Category Archives: Technology

Is The Air Force’s Billion Dollar Flop the Biggest Supply Chain Failure in History?

Six years ago, Supply Chain Digest published a piece on “The 11 Greatest Supply Chain Disasters” in history, which was updated in a blog post on The Top Supply Chain Disasters of All Time by Editor-in-Chief Dan Gilmore back in 2009 which added five new ones to the list, bringing the total to 16.

The top three were:

  • the failure of Foxmeyer’s “Lights Out” Warehouse,
    which was the top disaster in the original report and wiped out the 5 Billion dollar company almost over night;
  • the Boeing outsourcing fiasco,
    which led to massive 2-year plus delays in the production and delivery of the long-awaited 787 Dreamliner and some 2 Billion in charges to fix supplier problems; and
  • GM’s Robot Mania,
    in the 1980s when CEO Robert Smith pent 40 Billion on robots that didn’t work for the most part

But SI thinks the Recent Air Force Modernization Effort should top the list. As per this great article over on the New York Times Site on the Billion-Dollar Flop, the six-year old effort that had already eaten up more than 1 Billion didn’t even achieve a quarter of the planned capabilities — with another Billion required to achieve that minimal target. This says that the effort, supposed to cost $628 Million, would require over 8 Billion to complete! This easily dwarfs the 2 Billion in charges plus losses due to delayed sales suffered by Boing and the 5 Million Foxmeyer failure.

Does it dwarf the GM failure? The failed gamble cost GM a lot, but they are still in business, and posted almost 1.5 Billion in profit last year. And they were able to fix their processes and technology and improve over time.

In comparison, the Air Force is stuck relying on legacy logistics systems, some of which have been in use since the 1970s. And it turns out that this failure is just the tip of the iceberg, with the Institute for Defense Analyses noting that modernization of the department’s software systems, which has been a priority for 15 years, has cost over 5.8 Billion as of 2009 and most large operational software system efforts are still behind schedule. So now we’re up to six billion.

And the losses mount for every year a legacy system (way) past it’s prime has to remain in production. With today’s rapid pace of software, and hardware, refresh cycles, it’s often difficult to find a replacement part for a piece of hardware that is only 3-years old, and if you do find it, it’s costly. The Air Force has to find replacement parts for systems that are 13 and 30 years old! And lets not forget energy and support costs! Older systems often consume way more power and require more support hours than newer systems. Plus, over time, the expertise in supporting such systems goes from relatively common to extremely rare as more and more people retire or move to different systems and technologies and no new people learn the antiquated systems. As a result, the expertise that remains becomes very costly as the few people left demand a premium and expenses mount when they have to be flown in from halfway across the country.

Plus, the failure has instilled a fear of future technology fiascos, causing them to impose an across-the-board deadline of 18 to 24 months for future upgrade projects. While this sounds good in theory, and an upgrade project for most systems generally shouldn’t take longer, there are some systems where the requirements analysis is going to take 6-12 months and the migration plan, which will involve a lot of data mappings, development, and testing, will take just as long. Add a staged implementation plan, quality assurance, and user testing, as well as time for any customizations the COTS (Commercial Off The Shelf) Vendor has to make to the core system, and the project could take longer. So, this is going to prevent some upgrades from happening until COTS technology in certain area improves or a vendor is willing to bite the bullet and create the mapping middleware without a contract in the hopes it will get one. In the mean time, losses mount.

While SI does not have the data to calculate, it would bet that if you did a total loss analysis over all delayed and failed projects leading up to, revolving around, and including the modernization initiative, over the last decade, the number would be 5 times higher, just like the license cost of an on-premise software solution amortized over five years turns out to often be 1/10th of the total cost of ownership.

It might not add up to a 40 Billion loss yet, but by the time the Air Force recovers and modernizes all of the systems that need modernizing, it will likely get there.

Risk – The More Things Change, The More They Stay the Same V – Technology

In our last post, we indicated that the World Economic Forum had recently released its 7th annual Global Risks report, it’s 2011 edition. This report was filled with risk, dozens of risk divided into five categories to be precise. Today, we are going to discuss the top technology risks from a Supply Management perspective.

Two of the biggest Risks Haven’t Changes Since Last Year:

Online Data and Information Security, specifically the risk of a
Massive Incident of Data Fraud or Theft

Every week we hear about another data breach at another retailer. What we don’t often hear about, because consumers aren’t directly affected, is yet another network intrusion at a Global 3000 or Global Financial Institution. While the average hacker might want your credit card, the average hacker employed by organizations that resort to corporate espionage wants your data — and your Supply Management related data in particular — or all of your corporate customer’s data. What are you making? What are the specifications? Where? With who? When are you shipping? From Where? With what carrier? And who is buying? And where are their bank accounts located? If any of your confidential data finds its way to your competition before you’re ready to release a new product, the losses could be crippling. What if your competitor is able to use your plans to jump-start their development of a better version and beat you to market? What if thieves intercept your critical shipments and sell your product on the black market? And if your customers data is exposed, and their accounts are hacked, good luck staying in business if all you have is inventory no one else wants but the company’s that just went bankrupt thanks to your lack of security. While a consumer’s financial solvency depends on her credit card information being kept secure, your organization’s financial solvency often depends on your Supply Management data and your customers’ financial data being kept secure.

Critical Information Infrastructure Breakdown /
Critical Systems Failure

Face it. It’s impossible to manage a global supply chain without modern supply management systems and the information infrastructure that supports them. What happens if your primary data centre gets taken out? What happens if your headquarters loses power for 48 hours? What happens if the land lines fail and the one satellite that carries cellular signals for your (remote) location stops responding? The minute your internet goes down, your business stops. Literally. And since your information infrastructure could breakdown as the result of a (power) grid overload, a data centre failure, an environmental disaster, or a terrorist action, all of which can not be predicted (or prevented in many situations), this is a significant risk that requires risk mitigation plans be in place and ready to go at a moment’s notice.

These two risks have become an even greater threat to your organization and round out the top 4:

Cyberattacks
Cyberatttacks and Cyberwarfare is on the rise, and the chances of it significantly disrupting your business and your supply chain are on the rise. As early as 2009, reports appeared that indicated that China and Russia had infiltrated the U.S. electrical grid and left behind trojans that could be used to disrupt the system. If the entire power grid can be taken offline, there goes your data centre. And even if the grid is safe, a concentrated attack on top level internet domain name servers can take down the internet for days. The recent GoDaddy outage, which some blamed on the Anonymous Collective, but which GoDaddy stated was a DNS upgrade error, took down thousands of sites for almost a day. McAfee might be hoping that the Anonymous Collective will decline in 2013, but I wouldn’t bet on it. And given the state of the current economy, I would bet that incidents of cyber-ransom, where thieves hijack your internet domains and electronic data and demand money for their safe return, will be on the rise.

Mineral Resource Vulnerability

China dominates the rare earth metals marketplace, controlling 90%+ of the supply of some of the critical rare earth metals needed for modern electronics. What will happen if they decide to cut off supply from the rest of the world? What will happen if the Somali pirates and the organized crime cartels figure out that these mineral and metal shipments are even more valuable than drugs, guns, oil, and finished iPads and turn their attention to these shipments? Are you prepared for supply shortages that will shut down your electronic and information technology hardware production lines?

I Got Your Mail. And I Don’t Even Need A Side-Channel Attack.

How? I just used your password. As recently reported by CNN.com, SplashData just released its “Worst Passwords” list compiled from common passwords posted by hackers. I can’t believe how stupid the top 25 are. It’s insane. I don’t even need a brute-force dictionary to have a good chance of breaking into a random account if this is what still passes for a password these days! If you have one of these, you might want to consider changing it. But if you’re going to use a dictionary word, at least mis-spell it, or it won’t be much harder for a hacker with a brute-force dictionary-based script and a bit of patience.

1. password

2, 123456

3. 12345678

4. abc123

5. qwerty

6. monkey

7. letmein

8. dragon

9. 111111

10. baseball

11. iloveyou

12. trustno1

13. 1234567

14. sunshine

15. master

16. 123123

17. welcome

18. shadow

19. ashley

20. football

21. jesus

22. michael

23. ninja

24. mustang

25. password1

Let’s be Clear. Logistics Services and Logistics Technology Services Are NOT the Same!

And while the technology they use is important, the initial focus should be on the logistics services and whether the logistics services they offer are sufficient enough for the provider to even be under consideration.

Recently, I came across the headline that offered 5 Essential Technology Questions to Ask Any Logistics Service Provider and, as logistics services are not the same as logistics technology services, I assumed it would focus on judging the logistics provider’s general level of technical competence online and off, but the questions were entirely oriented around the technology solution used by the provider. While a good solution is good, because you need visibility, integration, etc., the first thing you need is to get your goods delivered. The second thing you need is sustainability. Then you need technology – and if the provider is deficient, there’s always the possibility that you can provide the technology. In other words, while the questions were good, I think they were off track. Here were the questions:

  1. What does visibility really mean to the provider?
  2. Can they customize their tools to meet your needs?
  3. What process integration options do they offer?
  4. How many current providers are integrated with their technology?
  5. How mature is their system availability process?

These are important, but I’d start with:

  1. What technology do they use to manage their fulfillment operations?
  2. How sophisticated is the schedule capability? Can it handle last-minute shipment changes?
  3. How much visibility can they give you into their schedules, capacity, and your shipments?
  4. Is the integration format standard and supported by your systems, or will you need some custom integration work?
  5. What is their ability to support their system, or yours if their system does not have the requisite visibility?

    Basically, you want to know that:

    1. They are using a fairly modern tool and have a firm, efficient grasp on their operations.
    2. They can handle dynamic schedules and expedited shipments when needed.
    3. You can get the visibility you need, even if someone has to do some development work.
    4. The integration can be accomplished efficiently and effectively.
    5. They, and you, are not dependent on a third party to manage, support, and query the system.

    A logistics services provider is not going to be an expert in software and systems. That’s not their core strength, so you shouldn’t be asking them questions like they are. That being said, you should make sure they are technologically literate and able to make use of appropriate technology. Find the balance, or you might end up eliminating some potentially great partners.

Got Cloud? I Got Mail. Your Mail!

And that’s just the beginning. I’ve warned you before that you can’t control the clouds and that they are inherently insecure. But did you listen? Nope. Clouds are gaining in popularity, and, consequently, every day more and more data is there for the taking, by experienced AND novice hackers alike.

As per this recent article in the (MIT) Technology Review, on “How to Steal Data from Your Neighbour in the Cloud”, a recent study (by researchers at the Universities of Wisconsin and North Carolina) has proven that software hosted in one part of the cloud can spy on software hosted nearby.

This study conducted an experiment in which malicious software was run on hardware designed to mimic the equipment used by cloud companies such as Amazon. The software was able to steal an encryption key that was used to secure e-mails from software belonging to another user. This allowed the researchers to decrypt e-mails sent by the user (which are easily captured by packet sniffers on a compromised machine attached to the cloud).

As per the article, the new attack undermines one of the basic assumptions underpinning cloud computing: that a customer’s data is kept completely separate from data belonging to any other customer. This separation is supposedly provided by virtualization technology. However, because virtual machines running on the same physical hardware share resources, the actions of one can impinge on the performance of the other, an attacker in control of one virtual machine can snoop on data stored in memory attached to one of the processors running the cloud environment (that is used as a cache in a trick known as a side-channel attack).

Remember this before you go for a full-fledged cloud solution. SaaS from a private data centre run by a single vendor is probably okay if they maintain separate database instances for each client (with their own, separate, encryption keys). But shared services on a cloud are probably not a good idea. At least not from a security perspective.