securing the infrastructure to address emerging threats
TRANSCRIPT
Securing the Supply Chain – A Major Challenge for the Government12:50 p.m. -1:30 p.m.
Speakers include:• Chaz Chastain, Supply Chain Solutions, IBM Federal Software Group
Securing the Supply Chain – A Major Challenge for the Government
Chaz ChastainSupply Chain Solutions
IBM Federal Software Group
The Session Focuses on the Supply Chain Portion of the Life Cycle Trusted Technology Provider Standard (O-TTPS) – snapshot released March 9, 2012 – a set of prescriptive requirements and recommendations for organizational best
practices to mitigate technology supply chain threatsApply across product life cycle. Some highly correlated to threats of taint and
counterfeit. Others more foundational but considered essential.
Focus on 2 areas of requirements – that often overlap depending on product and provider:
- Technology Development mostly under the provider’s in-house supervision- Supply Chain activities mostly where provider interacts with third parties who contribute their piece in the product’s life cycle
Working with NIST, DHS, DoD and across industry on Special Publication and Accreditation Program
3
Technology Development
SupplyChain
Sourcing BuildDesign Sustainment DisposalDistributionFulfillment
A global industry-led initiative defining best practices for secure engineering and supply chain integrity so that you can “Build with Integrity and Buy with Confidence™”
Open Group Trusted Technology Forum
The Global Supply Chain
...is a truly global asset that all stakeholders must collaboratively work to strengthen
...is essential to our national security and economic prosperity
...provides the goods that feed our domestic critical infrastructure....
...nations worldwide...rely upon the goods transported by the Global Supply Chain system
DHS website
S.A.F.E. Act of 2006
The Security and Accountability for Every Port Act was signed into law in 2006.
National Strategy
Under the provisions of the S.A.F.E. Act, the Secretary of the Department of Homeland Security was to establish the
National Strategy for Global Supply Chain Security.
January 2012, the National Strategy for Global Supply Chain Security was signed by the President.
The Strategy has two goals:-Promote the efficient and secure movement of goods-Foster a supply chain that is prepared for and can
withstand evolving threats and hazards, and rapidly recover from disruptions.
National Strategy for Global Supply Chain Security
...operate effectively in time of crisis
...recover quickly from disruptions
...synchronize [the] approach to protecting global supply chains
...integrated US Government perspective
...foster a resilient system that can absorb shocks
...integrating efforts to manage risk
...leverage a layered defense
...identify and resolve threats as early as possible
In Today’s World, Managing the Dynamics of Global Supply Chains, Government and Public Sector, is Complex
Making supply chains more secure, resilient, able to absorb shocks and recover rapidly from disruptions is even more complex.
End-to-End Supply Chain VisibilityIs critical for:
-Mitigating known supply chain risks-Managing new and unexpected risks and threats-Understanding what is impacting, negatively or positively, the supply chain
Answers questions such as:-How many supplies of this do I have access to?-Where are they all located?-In how many locations?-In what quantities?
And, if supplies are drop shipped:-How many touch points are there?-By whom?-How do I ensure supplies are not “Grey Market?”
Shows the Inbounds and Outbounds of supplies-Do I have exposed supplies on a loading dock ?-Are mission critical supplies held up at the outbound
loading dock ?
Supply Chain ResiliencyInfrastructure that allows for dynamic changes:
-Must provide for robust scalability-Dynamic flexibility-Dynamic extensibility
In order to absorb shocks and have rapid recovery:-Must be able to facilitate dynamic reconfiguration-Rapid supplier on-boarding
Must have access to near real-time information:-Across disparate organizational, geographical, and geo-political boundaries-Across disparate and multiple IT infrastructures
Must be able to synchronize core supply chain processes-Across multiple users-Across multiple customers-Across multiple organizational units-Across multiple suppliers and partners around the world
Security for the Data Associated with the Supply Chain Monitor, control and manage virtually all aspects of the flow of
information associated with the supply chain Secure and shield trusted networks from external attacks by preventing
direct communications between trading partners and internal servers Demilitarized zone-based (DMZ) authentication, session breaks and SSL
terminations, prior to allowing communications with the trusted network Incorporate firewall navigation best practices to prevent direct
communications between internal and external servers and expose attack at the perimeter.
Centralized file gateway to monitor, administer, route and transform high volumes of inbound and outbound files
Incorporate messaging, human interventions, and file and database activities within the integrated business process models
Visibility, Control and Management of Information
13
13
Carriers
Banks
Partners
Suppliers
Gov Agency
Banks
Banks
Carriers
CarriersPartner
s
PartnersSupplier
s
Suppliers
Gov Agency
Preventing unauthorized access
IBM® Sterling Secure Proxy
Preventing unauthorized access
IBM® Sterling Secure Proxy
Peer-to-peer file transfers via file systemIBM® Sterling Connect:Direct®
Agency Business
Unit
Agency Business
Unit
Agency Business
Unit
Agency Enterprise
Integrate B2B Processes Sterling Integrator
B2B Onboarding and file transfersSterling File Gateway
Manage and monitor file transfer activityIBM® Sterling Control Center
IBM’s Supply Chain Solution Environment
Interoperability Native XML
XML Mapping & Transformation
Standards such as EDI,
RosettaNet, SOAP
Extensibility User Interface
Business Logic
Data Model
Functional Component
Independence
Scalability Architected for high throughput
N-tier, component-based
architecture
Leverages leading App
Servers
Multi-enterprise Multi-tenant
Extraprise Participant
Models
Participant Collaboration
Internationalized
Procurement And Fulfillment Foundation
Procurement and Service
IBM’s End-to-End Solution
SCIApplication
SCIApplication
SCIApplication
SCI
Application
SupplyChain Visibility
Supply Chain Optimization
Example Through a Case Study
ICBS CharterWill allow the use of ICBS by National, Local, and Remote (temporary)
Caches, thereby providing the business community with a consistent approach to automating cache systems nationwide
Provides the capability for National Cache personnel to view the inventories of other National Caches and Local and Remote Caches within their support area, and to place resource requests electronically with these caches through ROSS
Utilizes a system architecture that conforms to established agency or federal enterprise architecture, and contributes to a standard NWCG enterprise architecture
GSA
Local Vendors
Cache Incident Camp
Other Agencies
Incident Management Supply ChainWith IBM Order & Warehouse Management
Preposition
Material<drop ship>
ICBS & S.A.F.E Act of 2006Infrasture that allows for dynamic changes:
-Must provide for robust scalability-Dynamic flexibility-Dynamic extensibility
In order to absorb shocks and have rapid recovery:-Must be able to facilitate dynamic reconfiguration-Rapid supplier onboarding
Must have access to near real-time information:-Across disparate organizational, geographical, and geo-political boundries-Across disparate and multiple IT infrastructures
Must be able to synchronize core supply chain processes-Across multiple users-Across multiple customers-Across multiple organizational units-Across multiple suppliers and partners around the world
21
Sterling Platform – Process ModelingUnique CapabilitiesUnique Capabilities
Ability to configure all warehouse processes using business process definition framework
Enables warehouse to manage different processes in same warehouse based on Business division/enterprise, Customers, Carriers/shipment mode
Ability to configure all warehouse processes using business process definition framework
Enables warehouse to manage different processes in same warehouse based on Business division/enterprise, Customers, Carriers/shipment mode
BenefitsBenefits
Enables customers to react to changes as imposed by their customers or carriers easily
Reduced TCO due to flexibility provided via process modeling and integrated event management reducing the need for programming or customizations.
Enables customers to react to changes as imposed by their customers or carriers easily
Reduced TCO due to flexibility provided via process modeling and integrated event management reducing the need for programming or customizations.
ICBS & S.A.F.E Act of 2006Infrasture that allows for dynamic changes:
-Must provide for robust scalability-Dynamic flexibility-Dynamic extensibility
In order to absorb shocks and have rapid recovery:-Must be able to facilitate dynamic reconfiguration-Rapid supplier on-boarding
Must have access to near real-time information:-Across disparate organizational, geographical, and geo-political boundaries-Across disparate and multiple IT infrastructures
Must be able to synchronize core supply chain processes-Across multiple users-Across multiple customers-Across multiple organizational units-Across multiple suppliers and partners around the world
Global Supply VisibilityAchieve “order from anywhere, fulfill from anywhere” business model with accurate promising against global availability of inventory, services and logistics resources.
Benefits
Minimized inventory and elimination of excess buffer stocks
Maximized revenue with improved promise and fill rates
Unique Capabilities Total supply visibility
• All supply types (status) • All locations in a network (owned or
otherwise) Supply & Demand synchronization Complex Order Promising
• Product, Services and Logistics
ICBS & S.A.F.E Act of 2006Infrastructure that allows for dynamic changes:
-Must provide for robust scalability-Dynamic flexibility-Dynamic extensibility
In order to absorb shocks and have rapid recovery:-Must be able to facilitate dynamic reconfiguration-Rapid supplier on-boarding
Must have access to near real-time information:-Across disparate organizational, geographical, and geo-political boundaries-Across disparate and multiple IT infrastructures
Must be able to synchronize core supply chain processes-Across multiple users-Across multiple customers-Across multiple organizational units-Across multiple suppliers and partners around the world
The Service Definition Framework allows integration services to be defined that either provide input to an API from any internal system or event handler, and
conversely, output from an API to any internal system or event listener
Service Definition FrameworkInteracting with External Systems
ICBS Integrations
ICBS-R
ROSS
NITC
National Caches / ICBS-R
Incident Camp / I-Suite Dispatch Centers / ROSS
Secure FTP Site
Pay.gov – Credit Card
<future>
FBMS – Billing
GSA – PO Processing<future>
For Additional Information
Visit the Agile Summit Solution Center for demonstrations of these capabilities.
Ask an IBM Ambassador for additional information (case study, white paper, solution brief, etc.) related to the content shared during this session.
For a follow up discussion, complete the IBM Response Card on the table in front of you.
Thank You!Chaz ChastainSupply Chain SolutionsIBM Federal Software Group