subscribe: Posts | Comments | Email

More Powerful and Widespread Cyberattack Incidents- The Wake-Up for Internet of Things Deployment Initiatives


Late last week, a series of waves of online attacks on Domain Name Server (DNS) provider Dyn Inc. blocked access to hundreds of well visited Internet web sites including Amazon, Twitter, Netflix, PayPal, The New York Times and various other sites throughout the day. The cause has since been attributed to a distributed denial of service (DDoS) attack against Dyn, which as a DNS facilitates the loading of webpages. The DDoS attack, which came in three waves, overwhelmed the servers of the New Hampshire-based DNS provider.

From our Supply Chain Matters lens these increasingly occurring and more impactful malware related incidents, which are now utilizing physical embedded devices at the edge of networks, provide a very concerning signpost for Internet of Things (IoT) related deployments and business initiatives.  Namely that data security among physical devices installed within distributed industrial networks should remain a top-of-mind concern and potential threat.

According to a published report by USA Today, the hackers used the malware program Mirai, which can send thousands and even hundreds of thousands of servers’ requests simultaneously, creating a flood of fake traffic and overwhelming a targeted web site. Further disclosed was the hacker created malware program was carried out, in part, by calling into service unsuspecting devices connected to the internet. The report cited tech firm Dynatrace which monitors more than 150 websites, indicating that it found that 77 of those sites were impacted by the attack.

Security firm Flashpoint indicated to media outlets that it believes that digital video recorders and webcams in people’s homes were taken over by malware and then, without owners’ knowledge, used to help execute the massive cyberattack. Once more, hundreds of thousands of devices appear to have been infected with the malware.

Further noted by Flashpoint was that the methods used in Friday’s attack were very like the one carried out against the website of cyber researcher Brian Krebs last month, as well as French internet service provider OVH. It is unknown if the attacks are related.

In this year’s Predictions for Industry and Global Supply Chains, we included the prediction that IoT initiatives would continue to meet the realities of line-of-business strategy and deployment concerns.  Further noted that it is rather important to not get caught-up in the plethora of predictions for billions of devices connected to the Internet. Rather it is important to differentiate B2C consumer focused and consumer market use cases from those of broader B2B needs, often referred to as the Industrial Internet. The consumer device sector may well be quagmire in conflicting standards, protocols and security vulnerabilities, and this latest attack incident provides ample evidence.

Thus, our counsel to readers, both line-of-business and IT focused, is to not dismiss the latest incident in the context of consumer related devices installed with little regard for layered data and password protections, and that our situation is far different. In the various IoT focused briefings and presentations from consultants and systems integrators that this industry analyst and technology influencer has taken in, we have indeed heard iterations of IoT focused information protocols utilized that are very dated, and of information or password security layers that thin because of concerns related to the seamless interchange of required data exchange from physical devices to certain applications. There are indeed more updated standards, but the challenge is the lack of multi-vendor adherence, differences or acceptance among various existing standards. The obvious takeaway from the ongoing, more powerful malware attacks that continue to occur is that layered information security cannot be compromised, and that applies even more to the Industrial Internet and edge networks.

When we penned this year’s IoT focused prediction last December, we included the following statement:

“We join others in predicting that information hacking will provide additional headline visibility in 2016, increasing the pressure on technology providers and device producers to focus more on information security remediation techniques.”

We do not take pleasure that indeed our prediction has manifested itself, and we again urge IoT evaluation and deployment teams to pay special attention to layered information security safeguards.

Bob Ferrari

© Copyright 2016. The Ferrari Consulting and Research Group and the Supply Chain Matters® blog. All rights reserved.

Wal-Mart, IBM and Tsinghua University Announce Joint Collaboration on Food Safety Tracking Technology


This week, global retailer Wal-Mart along with IBM and Tsinghua University announced a joint effort to improve the tracking and movement of food products across China in an effort to improve overall food safety.  The government of China has identified food authentication and supply chain tracking as a critical concern to quickly find and eliminate sources of food contamination within the country.

This announcement bears watching among consumer goods focused supply chains since this new effort will be leveraging what is termed as blockchain technology. This form of technology is increasingly being identified by supply chain focused technology providers for applicability in providing higher levels of intelligence regarding the movement of materials across a supply chain or B2B network. In essence, it fosters the sharing of data and information across a network of computers and as noted in the announcement, is gaining broader recognition due to its applicability in recording and keeping track of assets and materials. This form of technology currently powers digital bitcoin currency use.

According to IBM, when applied to the food supply chain, product information such as farm origin details, batch numbers, processing data, expiration dates, storage temperatures and shipping details can be digitally connected to food items, and the information is entered on the blockchain at every step of the process.

The technology can further aide retailers such as Wal-Mart in managing the shelf-life of products within individual stores and in having access to the traceability aspects of the product’s supply chain. In the specific applicability to Wal-Mart, the announcement indicates that the retailer plans to utilize IBM Blockchain based on Linux Foundation’s Hyperledger Project, which is an open source software project approach that builds on blockchain tools.

Obviously, the closest applicability for the leveraged use of blockchain technology is in current B2B EDI messaging networks that record various movement and transactions among various supply chain trading partners. While attending the recent IBM Empower 2016 conference, executives made mention of upcoming announcements related to IBM’s Sterling Commerce B2B technology and future applicability for this technology.

OpenText, another major B2B technology network provider has also indicated a development direction that augments existing EDI and transactional messaging with broader analytics capabilities.

The takeaway for readers is to begin to consider the possibilities for utilizing EDI messaging and other transactional, content, and unstructured data passing along B2B trading networks as sources of broader supply chain intelligence and analytics related to needs in regulatory compliance, traceability and reduction of waste.

We believe there will be more initiative announcements forthcoming such as the one from retailer Wal-Mart, initiatives that will leverage B2B trading network information towards efforts to integrate value-chain physical flows with needs for broader intelligence and analytics related to more-informed and timely decision-making.

Stay tuned.

Bob Ferrari

© Copyright 2016. The Ferrari Consulting and Research Group and the Supply Chain Matters® blog. All rights reserved.


A Non-Traditional Supply Chain and Capacity Planning Automation Effort Underway at Ford Motor

1 comment

This author had the opportunity to attend the Kinaxis Kinexions customer conference last week. Among the customer presentations there was a rather insightful talk from a supply chain executive at Ford Motor Company. This presentation delivered by David Thomas, Director of Global Capacity Planning at Ford was titled, Creating Global Standards Across Regional Sites, provided important insights on building and adopting global-wide data and business process standards without the use of traditional waterfall based program and change management methodologies. This technology effort underway at Ford is so different and novel, and conference attendees were citing this presentation as noteworthy and insightful.  Thus are we sharing the highlights with our broader multi-industry cross-functional supply chain readership community.

Since the global financial crisis of 2008-2009, the Ford Motor Company has been focused on “One Ford”, a series of foundational initiatives directed at overhauling unaligned management and business processes. This umbrella initiative was designed to address Ford’s internal tendencies toward regionally-based independence in P&L, product development and product value-chain strategies. Rather than operating as a single global based company, the emphasis was more toward disparate, top-heavy independent operating divisions. As was the case with many other manufacturing companies, the “near-death” experiences of the financial crisis provided the wake-up call to the requirement that Ford had to change.

Indeed, Ford was able to quickly bounce back from the financial crisis but Thomas described hitting another wall by 2011. Unforeseen global capacity restrictions were hindering growth.  The major supply disruptions brought on by the devastating tsunami that impacted Northern Japan, and the major floods that effected Thailand’s automotive sector were another reminder that the company’s overall sales and operations planning was not globally aligned for capacity and resource based decision-making. That prompted the need for a global capacity planning initiative that would be able to coordinate global response to capacity and supply alignment needs based on singular planning data.

This global capacity planning team soon concluded that there were no existing global standards related to product and capacity data across Ford. Spreadsheets were the dominant planning mechanism, with differing dimensions of data and information that hindered any global perspectives to dimension problems or to assess resolution actions. Thomas described the prior dominant atmosphere as being described internally as “dumpster diving for data.” The team quickly came to the conclusion that a global-wide set of data standards supported by a single global planning system had to be initiated as quickly as possible. However, the initial goal was to provide consequential evidence that global-wide data standards would result in far more effective capacity and resource planning.

Rather than traditional system program management, the steering team elected to focus on a faster innovation cadence, that of two-month development processes. A total of 14 cycles of fast innovation focused at building management credibility on the business value of a globally aligned data supporting a common S&OP framework. Thomas described the selection of a pilot development window as a purposeful effort to uncover needs and provide more positive evidence to the business value for global data and information standards to improve decision-making. These efforts included painful methods directed at mapping data tables and building simplified Excel based extraction tools. Eventually, a cobbled together single view of global and capacity that included all regions, markets and major components was developed, enough to convince senior management of the value of a singular, authored, S&OP framework. Thomas described this pilot phase as advocating that a lot of little adjustments with improved visibility can save hundreds of millions of dollars.

This initial pilot effort provided the impetus to secure formal approval to move forward in the development of a global-based S&OP systems support initiative that remains underway across Ford. It is being designed to move away from a current monthly planning process to more agile, better-informed and more predictive planning.

For the subsequent phase of off-the-shelf application selection and implementation, the steering team again avoided a big-bang, multi-year waterfall planning effort that would involve as-is and to-be state analysis, and instead elected to go with a tops-down approach. Thomas indicated that the steering team avoided waterfall global workshops to depict future state needs because: “nobody would ever agree.” Thomas’s described a viewpoint that people are often conditioned by the tools they currently utilize to perform their jobs. Instead the effort was directed at the expectation that Ford will have a global S&OP system framework that would launch on-time without major business disruption.

The agile development approach carried over, and development teams now work to what was described as continuous two-week development milestones. Rather than assemble and allocate on a full-time basis a dedicated global team of Ford employees to manage overall implementation, a decision was made to utilize dedicated externally based experts, those that were not anchored in Ford’s past practices. The people who will ultimately utilized the global system work alongside the external team during the review phases. The current effort is described as including 9 dedicated resources from Kinaxis along with resources from Deloitte, Prana Consulting and Ford’s internal IT staff. Efforts are now underway to build full data transparency across all product demand and supply, along with provisions for regionally-based S&OP efforts that are collectively based on a more timely, global based planning data.

Thomas indicated that Ford is about 6-9 months away from global launch of its singular S&OP process framework. It was described as a big-change for thousands of people who do not really want their existing jobs to change but do want their jobs to be easier in the needs for gathering common, more insightful and meaningful supply-chain wide data that can provide for more informed decision-making relative to line-of-business and functional supply chain goals. Then again, a continuous development cycle is already providing the evidence of the benefits of a singular planning data model along with the value of managed scope efforts that stream continuous economic benefits for the business. Gone are the days of big-bang implementations that risk business disruption and significant added costs of change management and implementation.

Supply Chain Matters extends praise to Ford’s ongoing transformational planning efforts and we look forward to learning more about the post implementation results.

Bob Ferrari

© Copyright 2016. The Ferrari Consulting and Research Group and the Supply Chain Matters® blog. All rights reserved.

Yet Another Airline System-wide Outage- Implications for Supply Chain Backbone Systems Technology Change


Last week, thousands of airline passengers were delayed worldwide after a computer glitch temporarily halted departures at United Airlines, the latest in a series of outages to affect other airlines as well. Last week’s United system glitch was reportedly attributed to the airline’s weight reporting system which calculates and governs an aircraft’s total weight load for takeoff and other needs. According to both general and social media reports, passengers were forced to either wait onboard planes or inside terminals when respective United flights were delayed for several minutes or in some cases hours, disrupting travel plans and schedules.

Last week’s incident represented the third computer glitch to impact United’s operations in recent months.  In June, software needed to dispatch United’s flight plans faltered and in July, flights were disrupted after a computer problem blocked access to reservations records.

In September, a system-wide computer problem at British Airways caused significant delays.  In August, Delta Air Lines was forced to cancel or delay thousands of flights after a power outage impacted its operational computer systems. This blog subsequently praised Delta’s CEO for his public acknowledgement and apology for the systems outage and its impacts for customers. Also in August, a highly visible system outage also impacted Southwest Airlines after a prior system-wide outage in July, prompting the airline’s two major labor unions to demand the removal of that airline’s CEO.

These continuing series of systems related incidents that are impacting the airline industry and its customer service perceptions and ranking have pertinence to multi-industry supply chain and customer fulfillment systems that have not been updated for many, many years.

There are many parallels. let’s briefly explore them.

Older transactional systems implemented twenty, ten or in some cases even five years ago, were specified with different operational and information technology business needs and requirements. These older systems represented the architecture of either centralized computing and data retrieval, or client-server based systems architectures. They were the manifestation that all transactions and data related to customers and operational business processes would be managed and controlled via a central IT backbone system that included lots of redundancy and back-up provisions. During their prior phases, they indeed served that purpose. They were also rather expensive representing millions of dollars of direct investments related to hardware, software, database and network management needs not to mention likewise investments in initial and ongoing systems integration and consulting needs.

But as we know all to-well, today’s business world is one of continuous and constant change, some of which is rather significant.  There are mergers and acquisitions involving other airlines and their respective processes and systems.  New customer revenue service programs have been added that included paid upgrades to premium seating, payment of baggage handling fees and increased needs for regulatory passenger security reporting have all added to systems needs and requirements.  Investors, Wall Street and private equity firms continue to, on-average, have a short-term expectation window for profitability and stockholder value. There seems waning tolerance for any larger-scale, big-bang, multi-year business and systems transformation efforts without the profitability and cash-flow benefits to sustain such efforts.

Similarly, the ongoing needs of online customer empowerment and self-service require the ability of smartphone and other mobile-based applications to inquire, modify and update reservations, check on airline mileage balances or flight status. This is the building conflict of customer needs for total and complete mobile-based enablement with applications and supporting systems that were never initially designed to support such needs and requirements. They are systems designed prior to Cloud based computing, software-driven hardware and in-memory computing technology and analytics driven operational decision-making that have made their presence in today’s technology landscape.

Yet, even though line-of-business and IT teams have become more increasingly knowledgeable in the benefits of these newer technologies, the risk of potential business disruption related to systems changes continues to haunt these teams.

We recently highlighted efforts by American Airlines toward a major IT system conversion that consolidated all of its pilots and planes onto what is described as single flight operating system. Such an effort required an immense amount of operational and IT staff pre-planning and preparations, as much as a reported 1.3 million hours of IT staff time alone, since it involved a collection of what was described as more than 500 applications that manage everything from dispatching of crews to movement of aircraft.

At the same time, American is now evaluating whether to move major portions of its customer website, including and other direct web-based customer enablement support applications to a totally Cloud-based deployment model.

There are indeed many implications for systems technology change not only for the airline industry but multi-industry supply chain transactional systems as-well. The increasing needs and expense or supporting Omni-channel and online customer fulfillment needs is taxing existing other systems and applications, some to the break point. Such systems will require bolder vision yet multi-year manifestations of continuous improvements that generate the business expense savings that can fund and add credence to the value of moving forward in the journey.

Cloud computing and other new technologies will add to the economics of IT deployment and ongoing operational cost savings especially when applications and systems become optimized for their respective core missions, be that managing operations, supporting online customer enablement or more informed business results oriented decision-making.

We close this blog commentary with a food analogy.

Mixing large batches of cookie dough for too long creates tougher and less satisfying cookies. Smaller batches, with different variation recipes focused on taste, take less mixing time with a more delightful overall eating experience. Similarly, cooking large batches of various sized spaghetti in one pot yields a pot of unappetizing pasta that is a mass of uniformly cooked and a real mess.

Invest staff and resource time in comprehensive multi-year applications and systems planning focused on specific output needs and requirements. Open your thinking to the benefits of advanced technology but in the context of more managed scope efforts and streaming economic and cash flow benefits for the business.

Bob Ferrari

© Copyright 2016. The Ferrari Consulting and Research Group and the Supply Chain Matters® blog. All rights reserved.

This Week- Supply Chain Matters Attending Kinaxis 2016 Customer Conference


We wanted to alert or Supply Chain Matters readers that Executive Editor and Independent Supply Chain and B2B Industry Analyst Bob Ferrari will be attending the Kinaxis sponsored Kinexions 2016 customer conference being conducted this week in Nashville. Festivities begin Tuesday evening.

This is the annual gathering of supply chain planning and response management technology provider Kinaxis’s customers and prospects.

If readers are planning on attending this week’s event, please say hello during any of the networking or educational sessions.

Supply Chain Matters will feature upcoming commentary regarding impressions and insights shared at this year’s conference.

« Previous Entries