As former director of operations at the U.S. Cyber Command, Brett Williams knows what it takes to protect our vulnerable supply chains. We asked him what companies can do to safeguard their data.
David Maloney has been a journalist for more than 35 years and is currently the group editorial director for DC Velocity and Supply Chain Quarterly magazines. In this role, he is responsible for the editorial content of both brands of Agile Business Media. Dave joined DC Velocity in April of 2004. Prior to that, he was a senior editor for Modern Materials Handling magazine. Dave also has extensive experience as a broadcast journalist. Before writing for supply chain publications, he was a journalist, television producer and director in Pittsburgh. Dave combines a background of reporting on logistics with his video production experience to bring new opportunities to DC Velocity readers, including web videos highlighting top distribution and logistics facilities, webcasts and other cross-media projects. He continues to live and work in the Pittsburgh area.
When Brett Williams was flying F-15 fighter jets for the U.S. Air Force, he never dreamed he would become one of the nation’s leading cybersecurity experts. But when you answer the nation’s call, you accept whatever mission you’re given. For him, it was becoming director of operations at the U.S. Cyber Command, a unified combatant command launched in 2010 to strengthen the Department of Defense’s (DOD) cyber capabilities and expertise. Maj. Gen. Williams ended up leading a team of 400 people responsible for the global operations and protection of all DOD computer networks as well as the planning and execution of authorized offensive operations.
During his time as an Air Force general officer, Williams served in significant senior executive leadership positions, including director of operations for the U.S. Air Force. He was also 18th Wing Commander in Okinawa, Japan, where he led the largest combat wing in the Air Force and oversaw a community of over 25,000 U.S. service members, their families, and Japanese employees. His 33-year Air Force career also included more than 100 combat missions as a F-15C fighter pilot.
Upon his retirement from the military in 2014, Williams moved into the business world, where he co-founded IronNet Cybersecurity. He is a recognized cybersecurity expert and sought-after speaker as well as a guest professor at his alma mater, Duke University, where he earned his B.S. in computer science. He also holds three graduate degrees in management and national security studies.
Williams was recently a guest on DC Velocity’s “Logistics Matters” podcast, where he spoke with Group Editorial Director David Maloney.
Q: How did you make the journey from military commander to cybersecurity expert?
A: I was in the Air Force for 33 years, 28 years as an F-15 pilot. Then I passed a highly selective screening process to move over to the IT and cyber world. I finished up at the U.S. Cyber Command and had broad responsibility for making sure Department of Defense networks were defended as well as planning offensive operations.
When I moved into this space about 12 years ago, I didn’t have any background in this field other than a 1981 computer science degree from Duke. But I put in the effort to develop a bit of technical expertise.
That’s something that I think is extremely important for business leaders to do. They can’t afford to delegate the risk decisions in the world of cybersecurity solely to the technical experts, whether they’re in-house experts or outside contractors. Leaders need to gain some relevant knowledge in this field so they can decide what is appropriate for their companies and what steps need to be taken. They need to be able to have an intelligent conversation with the providers of their cybersecurity services in the same way they do with everybody else on their leadership teams.
I encourage them all to spend a little time to get familiar with these issues so they can ask the right questions and make sure the answers they’re getting make sense to protect their businesses.
Q: We continue to hear about breaches of security systems, such as hacking and ransomware attacks. What are the biggest threats to our information systems right now, and where are they coming from?
A: There are two broad groups of threats out there. There are what we refer to as the “nation state threats,” and for the United States that continues to be China, Russia, North Korea, and Iran. And then there are the criminal groups.
I think the most important thing for people to keep in mind is that the worry is no longer about a teenager in his basement in a hoodie who is hacking for fun. Both the nation state threats and the criminal groups are well resourced and trained. They have vast expertise and tools, and they are deploying them broadly. I would argue that there is no company of any size in any sector that doesn’t have to consider the possibility that it could fall victim to a very advanced type of cyberattack.
Q: Along those lines, I think many companies feel that they’re too small to be threatened, that no one would bother to come after them. But the threat is real for everybody, correct?
A: That is 100 percent right and especially in the logistics and supply chain business. Every company that is part of that supply chain is a potential target.
Maybe you just supply some software that helps people manage inventory or maybe you’re a very large trucking or rail company that coordinates deliveries all over the country or the world—no matter how big or small your company is, you have a critical role in the supply chain that supports both our national economy and our national security. The people who are threats know that smaller companies are the least well defended, even though they are frequently a critical cog in this supply chain.
So, the first thing I would ask folks to consider is that you have a role in our national security. I would argue that your ability to make supply chains work and not bring risk is a national security issue, and I ask you to take it seriously.
Q: In what ways are our supply chains under threat?
A: The first thing to understand is that Covid brought the term “supply chain” into the vernacular and made people aware that disruptions to the supply chain are serious issues—including those who would seek to cause us harm, particularly those nation state threats I talked about. They know that if they can interrupt these national supply chains that impact our economy, our security, and our ability to “do” logistics, they can cause significant internal friction and really set us back on our heels.
Looking at the supply chain from a more tactical perspective, what you have to think about is that none of these companies operates alone. You have a supply chain that you rely on to make your business run, and, more than likely, you are part of a supply chain that makes another business run. So, as you look at your supply chain, you have to take it very seriously, particularly when you are sharing data or giving someone—such as a 3PL partner—access to your systems. What kind of security are those partners maintaining? How do you know if they are protecting your interests?
At the same time, you have a responsibility to do the same when you are providing services to another company. How are you protecting that data and ensuring you don’t become the security risk for that other company? You don’t want to bring risk to their operation, and there can be significant liability concerns if you somehow expose data or interrupt the operations of that company.
Q: If threats to our supply chains are a matter of national security, what are the potential costs to our country if our supply chains are severely disrupted?
A: Our adversaries are not going to attack us in physical space—say, in the South China Sea or someplace. They are first going to come to the homeland, if you will, and try to disrupt supply chains that maybe affect health care, or finance, or the delivery of critical goods and services. Or maybe they just get in and mess up things like our air traffic control system or the systems that control trucking around the country.
All of those have the effect of getting us to focus internally. They become political issues very quickly in our country, and the more we focus internally, the less we focus on those [actual] threats. That cultural issue to me is huge.
Then there are the real issues of not getting things to the places they need to be. That affects our economic system, which affects our national security. It is hard to think of anything that’s much more important than the supply chains that your [readers] support.
Q: Can you share some examples of how critical systems have been breached and the results of those breaches?
A: There was the attack called NotPetya that targeted Maersk, the giant global shipping agency. The total damages literally ran into the billions of dollars, and certainly Maersk wasn’t the only [company] that bore that cost, right? There were a lot of people relying on them. That was a system that was breached initially through ransomware and extortion, and then was completely locked up, preventing them from doing business the way they normally do it. We saw how quickly that cascaded through the global supply chain.
Another example was the ransomware attack on Colonial Pipeline. That one essentially targeted the company’s distribution and billing system. Colonial Pipeline could continue to move oil safely through the pipeline, but it couldn’t track how much went where.
About 25% of attacks in this sector of the economy are these types of ransomware attacks. So, make sure you practice good basic hygiene in your systems to protect them against ransomware. You can make yourself a slightly less attractive target than the next guy through basic security practices.
Q: What specifically should supply chain managers do to secure their systems and their supply chains against cyberattacks?
A: There are three quick things they should do. First, they need to identify their critical data. What data if it were exposed, manipulated, or destroyed and which system if it went down would have the biggest impact on their business? They have to prioritize their efforts to protect that data and those systems.
The second is to bolster password security by requiring two-factor authentication. The things people get very bored hearing about are nonetheless extremely important for basic security.
Then, number three, be very strict about identifying who will have access to your systems and have multiple ways to authenticate who they are and ensure that only authorized people are in those systems.
Then make certain that you have good backups for all your critical data and systems. These backups have to be done correctly. They can’t be connected to your normal system every day, because when the bad guys get into the system, they immediately look for a backup and then corrupt that as well. So, you really have to do backups and be careful about how they are managed.
Then, whether you outsource this work or handle it internally, if you are the business leader in the company, don’t delegate the risk decisions. In other words, you don’t have to be the technical expert, but you do have to know enough about it to make sure that you’re mitigating the risk that is relevant to your company. Understand the investment you are making and what the payoff is. Understand the basic terms and concepts. I encourage you to get smart, ask questions, and make sure you fully understand how your systems are protected from cyberattacks.
As holiday shoppers blitz through the final weeks of the winter peak shopping season, a survey from the postal and shipping solutions provider Stamps.com shows that 40% of U.S. consumers are unaware of holiday shipping deadlines, leaving them at risk of running into last-minute scrambles, higher shipping costs, and packages arriving late.
The survey also found a generational difference in holiday shipping deadline awareness, with 53% of Baby Boomers unaware of these cut-off dates, compared to just 32% of Millennials. Millennials are also more likely to prioritize guaranteed delivery, with 68% citing it as a key factor when choosing a shipping option this holiday season.
Of those surveyed, 66% have experienced holiday shipping delays, with Gen Z reporting the highest rate of delays at 73%, compared to 49% of Baby Boomers. That statistical spread highlights a conclusion that younger generations are less tolerant of delays and prioritize fast and efficient shipping, researchers said. The data came from a study of 1,000 U.S. consumers conducted in October 2024 to understand their shopping habits and preferences.
As they cope with that tight shipping window, a huge 83% of surveyed consumers are willing to pay extra for faster shipping to avoid the prospect of a late-arriving gift. This trend is especially strong among Gen Z, with 56% willing to pay up, compared to just 27% of Baby Boomers.
“As the holiday season approaches, it’s crucial for consumers to be prepared and aware of shipping deadlines to ensure their gifts arrive on time,” Nick Spitzman, General Manager of Stamps.com, said in a release. ”Our survey highlights the significant portion of consumers who are unaware of these deadlines, particularly older generations. It’s essential for retailers and shipping carriers to provide clear and timely information about shipping deadlines to help consumers avoid last-minute stress and disappointment.”
For best results, Stamps.com advises consumers to begin holiday shopping early and familiarize themselves with shipping deadlines across carriers. That is especially true with Thanksgiving falling later this year, meaning the holiday season is shorter and planning ahead is even more essential.
According to Stamps.com, key shipping deadlines include:
December 13, 2024: Last day for FedEx Ground Economy
December 18, 2024: Last day for USPS Ground Advantage and First-Class Mail
December 19, 2024: Last day for UPS 3 Day Select and USPS Priority Mail
December 20, 2024: Last day for UPS 2nd Day Air
December 21, 2024: Last day for USPS Priority Mail Express
Measured over the entire year of 2024, retailers estimate that 16.9% of their annual sales will be returned. But that total figure includes a spike of returns during the holidays; a separate NRF study found that for the 2024 winter holidays, retailers expect their return rate to be 17% higher, on average, than their annual return rate.
Despite the cost of handling that massive reverse logistics task, retailers grin and bear it because product returns are so tightly integrated with brand loyalty, offering companies an additional touchpoint to provide a positive interaction with their customers, NRF Vice President of Industry and Consumer Insights Katherine Cullen said in a release. According to NRF’s research, 76% of consumers consider free returns a key factor in deciding where to shop, and 67% say a negative return experience would discourage them from shopping with a retailer again. And 84% of consumers report being more likely to shop with a retailer that offers no box/no label returns and immediate refunds.
So in response to consumer demand, retailers continue to enhance the return experience for customers. More than two-thirds of retailers surveyed (68%) say they are prioritizing upgrading their returns capabilities within the next six months. In addition, improving the returns experience and reducing the return rate are viewed as two of the most important elements for businesses in achieving their 2025 goals.
However, retailers also must balance meeting consumer demand for seamless returns against rising costs. Fraudulent and abusive returns practices create both logistical and financial challenges for retailers. A majority (93%) of retailers said retail fraud and other exploitive behavior is a significant issue for their business. In terms of abuse, bracketing – purchasing multiple items with the intent to return some – has seen growth among younger consumers, with 51% of Gen Z consumers indicating they engage in this practice.
“Return policies are no longer just a post-purchase consideration – they’re shaping how younger generations shop from the start,” David Sobie, co-founder and CEO of Happy Returns, said in a release. “With behaviors like bracketing and rising return rates putting strain on traditional systems, retailers need to rethink reverse logistics. Solutions like no box/no label returns with item verification enable immediate refunds, meeting customer expectations for convenience while increasing accuracy, reducing fraud and helping to protect profitability in a competitive market.”
The research came from two complementary surveys conducted this fall, allowing NRF and Happy Returns to compare perspectives from both sides. They included one that gathered responses from 2,007 consumers who had returned at least one online purchase within the past year, and another from 249 e-commerce and finance professionals from large U.S. retailers.
The “series A” round was led by Andreessen Horowitz (a16z), with participation from Y Combinator and strategic industry investors, including RyderVentures. It follows an earlier, previously undisclosed, pre-seed round raised 1.5 years ago, that was backed by Array Ventures and other angel investors.
“Our mission is to redefine the economics of the freight industry by harnessing the power of agentic AI,ˮ Pablo Palafox, HappyRobotʼs co-founder and CEO, said in a release. “This funding will enable us to accelerate product development, expand and support our customer base, and ultimately transform how logistics businesses operate.ˮ
According to the firm, its conversational AI platform uses agentic AI—a term for systems that can autonomously make decisions and take actions to achieve specific goals—to simplify logistics operations. HappyRobot says its tech can automate tasks like inbound and outbound calls, carrier negotiations, and data capture, thus enabling brokers to enhance efficiency and capacity, improve margins, and free up human agents to focus on higher-value activities.
“Today, the logistics industry underpinning our global economy is stretched,” Anish Acharya, general partner at a16z, said. “As a key part of the ecosystem, even small to midsize freight brokers can make and receive hundreds, if not thousands, of calls per day – and hiring for this job is increasingly difficult. By providing customers with autonomous decision making, HappyRobotʼs agentic AI platform helps these brokers operate more reliably and efficiently.ˮ
RJW Logistics Group, a logistics solutions provider (LSP) for consumer packaged goods (CPG) brands, has received a “strategic investment” from Boston-based private equity firm Berkshire partners, and now plans to drive future innovations and expand its geographic reach, the Woodridge, Illinois-based company said Tuesday.
Terms of the deal were not disclosed, but the company said that CEO Kevin Williamson and other members of RJW management will continue to be “significant investors” in the company, while private equity firm Mason Wells, which invested in RJW in 2019, will maintain a minority investment position.
RJW is an asset-based transportation, logistics, and warehousing provider, operating more than 7.3 million square feet of consolidation warehouse space in the transportation hubs of Chicago and Dallas and employing 1,900 people. RJW says it partners with over 850 CPG brands and delivers to more than 180 retailers nationwide. According to the company, its retail logistics solutions save cost, improve visibility, and achieve industry-leading On-Time, In-Full (OTIF) performance. Those improvements drive increased in-stock rates and sales, benefiting both CPG brands and their retailer partners, the firm says.
"After several years of mitigating inflation, disruption, supply shocks, conflicts, and uncertainty, we are currently in a relative period of calm," John Paitek, vice president, GEP, said in a release. "But it is very much the calm before the coming storm. This report provides procurement and supply chain leaders with a prescriptive guide to weathering the gale force headwinds of protectionism, tariffs, trade wars, regulatory pressures, uncertainty, and the AI revolution that we will face in 2025."
A report from the company released today offers predictions and strategies for the upcoming year, organized into six major predictions in GEP’s “Outlook 2025: Procurement & Supply Chain” report.
Advanced AI agents will play a key role in demand forecasting, risk monitoring, and supply chain optimization, shifting procurement's mandate from tactical to strategic. Companies should invest in the technology now to to streamline processes and enhance decision-making.
Expanded value metrics will drive decisions, as success will be measured by resilience, sustainability, and compliance… not just cost efficiency. Companies should communicate value beyond cost savings to stakeholders, and develop new KPIs.
Increasing regulatory demands will necessitate heightened supply chain transparency and accountability. So companies should strengthen supplier audits, adopt ESG tracking tools, and integrate compliance into strategic procurement decisions.
Widening tariffs and trade restrictions will force companies to reassess total cost of ownership (TCO) metrics to include geopolitical and environmental risks, as nearshoring and friendshoring attempt to balance resilience with cost.
Rising energy costs and regulatory demands will accelerate the shift to sustainable operations, pushing companies to invest in renewable energy and redesign supply chains to align with ESG commitments.
New tariffs could drive prices higher, just as inflation has come under control and interest rates are returning to near-zero levels. That means companies must continue to secure cost savings as their primary responsibility.