iers

Downstream ProcurementProduction

Customs Customs

Sea terminal

Sea terminal

Producer/shipper

Producer/shipper

Producer/shipper

Su

ppl

iers

Su

ppl

iers

Ret

aile

rsR

etai

lers

Ret

aile

rs

ShippingLine

RecipientWholesalerCFS/ DC

RecipientWholesalerCFS/ DC

RecipientWholesalerCFS/ DC

Port Community

Customs Sea terminal

UpstreamRetail & delivery

In LandPre carriage

Sea Transport In LandOn carriage

export import

In LandPre carriage

Transhipment

Port Authorities

Port Authorities

Port Authorities

ShippersRecipients

Transhipment & Storage

AuthoritiesLogistic Service Providers Forwarders & agents Banks & InsuranceLegend

Network with different supply chains and port communities

26

3 layers in the SC [5],[8], a way to compactly conceptualize the SC system• Governance

– inspection– verification

(by customs, port authorities, …)

• Transactions– contracting– transacting

• Logistics– transport– transshipment

27

SC system actors

– Customer group: final customers of the SC                  – Organizing group: responsible for the organization of the

physical transport and supporting information documents– Physical group: this group is responsible for the physical

processes in the SC– Authorizing group: this group is composed of organizations

responsible for public infrastructure and of regulatory authorities that monitor whether the SC companies observe the rules and regulations that apply to them.

– Financial group: this group supports the financial transactions between the different organizations in the SC

28

SC System Actor transactions (high level) [7]

• Transactions in the supply chain modeled using the DEMO-methodology• Claim: only the fundamental aspects of the SC transactions are shown

29

Stakeholder Objectives and Outcomes of interest

• Objectives:– SC efficiency– SC effectiveness– SC agility– SC resilience– SC security– SC sustainability– SC profitability

• Outcomes??? (let stakeholders prioritize their wishes…!)

30

Objectives & Outcomes, examples

• SC agility: focus on instantaneous demand capture, interpretation and response by

– being market sensitive(dynamic demand driven)– being information-based information visibility(instead of inventory-based)– collaborative working via process integration and alignment between chain partners

• Related Outcomes ??

• SC resilience: in the corporate world, resilience refers to the ability to bounce back from a large disruption; this includes, for instance, the speed which it returns to normal performance levels (production, service, fill rates, etc [10]

• Related Outcomes ??

31

Objectives & Outcomes, cont.

• SC security relates to safeguarding the proper working of the SC against intentional security threats including theft, smuggle and terrorist attacks •SC safety relates to safeguarding against unintentional security threats

• Related Outcomes ??

• SC sustainability relates to the environmental perspective such that future generations can still make use of the SC that is currently designed and implemented

• Related Outcomes ??

32

Hypotheses on the role of ICT(not to be elaborated on)

• SC visibility ~ the level of transparency with regards to the status and location of physical objects (resources, containers, and goods), the accompanying information flows and the money flows [8]

• Underlying hypothesis: with better information, we can move our product through the pipeline rather than investing our resources in safety inventory[http://www.descartes.com/resources/solutions/visibility_event_mgmt.pdf ]

• Similarly, it is often hypothesized that SC visibility enhances efficiency, sustainability, agility, resilience, …

33

External forces

• Growing Transportation Demands• More Dynamic Transportation Demands• New Laws• Improved Technology• Threats• Market pressure: customers (especially

producers of goods) demand that products arrive safely and in time

• Competitive pressure

34

Agenda

• Aligning concepts of SPM6400 and WM0813TU

• Immediate cause: the port of Rotterdam• System Approach to the Supply Chain (SC) • Securing the SC• A possible solution approach: securing the supply

chain based on better information provision• Conclusions and References

35

An example, the PROTECT project

• Uitgangspunt bij het PROTECT project is de vraag hoe ladingstromen veilig (secure) én efficiënt (efficient) afgehandeld kunnen worden (~ outcomes of interest!)

• Havens zijn bij uitstek gepositioneerd om een belangrijk platform te vormen dat, met het oog op veilige ladingbehandeling, een veelheid van dienstverlenende en toezichthoudende partijen kan faciliteren

• Met de haven van Rotterdam is Nederland goed gepositioneerd om deze functie voor internationale goederenstromen te ontwikkelen[brochure “Ondernemers profiteren van veilige ketens”]

36

Security of a SC defined

• A secure supply chain is a supply chain where various measures have been taken to guarantee a certain level of security. Security measures can be taken with regards to (a combination of) the flows as taking place in the 3-layer model (slide 20)

• PROTECT focuses on security measures against– theft– smuggle– terrorist attacks

For precise definitions of these, see [2]

37

Security threats within PROTECT [2]

• Physical security threats:– Infrastructure threats: terrorists have the objective to damage

or destroy transport elements in order to disrupt the transport supply chain: transport elements are terrorists’ target

– Supply chain threats: • the terrorist has the objective to misuse the transport supply

chain as their means to create damage, fear or fatalities:• transport elements are not the target but the means: they

are misused in the following ways:• the transport supply chain (cargo or mobile unit) is used as a

means to conceal and transport various explosives, incendiary devices or nuclear devices to a location where they are unloaded or detonated;

• the transport supply chain (cargo or mobile unit) is misused as a weapon

38

Countermeasures

•countermeasures can be proposed (wrt related security incidents using a risk analysis approach)• The set of applied security measures concern a security policy

39

Elaborating Efficiency, Agility, …

• SC efficiency, agility, sustainability, … can be achieved by– …– …which require the following measures, i.e., the

following efficiency, agility, sustainability, … policies!

• Hypothesis: these different policies are partly in line but also partly conflicting!!

40

Agenda

• Aligning concepts of SPM6400 and WM0813TU

• Immediate cause: the port of Rotterdam• System Approach to the Supply Chain (SC) • Securing the SC• A possible solution approach: securing the supply

chain based on better information provision• Conclusions and References

41

Solution approach

1. Design appropriate policies (in terms of general measures, and their information needs) for the SC in the port of Rotterdam(conceptualized according the 3 level model of slide 26) with respect to some objectives introduced before(security, agility, sustainability, profitability, ...): not elaborated here

2. Analyze to what extent these policies (measures) are consistent or contradictory

3. Refine/design policies such that conflicts are resolved and resulting information needs are known: not elaborated here

4. Analyze existing information sources 5. Design a information architecture solution that fulfills the

information needs (and takes stakeholders’ interests into account and builds upon existing infrastructure, if possible)

42

2. Trade-offs in SCS measures, a result from a literature study and analysis

Conceptual model [4] showing important trade-offs

Discussion:In what sense

can SC transparency/visibility enhance • BOTH SC efficiency• AND SC security ??

1. Supply Chain Security Risks

3. Supply Chain Security Measures

4. High Level of Information Availability

5. Supply Chain Transparency

6. Effectiveness of Supply Chain

Security Measures

7. Supply Chain Security

8. Supply Chain Efficiency

- Governments- Supply Chain Authorities - Supply Chain Actors- Society

2. Affected/Imposing Parties Affecting

Imposing

Requires

Requires

+

-

+

-

+

+

+

43

4. Information needs

Research wrt information needs around the security phenomena theft, smuggle, terrrorism showed this [3]:

44

5. Existing information infrastructure• Research shows that existing infrastructure suffers

from– many stakeholders, often using their own, local ICT

solution (non-compatible with others)– stakeholders have low incentives to share data (in a

competitive market)– existing information systems only partly cover information

needs:

45

5. Future information provision infrastructure

• Modern ICT-technology can help by using a web-based distributed information system architecture

• Basic idea: define a flexible XML-basedcommunication standard

• Every communication partner – needs to adapt to that standard– can share what (s)he wants to share

(and keep confidential…)

• One step further: developing a distributed communication system based on web services where every stakeholders provides a set of information services using a well-defined API

46

Agenda

• Aligning concepts of SPM6400 and WM0813TU

• Immediate cause: the port of Rotterdam• System Approach to the Supply Chain (SC) • Securing the SC• A possible solution approach: securing the supply

chain based on better information provision• Conclusions and References

47

Conclusions

• There is high need to align notions from different scientific fields around SSJ

• Supply chain security cannot be considered as an isolated problem but relates to other supply chain aims

• Only having defined the SC right priorities/aims, the design of an appropriate information architecture can be set up

• The interests of individual stakeholders can be an obstacle in achieving the best solution possible (“wet van de remmende voorsprong” holds again…)

• Modern ICT is capable to provide the technological solutions needed

48

References

[1] Joshi, V. Y. (2000), Information Visibility And Its Effect On Supply Chain Dynamics, Master thesis, Massachusetts Institute of Technology

[2] Nawid Popal: “Information Needs for Container Security in the Port of Rotterdam”, MSc thesis, EUR, autumn 2008 (to appear), [http://www.tbm.tudelft.nl/live/pagina.jsp?id=70163a1a-37c1-4f78-8cb0-50653874a96b&lang=en , nr 79]

[3] Mark Meijer: “Towards an Information System Architecture for Supply Chain Security in Container Transport”, MSc thesis, EUR, Jan. 2007 [http://www.tbm.tudelft.nl/live/pagina.jsp?id=70163a1a-37c1-4f78-8cb0-50653874a96b&lang=en , nr 72]

[4] M.P.A. van Oosterhout, A. Veenstra, M. Meijer, N. Popal, and J. van den Berg, “Agile IT and visibility platforms for enhancing supply chain security”, in Proceedings of the International Symposium on Maritime Safety, Security and Environmental Protection, Athens, Greece, September 2007

[5] Oosterhout, M.P.A. van, Veenstra, A.W., Zuidwijk, R., Berg, J. van den, “Supply Chain Agility and Supply Chain Security Need not go Hand in Hand: Evidence from Empirical Studies”, Proceedings of SBNi-2008 conference, Beijing, China, Springer, May/September 2008.

49

References, cont.

[6] TRANSUMO, “Ondernemers profiteren van veilige ketens, PROTECT als platform voor samenwerking”, Februari 2008

[7] D. Strijdhaftig et al., “PROTECT WP3.1, explorations with SOA”, February 2008.

[8] http://www.rand.org/pubs/technical_reports/2004/RAND_TR214.pdf

[9] Oosterhout, M.P.A. van, Veenstra, A.W., Zuidwijk, R., Berg, J. van den, “Supply Chain Agility and Supply Chain Security: the PROTECT case”, working title, in preparation.

[10] http://web.mit.edu/sheffi/www/selectedMedia/genmedia.buildingresilientsupplychain.pdf

[1] H.H. Willis et al., “Estimating Terrorism Risk”, technical report, RAND cooperation, 2005