Date post: | 22-Dec-2015 |
Category: |
Documents |
Upload: | suzan-benson |
View: | 215 times |
Download: | 0 times |
1
WM0823TU: Security & Technology
Lecture 9 Aligning S&S Concepts; Securing the Supply Chain
Jan van den Berg
Faculty of Technology, Policy and Management
2April 19, 2023 2
Course overviewWeek # Date Subjects Lecturer
35 (1) Tuesday August 31 introduction: the risk society and the goals of the security & technology course
JvdB
36 (2) Monday September 6 refresh first lecture; financial risks: dealing with market risk: Assignment 1
JvdB
36 (3) Wednesday September 8 financial risks cont.: dealing with credit risk, operational risk, …
JvdB
37 (4) Monday September 13 risk analysis of the infrastructure Internet, an analysis framework: Assignment 2
JvdB
37 (5) Wednesday September 15 information security: an introduction JvdB
38 (6) Monday September 20 information security: threats, cybercrime, and how to deal deal with them: Assignment 3
JvdB
38 (7) Wednesday September 22 masterclass safety science Ben Ale
39 (8) Monday September 27 Information quality in public safety networks: Assignment 4
NB
39 (9) Wednesday September 29
aligning S&S Concepts;securing the supply chain: a case study
JvdB
40 (10) Monday October 4 calculation techniques for risk analysis in river- and coastal engineering: Assignment 5
PvG
40 (11) Wednesday October 6 reliability of software, human factors, and their lessons for the management of the Maeslant storm surge barrier
JvdB
41 (12) Monday October 11 wrap-up, preparation for the final examination JvdB
3
Outline
• Aligning concepts of WM0822TU and WM0823TU
• Case study: the port of Rotterdam• System approach to the Supply Chain (SC)• Securing the SC• A possible solution approach: securing the supply
chain based on better information provision• Conclusions and References
4
HAZARD BARRIER TARGET
Hazard Barrier Target Model
If barrier is not effective (due to a vulnerability), the hazard results/may result into a safety/security incident w.r.t. the target
5
Refresh: operational definition of risk
• Concepts: valuable resource, threat = Pr (attack occurs) [11], exploited vulnerabilities safety & security incidents occur having a certain risk measures are taken
• Operational definition:
Risk = Expected Loss = i pi x li where
li = (expected) loss of incident i, and
pi = Pr(incident i occurs) = Pr(attack i takes place and vulnerability i is exploited)
Valuable resource
threats
measures
6
Operational definition of risk extendedIf Risk = Expected Loss = i pi x li where li = (expected) loss of incident i,
we can rewrite the probability pi as
pi = Pr(incident i occurs) = Pr(attack i occurs and vulnerability i is exploited) = Pr(attack i occurs) * Pr(vulnerability i is exploited|attack i occurs).
So the risk can be lowered by reducing– expected losses li : sometimes reducible by introducing a good detection mechanism
(sensors for high water, fire alarm, …) in combination with corrective measures – Pr(attack occurs): often hard to be reduced (water flood, dedicated attacker, …)– Pr(vulnerability is exploited): often focus of risk reduction by taking preventative
measures (higher dikes, use of non-inflammable materials, …)
decomposition may help to calculate risk estimations.
7
AND
Motive
Means
Opportunity
O
HAZARD/ATTACK
BARRIERS TARGET
M M
Looking further at the attacker
If MMO barriers are not effective, the hazard /attack may result into a safety/security incident w.r.t. the target
8
Terrorist and the Swiss Cheese model
• when calculating probabilities, this behavior of attackers should be taken into account…
Line of defense against occurence of incident
Attacker
(Terrorist)
motive barrier
means barrier
opportunity barrier
9
Definition of risk extended, cont.
• We can further decompose the probability:
pi = Pr(incident i occurs) =
Pr(attack i occurs and vulnerability i is exploited) =
Pr(attack i occurs) * Pr(vulnerability i is exploited|attack i occurs)
with
Pr(attack i occurs) = Pr(motive i and means i and opportunity i ) =
Pr(motive i ) * Pr(means i and opportunity i |motive i ) =
Pr(motive i ) * Pr(means i |motive i ) * Pr(opportunity i | motive i and means i )
• Interesting observation: there might be data available to calculate/estimate all different probability components
10
Extending operational definition, cont.• We can even further decompose the probability:
pi = Pr(incident i occurs) =
Pr(attack i occurs and vulnerability i is exploited) = Pr(attack i occurs) * Pr(vulnerability i is exploited|attack i occurs)
with (see previous sheet)
Pr(attack i occurs) = Pr(motive i and means i and opportunity i ) =
Pr(motive i ) * Pr(means i and opportunity i |motive i ) =
Pr(motive i ) * Pr(means i |motive i ) * Pr(opportunity i | motive i and means i )
AND with Pr(vulnerability i is exploited|attack i occurs) =
Pr(barrier of motive i fails and barrier means i fails and barrier opportunity i fails|attack i occurs) =
Pr(barrier of motive i fails |attack i occurs) * Pr(barrier means i fails | …) * Pr (…|…)
• Exercise: further elaborate correctly the last equation…
11
Relation to Fault-Tree Analysis (FTA)• MMO model resembles fault-tree analysis in safety science:
concerns analysis ofsystem failure incidents(Bell, 1962)
• It’s based ondeductive logic(here with operators and and or)
• In deductive reasoning,a conclusion necessarilyfollows from its premises
• Note that still certain causesof an incident may have been forgotten!!(remember 9/11)
12
Risk calculation and bow-tie model
• What about lowering li ?
• This concerns reducing the impacts or consequences of a critical event
• Modeling of all possible consequences (impacts) can be done using an event tree: this also concerns a (probabilistic) decomposition (next sheet)
• Risk = Expected Loss =
i pi x li
• Reducing pi concerns all measures of lowering the probability of the occurrence of a critical event/security incident i
• So, reducing pi concerns the left part in bow-tie model (!)
13
Risk calculation and bow-tie model, cont.
• event tree: this concerns an inductive decomposition ofpossible consequences againstwhich certain measures can be taken
• In inductive reasoning, the conclusion may follow from its premises (but this is not sure)
• Risk = Expected Loss =
i pi x li
• Reducing li concerns all measures of lowering the impacts/consequences of an occurring critical event/security incident i
• So, reducing li concerns the right part in bow-tie model (!)
14
Bow-tie and Risk Calculation, a summary • Risk = Expected Loss =
i pi x li
• Bow-tie model is in a natural way linked to Risk formula:– left-hand side concerns pi ,
– right-hand side concerns li• Preventive measures help to
reduce pi
• Both preventive and detective and corrective measures may help to reduce the losses li(why? give an example)
15
Estimating risk = i pi x li , some approaches
• Data-driven based by using historical data: applied in statistical and business intelligence approaches (like e.g. in financial risk estimation: VaR, volatility, stocks’ portfolio risk, operational risk; idem in complex technical systems, healthcare, first-aid services)
• Decompositions in cause-consequence diagrams (combinations of fault trees and event trees like in bow-tie models) may help a lot
• Simulation = scenario-based, e.g. assuming estimated probability distributions (normal, Poisson etc): applied if insufficient relevant data are available and/or other analytical mathematical methods are insufficient (see next lecture on flooding)
• Expert-driven based by using their experience: can be applied in rule-based systems including fault trees and event trees
16
Outline
• Aligning concepts of SPM6400 and WM0813TU
• Case study: the port of Rotterdam• System approach to the Supply Chain (SC)• Securing the SC• A possible solution approach: securing the supply
chain based on better information provision• Conclusions and References
17
A case study
Port of Rotterdam Problem:What are the Information Needs that support the safety, security, (efficiency, agility, resilience, …)
and other desired properties of the supply chain of containers?
18
SC defined
• “A SC, logistics network, or supply network is a coordinated system of organizations, people, activities, information and resources involved in moving a product or service in physical or virtual manner from supplier to customer.
• Supply chain activities (also known as value chain or life cycle processes) transform raw material and components into a finished product that is delivered to the end customer”
• Note: usually concerns a world-wide system/infrastructure
19
SC activities, and our focus
• A SC consists of five basic activities [1] namely: – Buy: choosing suppliers, …– Make: factory locations & product lines, … – Move (our focus): setting up a transportation
network, in our case, a container supply chain – Store: warehousing, … – Sell: marketing, demand prediction, …
It is said that SCs link value chains [theory of Michael Porter: http://en.wikipedia.org/wiki/Value_chain]
20
Original (naive) framework [2],[3]
• Different (future) security needs (of different actors in different possible future worlds) determine information needs and therefore influence the IA• Original hypothesis: higher SCS has a positive effect on the SC efficiency
• Let us widen this perspective
21
Outline
• Aligning concepts of SPM6400 and WM0813TU
• Immediate cause: the port of Rotterdam• System approach to the Supply Chain (SC)• Securing the SC• A possible solution approach: securing the
supply chain based on better information provision
• Conclusions and References
22
Generic SA Framework (policy analysis)
External Forces(X)
System Domain forStrategies/Policies (R)
Decision makers
OutcomesOf Interest (O)
Goals, Objectives,Preferences (W)
Strategies (S)
Other Stakeholders
Policymaking/Governance
23
Supply Chain
External Forces
Decisionmakers
OutcomesOf Interest
Goals, Objectives,Preferences
Policies/Strategies
Stakeholders
Growing transportation demandsNew lawsImproved technologySecurity threatsMarket pressureCompetitive pressure
Container logistics operatorsContainer logistics organizersCustomsSupervisorsInstitutions between ActorsInformation Architecture andSupporting ICT Systems
Efficiency, Agility, Resilience, Safety, Security, Compliance, Sustainability, Profitability, …
Interest groupsTransport operatorsGovernmentEtc….
Port SA Framework
24
Obtained insights
• External forces make SCs a dynamic field• Outcomes of interest are manifold making the
SC problem a complex multi-objective (=multi-criteria) optimization problem (compare, e.g., optimization of financial portfolios…)
• Safety and Security problems can not be solved without taken into account other criteria
• Exercise: provide examples where S&S measures in the SC lower fulfillment of other wishes…
25
System diagram for an SC
Port Community
PortCommunity
Origin Destination
Su
ppl
iers
Downstream ProcurementProduction
Customs Customs
Sea terminal
Sea terminal
Producer/shipper
Producer/shipper
Producer/shipper
Su
ppl
iers
Su
ppl
iers
Ret
aile
rsR
etai
lers
Ret
aile
rs
ShippingLine
RecipientWholesalerCFS/ DC
RecipientWholesalerCFS/ DC
RecipientWholesalerCFS/ DC
Port Community
Customs Sea terminal
UpstreamRetail & delivery
In LandPre carriage
Sea Transport In LandOn carriage
export import
In LandPre carriage
Transhipment
Port Authorities
Port Authorities
Port Authorities
ShippersRecipients
Transhipment & Storage
AuthoritiesLogistic Service Providers Forwarders & agents Banks & InsuranceLegend
Network with different supply chains and port communities
26
3 layers in the SC [5],[8], a way to compactly conceptualize the SC system• Governance
– inspection– verification
(by customs, port authorities, …)
• Transactions– contracting– transacting
• Logistics– transport– transshipment
27
SC system actors
– Customer group: final customers of the SC – Organizing group: responsible for the organization of the
physical transport and supporting information documents– Physical group: this group is responsible for the physical
processes in the SC– Authorizing group: this group is composed of organizations
responsible for public infrastructure and of regulatory authorities that monitor whether the SC companies observe the rules and regulations that apply to them.
– Financial group: this group supports the financial transactions between the different organizations in the SC
28
SC System Actor transactions (high level) [7]
• Transactions in the supply chain modeled using the DEMO-methodology• Claim: only the fundamental aspects of the SC transactions are shown
29
Stakeholder Objectives and Outcomes of interest
• Objectives:– SC efficiency– SC effectiveness– SC agility– SC resilience– SC security– SC sustainability– SC profitability
• Outcomes??? (let stakeholders prioritize their wishes…!)
30
Objectives & Outcomes, examples
• SC agility: focus on instantaneous demand capture, interpretation and response by
– being market sensitive(dynamic demand driven)– being information-based information visibility(instead of inventory-based)– collaborative working via process integration and alignment between chain partners
• Related Outcomes ??
• SC resilience: in the corporate world, resilience refers to the ability to bounce back from a large disruption; this includes, for instance, the speed which it returns to normal performance levels (production, service, fill rates, etc [10]
• Related Outcomes ??
31
Objectives & Outcomes, cont.
• SC security relates to safeguarding the proper working of the SC against intentional security threats including theft, smuggle and terrorist attacks •SC safety relates to safeguarding against unintentional security threats
• Related Outcomes ??
• SC sustainability relates to the environmental perspective such that future generations can still make use of the SC that is currently designed and implemented
• Related Outcomes ??
32
Hypotheses on the role of ICT(not to be elaborated on)
• SC visibility ~ the level of transparency with regards to the status and location of physical objects (resources, containers, and goods), the accompanying information flows and the money flows [8]
• Underlying hypothesis: with better information, we can move our product through the pipeline rather than investing our resources in safety inventory[http://www.descartes.com/resources/solutions/visibility_event_mgmt.pdf ]
• Similarly, it is often hypothesized that SC visibility enhances efficiency, sustainability, agility, resilience, …
33
External forces
• Growing Transportation Demands• More Dynamic Transportation Demands• New Laws• Improved Technology• Threats• Market pressure: customers (especially
producers of goods) demand that products arrive safely and in time
• Competitive pressure
34
Agenda
• Aligning concepts of SPM6400 and WM0813TU
• Immediate cause: the port of Rotterdam• System Approach to the Supply Chain (SC) • Securing the SC• A possible solution approach: securing the supply
chain based on better information provision• Conclusions and References
35
An example, the PROTECT project
• Uitgangspunt bij het PROTECT project is de vraag hoe ladingstromen veilig (secure) én efficiënt (efficient) afgehandeld kunnen worden (~ outcomes of interest!)
• Havens zijn bij uitstek gepositioneerd om een belangrijk platform te vormen dat, met het oog op veilige ladingbehandeling, een veelheid van dienstverlenende en toezichthoudende partijen kan faciliteren
• Met de haven van Rotterdam is Nederland goed gepositioneerd om deze functie voor internationale goederenstromen te ontwikkelen[brochure “Ondernemers profiteren van veilige ketens”]
36
Security of a SC defined
• A secure supply chain is a supply chain where various measures have been taken to guarantee a certain level of security. Security measures can be taken with regards to (a combination of) the flows as taking place in the 3-layer model (slide 20)
• PROTECT focuses on security measures against– theft– smuggle– terrorist attacks
For precise definitions of these, see [2]
37
Security threats within PROTECT [2]
• Physical security threats:– Infrastructure threats: terrorists have the objective to damage
or destroy transport elements in order to disrupt the transport supply chain: transport elements are terrorists’ target
– Supply chain threats: • the terrorist has the objective to misuse the transport supply
chain as their means to create damage, fear or fatalities:• transport elements are not the target but the means: they
are misused in the following ways:• the transport supply chain (cargo or mobile unit) is used as a
means to conceal and transport various explosives, incendiary devices or nuclear devices to a location where they are unloaded or detonated;
• the transport supply chain (cargo or mobile unit) is misused as a weapon
38
Countermeasures
•countermeasures can be proposed (wrt related security incidents using a risk analysis approach)• The set of applied security measures concern a security policy
39
Elaborating Efficiency, Agility, …
• SC efficiency, agility, sustainability, … can be achieved by– …– …which require the following measures, i.e., the
following efficiency, agility, sustainability, … policies!
• Hypothesis: these different policies are partly in line but also partly conflicting!!
40
Agenda
• Aligning concepts of SPM6400 and WM0813TU
• Immediate cause: the port of Rotterdam• System Approach to the Supply Chain (SC) • Securing the SC• A possible solution approach: securing the supply
chain based on better information provision• Conclusions and References
41
Solution approach
1. Design appropriate policies (in terms of general measures, and their information needs) for the SC in the port of Rotterdam(conceptualized according the 3 level model of slide 26) with respect to some objectives introduced before(security, agility, sustainability, profitability, ...): not elaborated here
2. Analyze to what extent these policies (measures) are consistent or contradictory
3. Refine/design policies such that conflicts are resolved and resulting information needs are known: not elaborated here
4. Analyze existing information sources 5. Design a information architecture solution that fulfills the
information needs (and takes stakeholders’ interests into account and builds upon existing infrastructure, if possible)
42
2. Trade-offs in SCS measures, a result from a literature study and analysis
Conceptual model [4] showing important trade-offs
Discussion:In what sense
can SC transparency/visibility enhance • BOTH SC efficiency• AND SC security ??
1. Supply Chain Security Risks
3. Supply Chain Security Measures
4. High Level of Information Availability
5. Supply Chain Transparency
6. Effectiveness of Supply Chain
Security Measures
7. Supply Chain Security
8. Supply Chain Efficiency
- Governments- Supply Chain Authorities - Supply Chain Actors- Society
2. Affected/Imposing Parties Affecting
Imposing
Requires
Requires
+
-
+
-
+
+
+
43
4. Information needs
Research wrt information needs around the security phenomena theft, smuggle, terrrorism showed this [3]:
44
5. Existing information infrastructure• Research shows that existing infrastructure suffers
from– many stakeholders, often using their own, local ICT
solution (non-compatible with others)– stakeholders have low incentives to share data (in a
competitive market)– existing information systems only partly cover information
needs:
45
5. Future information provision infrastructure
• Modern ICT-technology can help by using a web-based distributed information system architecture
• Basic idea: define a flexible XML-basedcommunication standard
• Every communication partner – needs to adapt to that standard– can share what (s)he wants to share
(and keep confidential…)
• One step further: developing a distributed communication system based on web services where every stakeholders provides a set of information services using a well-defined API
46
Agenda
• Aligning concepts of SPM6400 and WM0813TU
• Immediate cause: the port of Rotterdam• System Approach to the Supply Chain (SC) • Securing the SC• A possible solution approach: securing the supply
chain based on better information provision• Conclusions and References
47
Conclusions
• There is high need to align notions from different scientific fields around SSJ
• Supply chain security cannot be considered as an isolated problem but relates to other supply chain aims
• Only having defined the SC right priorities/aims, the design of an appropriate information architecture can be set up
• The interests of individual stakeholders can be an obstacle in achieving the best solution possible (“wet van de remmende voorsprong” holds again…)
• Modern ICT is capable to provide the technological solutions needed
48
References
[1] Joshi, V. Y. (2000), Information Visibility And Its Effect On Supply Chain Dynamics, Master thesis, Massachusetts Institute of Technology
[2] Nawid Popal: “Information Needs for Container Security in the Port of Rotterdam”, MSc thesis, EUR, autumn 2008 (to appear), [http://www.tbm.tudelft.nl/live/pagina.jsp?id=70163a1a-37c1-4f78-8cb0-50653874a96b&lang=en , nr 79]
[3] Mark Meijer: “Towards an Information System Architecture for Supply Chain Security in Container Transport”, MSc thesis, EUR, Jan. 2007 [http://www.tbm.tudelft.nl/live/pagina.jsp?id=70163a1a-37c1-4f78-8cb0-50653874a96b&lang=en , nr 72]
[4] M.P.A. van Oosterhout, A. Veenstra, M. Meijer, N. Popal, and J. van den Berg, “Agile IT and visibility platforms for enhancing supply chain security”, in Proceedings of the International Symposium on Maritime Safety, Security and Environmental Protection, Athens, Greece, September 2007
[5] Oosterhout, M.P.A. van, Veenstra, A.W., Zuidwijk, R., Berg, J. van den, “Supply Chain Agility and Supply Chain Security Need not go Hand in Hand: Evidence from Empirical Studies”, Proceedings of SBNi-2008 conference, Beijing, China, Springer, May/September 2008.
49
References, cont.
[6] TRANSUMO, “Ondernemers profiteren van veilige ketens, PROTECT als platform voor samenwerking”, Februari 2008
[7] D. Strijdhaftig et al., “PROTECT WP3.1, explorations with SOA”, February 2008.
[8] http://www.rand.org/pubs/technical_reports/2004/RAND_TR214.pdf
[9] Oosterhout, M.P.A. van, Veenstra, A.W., Zuidwijk, R., Berg, J. van den, “Supply Chain Agility and Supply Chain Security: the PROTECT case”, working title, in preparation.
[10] http://web.mit.edu/sheffi/www/selectedMedia/genmedia.buildingresilientsupplychain.pdf
[1] H.H. Willis et al., “Estimating Terrorism Risk”, technical report, RAND cooperation, 2005