Cyber supply chains, much like physical ones, come with risks and volatility. All supply chains must be flexible enough to handle these challenges without halting the flow of information. In this book chapter excerpt, you'll learn about the different areas that make up a cyber supply chain -- the players, the processes and the systems -- and find out how these elements drive cyber supply chain volatility.
Table of contents:
Identifying cyber supply chain volatility
Designing Risk-Tolerant Cyber Supply Chain Communities
When they think about supply chain volatility, most companies tend to focus on the physical
aspects or manifestations of these ups and downs. However, cyber, or information supply chains are
equally impacted by volatility and must be designed and managed to account for such
In the remaining chapters of this part of the book, we focus on the impact of volatility on so-called cyber supply chains, and how information technology can be and is used not only to mitigate the impacts of volatility, but to take competitive advantage of it. We define the cyber supply chain as all of the information flows, technologies, and IT infrastructure and processes that support the other key types of supply chains—physical, financial, and service.
And we look at how one manages cyber supply chains in the face of ongoing volatility.
Volatility Drivers in the Cyber Supply Chain
To gain an appreciation for the volatility drivers within the cyber supply chain, we first look at the three major elements of any supply chain system: the players, the processes, and the systems.
The Players: Business Collaboration Networks
First, the players. Although we traditionally refer to the supply chain (and others have used the term demand chain, as that implies a more customer-centric view), the reality is that products get made and services delivered by a whole business collaboration network, or community, of trading partners as shown in Figure 11.1. It was Charles Handy who many years ago coined the term the "shamrock" or "cloverleaf" organization, presaging the outsourcing phenomenon that exists today. Handy argued that companies would—or should—over time focus on what became known as core competencies, and then move non-core functions to other organizations for which these functions were indeed core. Thus, each of these outsourced capabilities was a separate leaf on the cloverleaf. That is very much the reality we have today.
Today, Business Collaboration Network (BCN) complexity for manufacturers has continued to increase for a number of reasons. For one, the growing practice of "near shoring," in which companies source from suppliers closer to home for a variety of strategic business reasons, is likely to increase, not decrease, the number of trading partners as a result of pressures for greater regionalization. Furthermore, as emerging markets such as China, Russia, and Brazil become demand centers in their own right, "near sourcing" becomes a relative term. In other words, from a North American or Western European perspective, offshoring meant production in China that was destined to be shipped back home. But for demand originating in China, that is home—it is simply domestic production for China.
Figure 11.1 Business collaboration network diversity. This figure illustrates the diverse set of trading partners in a typical supply chain.
Near sourcing also is on the rise thanks to increasing logistics costs, uncertain or substandard quality from low-cost production centers, and highly variable and long lead times that result from having geographically far-flung operations.
The upshot of this is that there likely will be more shipments (though not in bulk), more
orders, and more trading partners with whom a manufacturer must collaborate. As a direct
consequence, there will be more numerous and diverse trade regulations with which to comply, more
systems to connect with, more service levels to manage, and so on. In such an environment,
consortiums or "virtual communities" must be able to form, evolve, and eventually dissolve very
To understand the communities’ perspective, just think about how the economic crisis that began in late 2008 will affect the supply chains of the auto industry or high-tech sector. General Motors has just emerged from bankruptcy, a shadow of its former self, and with one new big partner—the U.S. government. GM has shed business units, is in the process of consolidating its dealer base, and also is trying to establish its place among the list of "green" automakers with hybrids and electric cars. One of its major suppliers, and a former business unit, Delphi, has been in bankruptcy, and now it looks as if the creditors will take control of the organization. The Saturn business unit is now defunct, GM unable to find a buyer.
How can all of this upheaval not affect GM’s collective supply chains? Not to mention the corporation's customers, who undoubtedly wonder how they will get service and spare parts for their cars. If you were the CIO of GM, just imagine how your world has changed in terms of how you need to support the business.
In the high-tech sector, we can expect to see further consolidation upstream in the semiconductor producers and foundries, as they deal with sharply diminished demand and lots of excess capacity. Further downstream with the electronic manufacturing systems (EMS) providers, or contract manufacturers, like Hon Hai, Flextronics, Jabil, Celestica, Sanmina, and so on, we are likely to see a continuing effort on their part to further segment and specialize their business offerings and develop new ways of sharing risk with their OEM partners.
In this current economic climate—and "current" is likely to encompass the next two to three years at least—were EMS providers to focus too heavily on their traditional low-cost-manufacturing value proposition, they would simply destroy their margins and ultimately their market value. So, if you are a CIO at one of these companies, what do you do to support the specialized business offerings that inevitably will shape how you support new, more differentiated supply chain activity?
Logistics companies such as UPS, FedEx, Maersk, DHL, and others also are in an interesting position, not completely dissimilar to the contract manufacturers. While they do not get involved with product design or bottom-up manufacturing, they increasingly are involved in the postponement and returns strategies of their customers. These strategies include outsourcing to logistics providers activities such as final assembly, kitting, private labeling and packaging, returns management, and even simple repairs or refurbishment. Clearly, logistics service providers (LSPs) compete with each other. But where do they draw the line between competing and collaborating with contract manufacturers or EMS providers who offer quite similar, often overlapping supply chain services to their customers?
Global supply chain security issues also add to LSPs operating challenges, as they must deal with increasingly stringent controls over physical movement of goods from one country to another. For example, the recent 10+2 trade regulations that require shippers and carriers to provide additional information on imports to the United States has forced companies to quickly assess how they will collect this data and how they will orchestrate it with other shipment data. If you are the CIO of an LSP or an importing manufacturer or retailer, how do you respond?
This all points to the fact that competition in today’s supply chains is becoming increasingly granular and fluid. In a Harvard Business Review article, the authors discussed the need for companies to "micro market"—getting much more granular in their selling strategies in order to uncover growth segments (albeit smaller segments, by definition). More recently, others have argued that it is time to "rethink marketing" and get much more customer centric. Among other things, they highlight the growing need to make better use of technologies like CRM (customer relationship management) and Business Intelligence to support this trend. Almost of necessity, this will affect supply chain strategy, both on the planning and the execution side.
From an IT perspective, then, CIOs must be ready to support and enable "micro" business collaboration networks, each with its own rules of operation, service levels, integration and collaboration requirements, and application needs. This creates a whole new dimension of volatility management as these supply chain permutations multiply in order to create competitive distinction.
The Processes: Multi-Enterprise and Market-Specific
The Supply Chain Operations Reference (SCOR) model has become a sort of de facto standard way to describe supply chain processes and their associated inputs, outputs, and metrics. It was initially developed by AMR Research and the consultancy PRTM, along with a consortium of member companies, in response to growing demands for consistent benchmarks of supply chain practices. It is now maintained by the Supply Chain Council, a not-for-profit organization.
What the SCOR model calls "Source" is often referred to as the "procure-to-pay" process. Similarly, "Deliver" is often referred to as the "order-to-cash" process. But one of the key things that this model highlights is the concept that the five core supply chain processes—Plan, Source, Make, Deliver, Return—are inherently multi-enterprise processes. One company’s Source process links to another’s Deliver process. Returns to supplier and customer returns are likewise joined at the hip. Even the Make process involves linkages to multiple companies when outsourced manufacturing, final assembly, or kitting and repairs are concerned.
Like other standards, the SCOR model has gone a long way in helping manufacturers and supply chain participants use a common language to describe not only their internal processes, but also the boundaries of external processes as well. But it also has exposed the inherent complexities of trying to manage multi-enterprise processes. Oh for the good old days when materials requirements planning (MRP) systems first debuted, and companies’ chief concern was how to eliminate work-in-process inventory within the cozy four walls of their own plants!
These five basic SCOR processes have significant variability by industry sector, by
market served, and by the very nature of the products being bought and sold. For example, in the high-tech industry, new product introductions are frequent, product obsolescence often is very rapid, and products are highly complex and require configuration based upon specific customer requirements. Contrast this with the food and beverage sector where, though new product introductions may be more frequent and numerous, the products themselves are much simpler and involve fewer tiers in the supply chain.
Nevertheless, there can be significant complexity in terms of seasonality of demand, special packaging and private labeling, variability of supply, and special logistics requirements such as refrigeration. This creates unique requirements for the information systems that must manage these variants of the basic SCOR-level processes of Plan, Source, Make, Deliver, and Return.
Figure 11.2 SCOR (Supply Chain Operations Reference) Process Model.
The theme we keep coming back to, therefore, is the fact that not only are these processes highly complex and individualized, but they are seldom static. This turbulence in processes leads us to our next topic of discussion: the kinds of information systems and infrastructure that are needed to support the highly volatile mix of players, processes, and market dynamics.
The Systems: Diversity Reigns
Now we turn to the systems—the "cyber" component of the supply chain. If we consider together the players, the processes, and the systems, what we often find in manufacturers is something like the diagram in Figure 11.3.
In truth, this diagram vastly understates the complexities of the underlying systems needed to support the supply chain. The reality is that individual companies often operate with multiple enterprise resource planning (ERP) systems from different vendors, or, at the very least, multiple instances of a single ERP solution dispersed globally. Additionally, organizations rely on one or more best of breed (BoB) software vendors for functions such as supply chain network design, demand forecasting, supply chain planning, and production scheduling. One business unit may have its own custom product lifecycle management tool, whereas other business units may use best-of-breed or ERP capabilities to manage their products. Shop floor and manufacturing execution systems (MES) are likely to vary from plant to plant to accommodate the unique requirements of any given production environment. And, of course, there is the pervasive use of spreadsheets to manage "stuff in the middle"—pulling data from multiple sources, manually manipulating them and then using the results to make decisions or report performance.
All of this information-related complexity is exacerbated by mergers, acquisitions, spin offs, and other business ventures that continuously shuffle the deck for companies. Each new venture brings with it a new set of systems and processes that must eventually be aligned with those of the original enterprise. Thus, even for companies whose intent is to standardize on a single ERP system, the reality of mergers, acquisitions, and new ventures pushes the realization of this goal indefinitely into the future.
To manage the complexity and volatility of these IT systems, companies have deployed, or are considering deploying, a whole cadre of technology solutions that can loosely fall under the umbrella of Business Intelligence (BI). These solutions include:
- Data warehouses
- BI analytics and performance reporting
- Operational BI Simulation
- Supply chain visibility, business activity monitoring, and complex event processing.
These systems collect and store in one place various transactional data that flow through a wide range of ERP, CRM, and other systems, including such data as customer orders, shipments, and inventory movements. Their power lies in their ability to "slice and dice" data in a myriad of ways to support analyses of performance and patterns of supply chain behavior.
Figure 11.3 Typical IT, business process, and trading partner environment. Each of the trading partners described in the Business Collaboration Network section are involved in executing supply chain processes such as order-to-cash or purchase-to-pay. In most cases, a wide array of IT systems such as enterprise resource planning, supply chain planning, etc. is required to enable an end-to-end process such as order to cash.
As supply chains grow more complex, and as process improvements from the so-called "low-hanging fruit" become more difficult to identify, these BI tools have continued to advance to provide more real-time, and even predictive, views of supply chain performance (e.g., the so-called operational BI). Their role spans upfront network design to real-time monitoring and alerting to after-the-fact tools for root cause analysis and process improvement. It is rapidly becoming insufficient to report simply on "how did we do?" Organizations also must be capable of assessing "why did we get the results we did?" through tools such as these which help uncover patterns of either desirable or undesirable activity.
For an enterprise to operate at optimum effectiveness, all of these information technologies must be able to communicate with one another. This requires an integration platform that is the underpinning of all of the lines of communication indicated in Figure 11.4.
Fundamentally, this platform consists of three capabilities: business-to-business (B2B) integration, managed file transfer, and enterprise integration. Collectively, these capabilities enable a company to seamlessly and securely collaborate both internally with various business units and systems and externally with the gamut of trading partners with whom the company transacts business.
Figure 11.4 Core capabilities of an integration platform. This figure depicts the integration platform that underpins corporate IT.
Enterprise integration runs the gamut from connecting major applications together, such as ERP customer relationship management (CRM), and various supply chain management applications, to tying together various home-grown systems that have arisen over time to meet very specific needs of the business (or, in many cases, as stop-gap solutions to pressing problems that could not easily be resolved using commercial off-the-shelf software). Too, there is the ubiquitous use of spreadsheets that pull data down from the system of record, and in some cases, feed transactional data back to these same systems.
The integration of all these disparate information systems among external business trading partners—i.e., B2B integration—is all about engaging in electronic commerce with customers, suppliers, contract manufacturers, logistics providers, customs agents, and other entities. Electronic Data Interchange (EDI) has been the de facto standard for how companies have collaborated to simplify and standardize the way they conduct business, but dozens of other standards like RosettaNet, Odette, and CIDX have popped up to deal with the industry-specific needs of high-tech, automotive, and chemical manufacturers, just to cite a few examples. There is a certain irony to the term "standard" in this context, as the inherent differences and ongoing volatility in business requirements have made it quite difficult for companies to keep pace with the rate of change in the technology needed.
Managed file transfer sits in between the internal and external integration technologies as a vehicle to ensure secure movement of data of all kinds, whether they are transactional data, customer proprietary data, or company intellectual property. This could include files ranging from spreadsheets used to summarize intermediate production or financial results to large CAD/CAM (computer aided design/computer aided manufacturing) files to sensitive customer master data.
This was first published in November 2010