Daily Archives: October 31, 2006

Your Supply Chain is NOT Secure! Part II.

Yesterday we discussed how the article Nine Cautionary Tales in the September (2006) issue of IEEE Spectrum makes it abundantly clear that no matter what you think, your supply chain is NOT secure – regardless of how safe you think your supply chain is or what voluntary security initiatives you might subscribe to.

Today we are going to discuss some ways to mitigate the risks that are, more-or-less, out of your control. What is more important is that many of these risks are not just terrorist risks (where you literally have no control), but natural disaster risks as well (where you may not be able to take any reasonable precaution).

We’ll discuss each scenario in turn.

Bomb in a Box

Scenario: A bomb is detonated in a shipping container somewhere in a major port city. Hundreds, if not thousands, of shipping containers (which now contain 90% of international cargo) are destroyed or damaged and the port is shut-down for weeks during investigation and recovery.

Mitigation: There’s nothing you can do to stop this, but you can insure it does not devastate your business. In addition to mitigating supply risk by using two suppliers, you should also mitigate delivery risk of key shipments (critical direct materials or high-demand, low supply consumer goods such as those Sony PS3′s that are going to fly off the shelves) by using two logistics carriers or insuring that your logistics carrier splits shipments across ports, containers, and trucks. Make sure you use multiple ports as part of your regular operations, and can re-route shipments quickly if one port gets considerably backed up (or temporarily shut down due to a natural disaster, terrorist attack, or strike).


Scenario: Terrorists take out part of the power grid and a whole city, state, or even region goes dark – taking out your operation with it.

Mitigation: Critical operations, which for most companies today revolve around data-centers, should have their own back-up generators. Your communications network should also have its own back-up generators. Even if you can’t work, you should still be able to keep in constant communication with your supply chain so that you can recover quickly when the power comes back on. (And cell phone batteries only last so long!)

Toxic Train Wreck

Scenario: A terrorist blows a hole in the side of a tank car transporting toxic chemicals, such as chlorine gas. This scenario is more dangerous than you think – most railway lines go through major cities near densely populated areas. And this could also be caused by a de-railing, which could be caused by a downed tree (due to a lightening strike), also putting this risk in the natural disaster category.

Mitigation: Make sure you have evacuation plans for all of your offices and plants and the ability to hot-swap your operations to a remote location.

Crude Attack

Scenario: A highly trained commando squad blows up a refinery. A very expensive processing plant is destroyed, toxic smoke fills the air, oil supply drops, and energy prices skyrocket.

Mitigation: Have evacuation plans in place if your offices or plants are close to refineries, power-generation stations, or chemical manufacturing or processing plants that could cause a significant hazard if something goes wrong. Make sure your critical back-up power centers can run basic operations on alternate sources of energy – wind power, solar power, biofuels, etc. Consider geo-thermal heating and cooling. You might not be able to meet all of your power needs this way, but the less gas you need to keep going, the less an oil-based energy crisis will affect your business.


Scenario: A small group of terrorists infect small groups of cows with mad-cow disease in geographically remote parts of the country and in order to contain what appears to be a burgeoning epidemic, hundreds of million of cattle are slaughtered across the country. (The virus that causes this disease is harmless to humans.)

Mitigation: The real danger here is if your business relies on beef – distributor or steak-house. The mitigation is to make sure you are set-up to import beef from multiple countries at any one time.

Black Christmas

Scenario: Terrorists blanket shopping malls with open containers of mercaptan (the highly volatile and noxious-smelling chemical ordinarily used to signal the presence of propane gas) and postal offices with anthrax stimulants, scaring consumers away from shopping malls and shutting down the largest delivery service. Sales plummet.

Mitigation: First of all, don’t bet your business on a single holiday season. If you are in the business of seasonal novelties, diversity and attack all the holidays. Secondly, make sure you are set up to work with multiple delivery carriers, local and national. Standard courier rates are quite high, but some companies will give you great deals on volume, which will allow you to use them instead of the post-office at only a slightly higher cost. (This is critical especially if the bulk of your sales are low dollar goods. Most people will not want to pay a 50%+ shipping premium. For example, I’ve never ordered a single 11.99 CD at 7.99 next-day courier shipping.)

Star Struck

Scenario: A group of highly trained activists takes over a prestigious televised event with a number of important people present.

Mitigation: This sort of endeavor would take months and months of up-front planning and infiltration into all of the appropriate service organizations. There are two potential approaches here. The first is to move the event around and not select your service organizations too far in advance. However, if you are holding your event at a high profile venue in a city where resources need to be booked months (and months) in advance, this is not feasible. Make sure that all of the organizations you use are establish, trusted, and cognizant of best-practice security procedures. Make sure they do background checks on all new employees and that the security firm you hire does a complete, up-to-date, risk assessment, even if it’s worked the venue before.

A Farmer’s Fury

Scenario: A group of angry activists make truck-bombs using their unrestricted access to ammonium nitrate fertilizer, drive them up to a building, walk away, and detonate them using a remote detonator.

Mitigation: Restrict parking near critical facilities. If you feel this is a real threat, manually inspect all large vehicles entering your premises.

Too Much – Or Too Little

Scenario: In the future, airline security has lapsed to pre-9/11 levels as the urgency to protect the homeland has subsided with reduced terrorist attacks and a new government to the point where someone could walk on the plane with a shoe-bomb. (This also has an accidental equivalent, the plane crashes.)

Mitigation: The time-tested “don’t put all your executives on the same plane (, bus, or boat)”.