Building resilience into the supply chain: interview with Yossi Sheffi
In his new book, The Power of Resilience, MIT professor Yossi Sheffi looks at how businesses can anticipate, prepare for, and respond to disruptive events.
Peter Bradley is an award-winning career journalist with more than three decades of experience in both newspapers and national business magazines. His credentials include seven years as the transportation and supply chain editor at Purchasing Magazine and six years as the chief editor of Logistics Management.
How vulnerable is your supply chain? What can you do to protect it from disruptions, especially those you cannot anticipate? These questions take on more and more urgency in an age of complex global supply chains, where events in one region can disrupt the operations of businesses and their customers on the other side of the world.
In his new book, The Power of Resilience: How the Best Companies Manage the Unexpected, Yossi Sheffi examines what many companies have done—and are doing—to anticipate, prepare for, and respond to disruptions that can range from earthquakes to hurricanes to cyberattacks to issues with sourcing that could harm business reputations.
The book is Sheffi's second on the topic of resilience. His first, The Resilient Enterprise, was published in 2005 in response to the 9/11 attacks. In the intervening decade, much has changed in both the landscape of supply chain risks and the implementation of corporate resiliency programs, Sheffi says. The new book looks at what companies have learned since that time and at new threats that have arisen.
Sheffi, a professor at the Massachusetts Institute of Technology (MIT) and director of the MIT Center for Transportation and Logistics, discussed the new book and supply chain resilience with DCV Editorial Director Peter Bradley. This is an edited and condensed version of the interview.
Q: What led you to decide it was time for a second book on the topic of resilience?
A: The first book was motivated by 9/11, looking at what companies were doing to prepare for disruption. When I started work on that book, I figured I'd begin by seeing what had already been written about this topic and I found nothing on logistics, supply chain, and transportation—in academic writing, at least. Since I didn't have any literature to draw from, I did research. I talked to well over a hundred companies. That research, which took four years and involved 30 people, led to the first book.
Then, when I was out talking to companies a few years back, more and more people were telling me, "Look, it's time for a new book because the threats are becoming more serious and more frequent, but we're also becoming a lot better at a number of new activities and processes, and (business continuity planning) has been taken to a higher level in corporations." So I put together a team and starting working on the new book.
Q: You write in the preface that we shouldn't look at this book as a sequel or a new edition of the original, that it really is something different. Tell me how.
A: It looks at a whole new set of threats that I didn't cover very much in the first book. For example, think about cybersecurity problems. Ten years ago, we were just starting to hear about cybersecurity problems. Today, "cyber" is a weapon. Many physical systems are being run by digital means and can be attacked.
It also became very important to talk about social and environmental responsibility: (the factory fires) in Bangladesh; the conflict mineral issues, which forced Intel and Apple to go to this very deep level—10 to 12 tiers deep—in the supply chain to find out where these minerals were coming from. This became a real corporate reputational risk. And, of course, there have been things like the Japanese earthquake and tsunami that changed a lot of companies' views on risk and their own vulnerability to disruption.
In the new book, I also emphasize a point that I did not make and should have made last time that people always look at the top right corner [in a quadrant chart of possible disruptions and estimations of their likelihood and impact] where the probability (of an event) is high and the consequences are high, but that is the wrong place to look. Companies prepare for these events, and as a result, although the impacts could be severe, they are not that high because companies are ready for them. I point out the really worrisome quadrant is the high-consequence/very-low-probability corner because this is the "black swan." This is the 2008 financial meltdown. This is 9/11. This is Chernobyl. These are the things that nobody expected and nobody knew how to deal with. And the question is, how do you prepare for things that you cannot even imagine, things that you don't even know that you don't know. A lot of the issues in the book have to do with general preparation or general resilience for what you can't even imagine because it never happened to you, to your competitors, or to other people in the industry.
Another change that is introduced to this framework is what I call "detectability"—the time from when you know something is going to happen to the first impact. Think of the classic example, a hurricane. You know three days before we see the storm.
But you (also) have to prepare for something that you only find out about after the fact. Think about some sabotage, some people stealing trade secrets, some cyberbug in your system.
There are a lot of new software applications that didn't exist 10 years ago that are designed to alert you as soon as something happens and tell you what the implications are, what the value risk is, which customers and products will be affected, and what problems you're going to have. I cover some of these new software applications in the book.
Q: You talked a few minutes ago about how while the risks are higher today, we have also learned a lot. What have we learned over the last 10 years that we've been able to put to work to help mitigate risks?
A: In terms of things that you can point to, such as an earthquake in an area that's prone to quakes or floods, you have to prepare for things that have happened before and can happen again. What is the communication plan? How should you notify whoever it is: the customers, Wall Street, suppliers, whatever? Who should be notified? Who should be involved in making up the plan? How do you respond?
The other side is the completely unexpected situation where you don't know what to do beyond general resilience measures. For this, you first of all have to have an emergency response operation and you have to have all the communications lines. The number one thing is what I said: You have to know who to call. Who should be the people to man these emergency operations? In a manufacturing company, it should be basically two functions, supply chain management and engineering.
Supply chain management should focus on inventory—looking at how to acquire more supplies where needed and seeking alternative suppliers. Engineering should look for damage solutions. Can we replace a component with another part? How do we qualify another part and so forth?
In general, the response should be two-pronged and involve two separate teams. One team should deal with the people. What is the impact on people? How do we find everybody? How do we deal with our suppliers? The other team should deal with business continuity issues. Because otherwise, depending on the nature of the team, they pay too much attention to one or the other.
Q: Let me go back to risk assessment for a moment. You talked about Intel and how deeply it had to dig to find out where its minerals come from. How does a company find out the risk deep in its supply chain, in its tier three, four, or five?
A: Oh, there was talk about a tier 12 or something. Anyway, Intel learned that four metals used in electronic products might be "conflict minerals," metals that have been mined under conditions of coercion and violence, and mobilized a team to ensure that its operations were "conflict free." The first question was, "Are we using conflict minerals?" But nobody knew. So the company started going backward in the supply chain, and it realized that it had to go back to about level five or six. Beyond this, you cannot tell where a material is coming from because the supplier gets it from multiple sources and just mixes it all together.
Intel decided to focus on the smelters and make sure the smelters' brokers only bought from approved mines. The thought was the company was not going to buy anything from mines in the Democratic Republic of Congo, but that would just throw hundreds of thousands of people out of work in a very poor country. So it couldn't do that.
So then it went to the smelters and tried to convince them to do it, but the problem is, as big as Intel is, it is not a very big customer of the smelter. And the smelter says, "I am not selling to you. I'm selling to some broker who then sells to another customer, who sells it to some other company." So Intel put together an industry consortium [the Electronic Industry Citizenship Coalition]. And it paid the smelters to qualify certain mines so it knew where minerals were coming from. It took Intel years, by the way.
Q: One of the arguments you make in the book is that by looking at your risk, by preparing for risk, you actually strengthen the entire enterprise. Expand on that a bit.
A: For an example, there is Intel. It had to map its entire supply chain. Knowing who the people upstream are, you not only get risk protection—the sense that if something happened to one of them, you know what the implications are—but you also learn more about what's going on in the supply chain. You start understanding your own supply chain a lot better, which always brings good things.
Supply chain planning (SCP) leaders working on transformation efforts are focused on two major high-impact technology trends, including composite AI and supply chain data governance, according to a study from Gartner, Inc.
"SCP leaders are in the process of developing transformation roadmaps that will prioritize delivering on advanced decision intelligence and automated decision making," Eva Dawkins, Director Analyst in Gartner’s Supply Chain practice, said in a release. "Composite AI, which is the combined application of different AI techniques to improve learning efficiency, will drive the optimization and automation of many planning activities at scale, while supply chain data governance is the foundational key for digital transformation.”
Their pursuit of those roadmaps is often complicated by frequent disruptions and the rapid pace of technological innovation. But Gartner says those leaders can accelerate the realized value of technology investments by facilitating a shift from IT-led to business-led digital leadership, with SCP leaders taking ownership of multidisciplinary teams to advance business operations, channels and products.
“A sound data governance strategy supports advanced technologies, such as composite AI, while also facilitating collaboration throughout the supply chain technology ecosystem,” said Dawkins. “Without attention to data governance, SCP leaders will likely struggle to achieve their expected ROI on key technology investments.”
The British logistics robot vendor Dexory this week said it has raised $80 million in venture funding to support an expansion of its artificial intelligence (AI) powered features, grow its global team, and accelerate the deployment of its autonomous robots.
A “significant focus” continues to be on expanding across the U.S. market, where Dexory is live with customers in seven states and last month opened a U.S. headquarters in Nashville. The Series B will also enhance development and production facilities at its UK headquarters, the firm said.
The “series B” funding round was led by DTCP, with participation from Latitude Ventures, Wave-X and Bootstrap Europe, along with existing investors Atomico, Lakestar, Capnamic, and several angels from the logistics industry. With the close of the round, Dexory has now raised $120 million over the past three years.
Dexory says its product, DexoryView, provides real-time visibility across warehouses of any size through its autonomous mobile robots and AI. The rolling bots use sensor and image data and continuous data collection to perform rapid warehouse scans and create digital twins of warehouse spaces, allowing for optimized performance and future scenario simulations.
Originally announced in September, the move will allow Deutsche Bahn to “fully focus on restructuring the rail infrastructure in Germany and providing climate-friendly passenger and freight transport operations in Germany and Europe,” Werner Gatzer, Chairman of the DB Supervisory Board, said in a release.
For its purchase price, DSV gains an organization with around 72,700 employees at over 1,850 locations. The new owner says it plans to investment around one billion euros in coming years to promote additional growth in German operations. Together, DSV and Schenker will have a combined workforce of approximately 147,000 employees in more than 90 countries, earning pro forma revenue of approximately $43.3 billion (based on 2023 numbers), DSV said.
After removing that unit, Deutsche Bahn retains its core business called the “Systemverbund Bahn,” which includes passenger transport activities in Germany, rail freight activities, operational service units, and railroad infrastructure companies. The DB Group, headquartered in Berlin, employs around 340,000 people.
“We have set clear goals to structurally modernize Deutsche Bahn in the areas of infrastructure, operations and profitability and focus on the core business. The proceeds from the sale will significantly reduce DB’s debt and thus make an important contribution to the financial stability of the DB Group. At the same time, DB Schenker will gain a strong strategic owner in DSV,” Deutsche Bahn CEO Richard Lutz said in a release.
Transportation industry veteran Anne Reinke will become president & CEO of trade group the Intermodal Association of North America (IANA) at the end of the year, stepping into the position from her previous post leading third party logistics (3PL) trade group the Transportation Intermediaries Association (TIA), both organizations said today.
Meanwhile, TIA today announced that insider Christopher Burroughs would fill Reinke’s shoes as president & CEO. Burroughs has been with TIA for 13 years, most recently as its vice president of Government Affairs for the past six years, during which time he oversaw all legislative and regulatory efforts before Congress and the federal agencies.
Before her four years leading TIA, Reinke spent two years as Deputy Assistant Secretary with the U.S. Department of Transportation and 16 years with CSX Corporation.
Serious inland flooding and widespread power outages are likely to sweep across Florida and other Southeast states in coming days with the arrival of Hurricane Helene, which is now predicted to make landfall Thursday evening along Florida’s northwest coast as a major hurricane, according to the National Oceanic and Atmospheric Administration (NOAA).
While the most catastrophic landfall impact is expected in the sparsely-population Big Bend area of Florida, it’s not only sea-front cities that are at risk. Since Helene is an “unusually large storm,” its flooding, rainfall, and high winds won’t be limited only to the Gulf Coast, but are expected to travel hundreds of miles inland, the weather service said. Heavy rainfall is expected to begin in the region even before the storm comes ashore, and the wet conditions will continue to move northward into the southern Appalachians region through Friday, dumping storm total rainfall amounts of up to 18 inches. Specifically, the major flood risk includes the urban areas around Tallahassee, metro Atlanta, and western North Carolina.
In addition to its human toll, the storm could exert serious business impacts, according to the supply chain mapping and monitoring firm Resilinc. Those will be largely triggered by significant flooding, which could halt oil operations, force mandatory evacuations, restrict ports, and disrupt air traffic.
While the storm’s track is currently forecast to miss the critical ports of Miami and New Orleans, it could still hurt operations throughout the Southeast agricultural belt, which produces products like soybeans, cotton, peanuts, corn, and tobacco, according to Everstream Analytics.
That widespread footprint could also hinder supply chain and logistics flows along stretches of interstate highways I-10 and I-75 and on regional rail lines operated by Norfolk Southern and CSX. And Hurricane Helene could also likely impact business operations by unleashing power outages, deep flooding, and wind damage in northern Florida portions of Georgia, Everstream Analytics said.
Before the storm had even touched Florida soil, recovery efforts were already being launched by humanitarian aid group the American Logistics Aid Network (ALAN). In a statement on Wednesday, the group said it is urging residents in the storm's path across the Southeast to heed evacuation notices and safety advisories, and reminding members of the logistics community that their post-storm help could be needed soon. The group will continue to update its Disaster Micro-Site with Hurricane Helene resources and with requests for donated logistics assistance, most of which will start arriving within 24 to 72 hours after the storm’s initial landfall, ALAN said.