Today\u2019s global supply chains carry risks that run the gamut from pirates off the coast of East Africa to bad guys tampering with goods in transit. And international supply chains also put companies at risk of violating legislation and policies mandating corporate social responsibility. How can your company make responsible decisions for your supply chain under these conditions?\nImproving the security of the global supply chain system is a key part of the strategy. With billions of dollars of goods at stake, many companies are working at solving the problem. Blockchain firms like Skuchain have developed ways to secure supply chain information to improve tracking. Other firms like CNL Software and Esri focus on improving the security process at key facilities like ports and warehouses. And firms such as Fleetmatics, Shaw Tracking and Optical Lock are working on securing the \u201cmoving supply chain\u201d of trucks, railways, ships and planes. Whether your supply chain includes service providers, software services or goods, there are important risks to be mitigated.\nRising security expectations\nOutsourcing was once a simple value proposition for organizations: Move work to a vendor to achieve cost savings. But the landscape has changed. \u201cThe National Institute of Standards and Technology (NIST) has proposed adding cyber supply chain risk management to the Cybersecurity Framework,\u201d says Edna Conway, CSO for global value chain at Cisco. \u201cA mandate by the Federal Energy Regulatory Commission has resulted in electric system bulk operators to develop security controls for supply chain management for industrial control system hardware, software, and services,\u201d Conway adds. In addition, a draft executive order from the Trump administration may require heightened security requirements for suppliers serving the U.S. government.\n\nWhat do these new standards and policies mean for technology leaders? Solving this situation will require a close review of current vendor contracts regarding security, audit and subcontracting provisions. If your organization uses vendors on a \u201cwhite label\u201d basis, then the vendor\u2019s cybersecurity measures have to measure up to these new standards. Start the review process now before fines, regulations and public failures force the issue.\nReducing theft\nEach year, theft and fraud result in serious costs and delays for both companies and governments. Steady increases in global trade volumes mean that traditional border security methods such as random spot checks have limited effectiveness. At the same time, governments are under pressure to do more with less. In this environment, improving supply chain security technology plays a vital role.\nGovernments take a critical interest in supply chain security for financial and security reasons. If trade evades official channels, governments lose revenue and the ability to enforce their policies. \u201cIn Kenya, Savi provided a sensor and software solution to its customer SGS, which ultimately benefit the government,\u201d says Vicki Warker, CMO at sensor analytics providerSavi. \u201cSGS provides the OMNIS cargo tracking system to the Kenya Revenue Authority to secure transit shipments and detect and deter theft. In one year, SGS has helped the Kenya Revenue Authority reduce theft by 81 percent,\u201d adds Warker. The hardware involved also includes electronic locks that record attempts at unauthorized access. By reducing cargo theft, Kenya gives businesses with a supply chain footprint in the country added confidence.\u00a0\nThe way to\u00a0cyber security\nOptimizing cyber security requires constant trade-offs \u2014 a reality that can be exploited by attackers. If your security staff focuses on protecting email, financial data and customer data, the security of your vendors and supply chain may be given less attention. \u201cSupply chain attacks are particularly dangerous because success opens access to dozens of companies. A breach can be hard to detect since risk management strategies often don't encompass the security of supply chain partners. In Target's case, the adversary accessed point of sale technology through the HVAC system. In the software supply chain is Kingslayer, which targeted a sysadmin software system used by Windows administrators to review logs,\u201d says Paul Kurtz, co-founder, and CEO of security intelligence exchange platform TruSTAR. The Target example, in particular, shows us that securing PCs and mobile devices is no longer enough.\n\nMany banks added reviews of supplier cybersecurity vulnerabilities and processes to their procurement process after the Federal Reserve issued a report in 2013 called \u201cGuidance on Managing Outsourcing Risk,\u201d which includes cybersecurity. Other companies in other industries, especially privately owned companies, may not have developed the same level of sophistication in managing supply chain risk. But reducing your company's cybersecurity risk may depend on it.\nIf your cybersecurity budget and staff are at their limit, collaboration with industry peers could make a critical difference. \u201cCloud providers are responding to supply chain attacks by pooling incident data through exchanges such as the Cloud Security Alliance's Cyber Incident Response Center,\u201d explains Kurtz. There is naturally some sensitivity around sharing threat information and disclosing successful attacks. Fortunately, there is a solution: \u201cCompanies can share indicators of compromise without attribution,\u201d Kurtz says. This anonymized sharing is akin to medical databases that aggregate patient data for researchers and clinicians without including personal information.\nAs outsourcing and cloud services grow in popularity, IT leaders can expect supply chain cybersecurity to become increasingly important. Your choice is either to proactively invest in cybersecurity throughout your organization and value chain or wait until you suffer an incident.\n\nKey facts at a glance\nTo illustrate the growing complexity of the international supply chain, consider the following developments.\n\nGrowing trade between developing economies. An increasing share of the world\u2019s supply chain occurs between developing countries. According to the World Trade Organization, so-called South-South Trade is growing faster than trade between developed and developing countries. This trend suggests a need to improve supply chain security beyond traditional markets. Relying on distant headquarters staff to understand and manage emerging supply chain security risks may not be feasible.\nGrowing market for supply chain software. Industry experts estimate spending on supply chain software at $6.6 billion in 2015 (Source: Apps That Run The World). The industry is fragmented with a combination of products from major players like SAP and Oracle and numerous specialized smaller companies. These applications provide a foundation for improving security by encouraging a centralized repository of supply chain data.\nChina\u2019s dominance in shipping. According to the World Shipping Council, six of the top ten container ports are in China. Addressing the unique challenges and opportunities of Chinese ports and supply chain players remains a critical priority. Organizations that rely on Chinese suppliers and vendors will need to pay close attention to Chinese security requirements and threats.