Author(s)

C.W. AXELROD

Abstract

From news reports about companies attempting to reduce the impact of compromised supply chains, due to natural disasters, accidents or targeted attacks, or trying to avoid specific products or ingredients banned on moral grounds, it is apparent that many organizations have only rudimentary knowledge of the provenance of software, hardware, and other supplied items. Reasons for this situation include the difficulty and effort required to:

•  build and maintain complete and accurate databases;

•  obtain information on subcontractors down to the required level of detail;

•  review, monitor and test products to ensure that they are genuine;

•  encourage eradication of deficiencies, weaknesses, and vulnerabilities;

•  ensure that changes are identified, reported, analyzed, and addressed;

•  identify commonalities and common points of failure;

•  introduce resiliency, redundancy, and backup within the supply chain;

•  develop methods to simulate infrastructures, transactions, etc.; and

•  bring together competitors to collaborate in exercising various scenarios.

Thus, the question arises as to how to resolve these issues in an accurate, efficient, and cost-effective manner. Answering this question is our goal.

Supply-chain models are generally substantially more intricate than the model developed for the US equities marketplace. However, the same approach works for developing and operating any complex industry-wide and sector-wide systems with many participants who want to keep proprietary information confidential but need to share information to facilitate a rich exercise experience for learning, training, and testing a variety of realistic scenarios. This paper describes a process for implementing such simulation-based exercises.

Keywords

closed-loop tabletop exercises, commonalities, complexity, complicatedness, counterfeiting, resiliency, supply chain, tampering, transaction-level simulation models, vendor management