As former director of operations at the U.S. Cyber Command, Brett Williams knows what it takes to protect our vulnerable supply chains. We asked him what companies can do to safeguard their data.
David Maloney has been a journalist for more than 35 years and is currently the group editorial director for DC Velocity and Supply Chain Quarterly magazines. In this role, he is responsible for the editorial content of both brands of Agile Business Media. Dave joined DC Velocity in April of 2004. Prior to that, he was a senior editor for Modern Materials Handling magazine. Dave also has extensive experience as a broadcast journalist. Before writing for supply chain publications, he was a journalist, television producer and director in Pittsburgh. Dave combines a background of reporting on logistics with his video production experience to bring new opportunities to DC Velocity readers, including web videos highlighting top distribution and logistics facilities, webcasts and other cross-media projects. He continues to live and work in the Pittsburgh area.
When Brett Williams was flying F-15 fighter jets for the U.S. Air Force, he never dreamed he would become one of the nation’s leading cybersecurity experts. But when you answer the nation’s call, you accept whatever mission you’re given. For him, it was becoming director of operations at the U.S. Cyber Command, a unified combatant command launched in 2010 to strengthen the Department of Defense’s (DOD) cyber capabilities and expertise. Maj. Gen. Williams ended up leading a team of 400 people responsible for the global operations and protection of all DOD computer networks as well as the planning and execution of authorized offensive operations.
During his time as an Air Force general officer, Williams served in significant senior executive leadership positions, including director of operations for the U.S. Air Force. He was also 18th Wing Commander in Okinawa, Japan, where he led the largest combat wing in the Air Force and oversaw a community of over 25,000 U.S. service members, their families, and Japanese employees. His 33-year Air Force career also included more than 100 combat missions as a F-15C fighter pilot.
Upon his retirement from the military in 2014, Williams moved into the business world, where he co-founded IronNet Cybersecurity. He is a recognized cybersecurity expert and sought-after speaker as well as a guest professor at his alma mater, Duke University, where he earned his B.S. in computer science. He also holds three graduate degrees in management and national security studies.
Williams was recently a guest on DC Velocity’s “Logistics Matters” podcast, where he spoke with Group Editorial Director David Maloney.
Q: How did you make the journey from military commander to cybersecurity expert?
A: I was in the Air Force for 33 years, 28 years as an F-15 pilot. Then I passed a highly selective screening process to move over to the IT and cyber world. I finished up at the U.S. Cyber Command and had broad responsibility for making sure Department of Defense networks were defended as well as planning offensive operations.
When I moved into this space about 12 years ago, I didn’t have any background in this field other than a 1981 computer science degree from Duke. But I put in the effort to develop a bit of technical expertise.
That’s something that I think is extremely important for business leaders to do. They can’t afford to delegate the risk decisions in the world of cybersecurity solely to the technical experts, whether they’re in-house experts or outside contractors. Leaders need to gain some relevant knowledge in this field so they can decide what is appropriate for their companies and what steps need to be taken. They need to be able to have an intelligent conversation with the providers of their cybersecurity services in the same way they do with everybody else on their leadership teams.
I encourage them all to spend a little time to get familiar with these issues so they can ask the right questions and make sure the answers they’re getting make sense to protect their businesses.
Q: We continue to hear about breaches of security systems, such as hacking and ransomware attacks. What are the biggest threats to our information systems right now, and where are they coming from?
A: There are two broad groups of threats out there. There are what we refer to as the “nation state threats,” and for the United States that continues to be China, Russia, North Korea, and Iran. And then there are the criminal groups.
I think the most important thing for people to keep in mind is that the worry is no longer about a teenager in his basement in a hoodie who is hacking for fun. Both the nation state threats and the criminal groups are well resourced and trained. They have vast expertise and tools, and they are deploying them broadly. I would argue that there is no company of any size in any sector that doesn’t have to consider the possibility that it could fall victim to a very advanced type of cyberattack.
Q: Along those lines, I think many companies feel that they’re too small to be threatened, that no one would bother to come after them. But the threat is real for everybody, correct?
A: That is 100 percent right and especially in the logistics and supply chain business. Every company that is part of that supply chain is a potential target.
Maybe you just supply some software that helps people manage inventory or maybe you’re a very large trucking or rail company that coordinates deliveries all over the country or the world—no matter how big or small your company is, you have a critical role in the supply chain that supports both our national economy and our national security. The people who are threats know that smaller companies are the least well defended, even though they are frequently a critical cog in this supply chain.
So, the first thing I would ask folks to consider is that you have a role in our national security. I would argue that your ability to make supply chains work and not bring risk is a national security issue, and I ask you to take it seriously.
Q: In what ways are our supply chains under threat?
A: The first thing to understand is that Covid brought the term “supply chain” into the vernacular and made people aware that disruptions to the supply chain are serious issues—including those who would seek to cause us harm, particularly those nation state threats I talked about. They know that if they can interrupt these national supply chains that impact our economy, our security, and our ability to “do” logistics, they can cause significant internal friction and really set us back on our heels.
Looking at the supply chain from a more tactical perspective, what you have to think about is that none of these companies operates alone. You have a supply chain that you rely on to make your business run, and, more than likely, you are part of a supply chain that makes another business run. So, as you look at your supply chain, you have to take it very seriously, particularly when you are sharing data or giving someone—such as a 3PL partner—access to your systems. What kind of security are those partners maintaining? How do you know if they are protecting your interests?
At the same time, you have a responsibility to do the same when you are providing services to another company. How are you protecting that data and ensuring you don’t become the security risk for that other company? You don’t want to bring risk to their operation, and there can be significant liability concerns if you somehow expose data or interrupt the operations of that company.
Q: If threats to our supply chains are a matter of national security, what are the potential costs to our country if our supply chains are severely disrupted?
A: Our adversaries are not going to attack us in physical space—say, in the South China Sea or someplace. They are first going to come to the homeland, if you will, and try to disrupt supply chains that maybe affect health care, or finance, or the delivery of critical goods and services. Or maybe they just get in and mess up things like our air traffic control system or the systems that control trucking around the country.
All of those have the effect of getting us to focus internally. They become political issues very quickly in our country, and the more we focus internally, the less we focus on those [actual] threats. That cultural issue to me is huge.
Then there are the real issues of not getting things to the places they need to be. That affects our economic system, which affects our national security. It is hard to think of anything that’s much more important than the supply chains that your [readers] support.
Q: Can you share some examples of how critical systems have been breached and the results of those breaches?
A: There was the attack called NotPetya that targeted Maersk, the giant global shipping agency. The total damages literally ran into the billions of dollars, and certainly Maersk wasn’t the only [company] that bore that cost, right? There were a lot of people relying on them. That was a system that was breached initially through ransomware and extortion, and then was completely locked up, preventing them from doing business the way they normally do it. We saw how quickly that cascaded through the global supply chain.
Another example was the ransomware attack on Colonial Pipeline. That one essentially targeted the company’s distribution and billing system. Colonial Pipeline could continue to move oil safely through the pipeline, but it couldn’t track how much went where.
About 25% of attacks in this sector of the economy are these types of ransomware attacks. So, make sure you practice good basic hygiene in your systems to protect them against ransomware. You can make yourself a slightly less attractive target than the next guy through basic security practices.
Q: What specifically should supply chain managers do to secure their systems and their supply chains against cyberattacks?
A: There are three quick things they should do. First, they need to identify their critical data. What data if it were exposed, manipulated, or destroyed and which system if it went down would have the biggest impact on their business? They have to prioritize their efforts to protect that data and those systems.
The second is to bolster password security by requiring two-factor authentication. The things people get very bored hearing about are nonetheless extremely important for basic security.
Then, number three, be very strict about identifying who will have access to your systems and have multiple ways to authenticate who they are and ensure that only authorized people are in those systems.
Then make certain that you have good backups for all your critical data and systems. These backups have to be done correctly. They can’t be connected to your normal system every day, because when the bad guys get into the system, they immediately look for a backup and then corrupt that as well. So, you really have to do backups and be careful about how they are managed.
Then, whether you outsource this work or handle it internally, if you are the business leader in the company, don’t delegate the risk decisions. In other words, you don’t have to be the technical expert, but you do have to know enough about it to make sure that you’re mitigating the risk that is relevant to your company. Understand the investment you are making and what the payoff is. Understand the basic terms and concepts. I encourage you to get smart, ask questions, and make sure you fully understand how your systems are protected from cyberattacks.
Supply chain planning (SCP) leaders working on transformation efforts are focused on two major high-impact technology trends, including composite AI and supply chain data governance, according to a study from Gartner, Inc.
"SCP leaders are in the process of developing transformation roadmaps that will prioritize delivering on advanced decision intelligence and automated decision making," Eva Dawkins, Director Analyst in Gartner’s Supply Chain practice, said in a release. "Composite AI, which is the combined application of different AI techniques to improve learning efficiency, will drive the optimization and automation of many planning activities at scale, while supply chain data governance is the foundational key for digital transformation.”
Their pursuit of those roadmaps is often complicated by frequent disruptions and the rapid pace of technological innovation. But Gartner says those leaders can accelerate the realized value of technology investments by facilitating a shift from IT-led to business-led digital leadership, with SCP leaders taking ownership of multidisciplinary teams to advance business operations, channels and products.
“A sound data governance strategy supports advanced technologies, such as composite AI, while also facilitating collaboration throughout the supply chain technology ecosystem,” said Dawkins. “Without attention to data governance, SCP leaders will likely struggle to achieve their expected ROI on key technology investments.”
The British logistics robot vendor Dexory this week said it has raised $80 million in venture funding to support an expansion of its artificial intelligence (AI) powered features, grow its global team, and accelerate the deployment of its autonomous robots.
A “significant focus” continues to be on expanding across the U.S. market, where Dexory is live with customers in seven states and last month opened a U.S. headquarters in Nashville. The Series B will also enhance development and production facilities at its UK headquarters, the firm said.
The “series B” funding round was led by DTCP, with participation from Latitude Ventures, Wave-X and Bootstrap Europe, along with existing investors Atomico, Lakestar, Capnamic, and several angels from the logistics industry. With the close of the round, Dexory has now raised $120 million over the past three years.
Dexory says its product, DexoryView, provides real-time visibility across warehouses of any size through its autonomous mobile robots and AI. The rolling bots use sensor and image data and continuous data collection to perform rapid warehouse scans and create digital twins of warehouse spaces, allowing for optimized performance and future scenario simulations.
Originally announced in September, the move will allow Deutsche Bahn to “fully focus on restructuring the rail infrastructure in Germany and providing climate-friendly passenger and freight transport operations in Germany and Europe,” Werner Gatzer, Chairman of the DB Supervisory Board, said in a release.
For its purchase price, DSV gains an organization with around 72,700 employees at over 1,850 locations. The new owner says it plans to investment around one billion euros in coming years to promote additional growth in German operations. Together, DSV and Schenker will have a combined workforce of approximately 147,000 employees in more than 90 countries, earning pro forma revenue of approximately $43.3 billion (based on 2023 numbers), DSV said.
After removing that unit, Deutsche Bahn retains its core business called the “Systemverbund Bahn,” which includes passenger transport activities in Germany, rail freight activities, operational service units, and railroad infrastructure companies. The DB Group, headquartered in Berlin, employs around 340,000 people.
“We have set clear goals to structurally modernize Deutsche Bahn in the areas of infrastructure, operations and profitability and focus on the core business. The proceeds from the sale will significantly reduce DB’s debt and thus make an important contribution to the financial stability of the DB Group. At the same time, DB Schenker will gain a strong strategic owner in DSV,” Deutsche Bahn CEO Richard Lutz said in a release.
Transportation industry veteran Anne Reinke will become president & CEO of trade group the Intermodal Association of North America (IANA) at the end of the year, stepping into the position from her previous post leading third party logistics (3PL) trade group the Transportation Intermediaries Association (TIA), both organizations said today.
Meanwhile, TIA today announced that insider Christopher Burroughs would fill Reinke’s shoes as president & CEO. Burroughs has been with TIA for 13 years, most recently as its vice president of Government Affairs for the past six years, during which time he oversaw all legislative and regulatory efforts before Congress and the federal agencies.
Before her four years leading TIA, Reinke spent two years as Deputy Assistant Secretary with the U.S. Department of Transportation and 16 years with CSX Corporation.
Serious inland flooding and widespread power outages are likely to sweep across Florida and other Southeast states in coming days with the arrival of Hurricane Helene, which is now predicted to make landfall Thursday evening along Florida’s northwest coast as a major hurricane, according to the National Oceanic and Atmospheric Administration (NOAA).
While the most catastrophic landfall impact is expected in the sparsely-population Big Bend area of Florida, it’s not only sea-front cities that are at risk. Since Helene is an “unusually large storm,” its flooding, rainfall, and high winds won’t be limited only to the Gulf Coast, but are expected to travel hundreds of miles inland, the weather service said. Heavy rainfall is expected to begin in the region even before the storm comes ashore, and the wet conditions will continue to move northward into the southern Appalachians region through Friday, dumping storm total rainfall amounts of up to 18 inches. Specifically, the major flood risk includes the urban areas around Tallahassee, metro Atlanta, and western North Carolina.
In addition to its human toll, the storm could exert serious business impacts, according to the supply chain mapping and monitoring firm Resilinc. Those will be largely triggered by significant flooding, which could halt oil operations, force mandatory evacuations, restrict ports, and disrupt air traffic.
While the storm’s track is currently forecast to miss the critical ports of Miami and New Orleans, it could still hurt operations throughout the Southeast agricultural belt, which produces products like soybeans, cotton, peanuts, corn, and tobacco, according to Everstream Analytics.
That widespread footprint could also hinder supply chain and logistics flows along stretches of interstate highways I-10 and I-75 and on regional rail lines operated by Norfolk Southern and CSX. And Hurricane Helene could also likely impact business operations by unleashing power outages, deep flooding, and wind damage in northern Florida portions of Georgia, Everstream Analytics said.
Before the storm had even touched Florida soil, recovery efforts were already being launched by humanitarian aid group the American Logistics Aid Network (ALAN). In a statement on Wednesday, the group said it is urging residents in the storm's path across the Southeast to heed evacuation notices and safety advisories, and reminding members of the logistics community that their post-storm help could be needed soon. The group will continue to update its Disaster Micro-Site with Hurricane Helene resources and with requests for donated logistics assistance, most of which will start arriving within 24 to 72 hours after the storm’s initial landfall, ALAN said.