Cybergefahren in der digitalen Supply Chain
The PRISM of PRIvacy, Security and regulatory coMpliance
Roger Müller, Directo...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
The fourth industrial revolution has started –...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
Towards a new industrial revolution – The Indu...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
The integrated use of data is the core capabil...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
Cyber Threats are real and affect business and...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
The dilemma: functionality and simplicity vers...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
Industry 4.0 and Security – Trust versus Risk ...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
Industry 4.0 - Adapt to the new realities of c...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
Each organisation has a unique environment and...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
Industrial processes demand a high level of co...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
Digitally driven horizontal integration across...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
Greed, absence of ethics and weak prosecution ...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
Industry 4.0 and Data Security – Introducting ...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
Applied Digital Trust (PRISM) as an integral p...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
Applied Digital Trust (PRISM) requires the col...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
Two options how to avoid digital data loss:
A:...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
Five Steps to identify and protect enterprise ...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
Summary: Applied Digital Trust by PRISM Privac...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
Thank you - Your PwC Industry 4.0 experts
Talk...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
PwC’s Global Operations Consulting Network – F...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
PwC’s Global Operations Consulting Network – F...
© GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
We think and advise on end-to-end processes ac...
28.10.2015 | © GS1 Switzerland 2015 | 52
Disclaimer
This publication has been prepared for general guidance on matters of ...
Nächste SlideShare
Wird geladen in …5
×

Cybergefahren in der digitalen Supply Chain - Roger Müller

344 Aufrufe

Veröffentlicht am

Cybergefahren in der digitalen Supply Chain

Veröffentlicht in: Technologie
0 Kommentare
0 Gefällt mir
Statistik
Notizen
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Keine Downloads
Aufrufe
Aufrufe insgesamt
344
Auf SlideShare
0
Aus Einbettungen
0
Anzahl an Einbettungen
21
Aktionen
Geteilt
0
Downloads
7
Kommentare
0
Gefällt mir
0
Einbettungen 0
Keine Einbettungen

Keine Notizen für die Folie

Cybergefahren in der digitalen Supply Chain - Roger Müller

  1. 1. Cybergefahren in der digitalen Supply Chain The PRISM of PRIvacy, Security and regulatory coMpliance Roger Müller, Director PwC Consulting and Head Supply Chain & Operations, PricewaterhouseCoopers AG Rodney Fortune, Manager, Cybersecurity, PricewaterhouseCoopers AG
  2. 2. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 The fourth industrial revolution has started – But.. …is your Supply Chain safe against cyber threats? Flexibilityandcomplexity Industry 1.0 Steam engine manufacturing Industry 2.0 Mass production and assembly lines Industry 3.0 Automation and robotic Industry 4.0 Digitization and Integration of Value Chains and Products/ Services (Internet of Things/Services) New Digital Business models Integrated Data Analytics as core capability Digital Enterprise End of 18th century Beginning of 20th century 1970s 2015+ 1800 1900 2000 2014 2020
  3. 3. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016
  4. 4. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 Towards a new industrial revolution – The Industry 4.0 framework Source: PwC Industry 4.0 Study, 2015 Innovative digital business models III IV Digitization of product and service offerings Digitization and integration of vertical and horizontal value chains Industry 4.0 II Compliance, security, legal & tax Digital Enablers Organisation, employees and digital culture IT Architecture and data management Digital Coreelements Because of the Internet, mobile devices, applications, and cloud computing, companies and their suppliers can now share a large amount of data at the click of a button. Today, information about everything from order volumes and capacity status to activity-based management protocols and transportation metrics is electronically transmitted between business partners. Cybersecurity is essential in order for Industry 4.0 to work, not only in technological terms, but also in terms of the processes in the value chain.
  5. 5. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 The integrated use of data is the core capability within the framework of Industry 4.0 Importance of data and analysis capabilities within Industry 4.0 93% 76% 68% 61% 61% 54% 5% 22% 20% 27% 27% 20% 2% 2% 12% 12% 12% 26% Generation of additional data (e.g. through expanded sensor technology) Use of realtime data to control production Clear labeling (barcode, RFID, NFC) Use/exchange of data with cooperation partners Analysis of extensive amounts of data in real time Efficient exchange of data along the own value-add chain Neither nor (3) Not important (1,2)Important (4,5) Source: PwC Industry 4.0 Study, 2015
  6. 6. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 Cyber Threats are real and affect business and life 91% of large organisations and 87% of small businesses had security breaches in the last year • Cyber security is now a persistent business risk • Organisations are undoubtedly worried about the rising tide of cybercrime • Looking at security investments by industry shows that spending is down in most sectors, with a few notable exceptions. • The black markets for stolen data are growing in size and complexity. Source: PwC 2015 The Global State of Information Security Survey 2015 91% 87%
  7. 7. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 The dilemma: functionality and simplicity versus security Digitization Globalization The human being The 10-80-10 rule of honesty: According to insiders, it is considered proven that only 10% of adults are completely honest. For80%, it depends on the environment and 10% are dishonest. The digital transformation will change the way how people do business The danger to businesses and their customers from hacking and cyberattacks has become pervasive The markets and the customers are globally not locally Laws and regulations as well as jurisdiction is national
  8. 8. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 Industry 4.0 and Security – Trust versus Risk profile? Cybersecurity is more than an IT challenge—it’s a business imperative. New technologies, well-funded and determined adversaries, and interconnected business ecosystems have combined to increase your exposure to cyberattacks. Your critical digital assets are being targeted at an unprecedented rate and the potential impact to your business has never been greater. Can I trust my communication tools? Can I trust my data and information? Can I trust my my identity? Can I trust my business partner? Can I trust my technology?
  9. 9. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 Industry 4.0 - Adapt to the new realities of cybersecurity With Industry 4.0 Information and Data has become a critical supply chain asset, making it increasingly important to protect your data. Information sharing is not limited to supply chain functions like transportation, distribution, logistics, warehousing, inventory management, sourcing, procurement, and order and production planning. Companies share proprietary data across their value chain. Supply chain managers must play a larger role in cybersecurity Purcha- sing Production Logis- tics Planning Company CustomerSupplier Supplier network Cooperation partner Customer network Purchasing Production Logistics Sales Product Development (R&D) Planning Service Horizontal value-add chain (Network) Vertical value-add chain (Company)
  10. 10. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 Each organisation has a unique environment and therefore specific requirements Technology Risks Your business vision Business processes Business applications Devices, systems and platforms Network and communication Digital data  Identify valuable data  Identify threats & risks  Apply appropriate protection
  11. 11. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 Industrial processes demand a high level of connectivity between components of a vertical supply chain Vertical integration of supply/value chain processes • Cyber attacks to CPS systems (incl. industrial espionage) • Privacy • Reverse Engineering • Knowledge of Hardware by integrators, incl. manufacturers • Non-restricted staff access to critical components, systems and data Potential Cyber ThreatsPlanning/ ERP Planning Manufacturing Execution System (MES) Cloud/data management Enterprise Resource Planning (ERP) Horizontal integration with partners Machine to machine communication Engineering for “lot size” Cyber SecurityShop floor Machine Sensors/ Control Product Sensors & control Internet of things New technologies (e. g. 3D print) Autonomous logistics
  12. 12. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 Digitally driven horizontal integration across value chains allows the creation of a virtual SC model Integrated Planning & Operations – Cross-Tier Inventory Optimization Digital Implications Suppliers OEM DealerTier 1 Plants End Customer Make to OrderMake to Order InventoryMachiningAssemblyInventory Tier 1 HQ Market 1 Market 2 Engine 1 Engine 2 Engine n Forecast Forecast Planning ForecastForecast Real-time/near-real-time forecast data propagation can increase efficiency, e. g., optimizing supplier inventory levels Virtual Supply Chain Model Information Flows Components Suppliers IDMs Contract Electronics Mfg P S M D Customers OEM P S M D Material Flows P S M D P S M D P S M D Information Hub Components Suppliers / IDMs OEM/CEM P S M D P S M D P S M D Material Flows Customers P S M D
  13. 13. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 Greed, absence of ethics and weak prosecution / sanctions Adversary motives and tactics evolve as business strategies change and business activities are executed. Not only the ‘good guys’ use technology for their benefit (CCaS/Cyber Crime as a Service))! Organized crime Hacktivists Nation state Adversary Insiders What’s most at risk? Input from Office of the National Counterintelligence Executive, Report to Congress on the Foreign Economic Collection and Industrial Espionage, 2009-2011, October 2011. Emerging technologies Executive travel Automation Health and safety records Business deals information Information and communication technology and data Industrial Control Systems (SCADA) Geological surveys and industrial design (Intellectual Property) Third party connections
  14. 14. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 Industry 4.0 and Data Security – Introducting the concept of «PRISM» Digital operations (Industry 4.0) Dependence and abuse of IT increases (cyber resilience) Megatrends Business processes of the firm Applied Digital Trust (PRISM) Digital PRIvacy Cyber Security Regulatory CoMpliance Supply chain Suppliers Clients
  15. 15. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 Applied Digital Trust (PRISM) as an integral part of electronic business processes Guiding Principles: 1. Processes should be designed and displayed electronically, that the system only allows what is possible 2. Process steps must be designed in a way that controls are integrated and compliance-related data are collected systematically and continuously 3. Data analysis and continuous auditing lay the foundations that compliance-related data are systematically analyzed and reported Process Integrated Compliance Processes Controlling und QA* Data Measuring Measuring Measuring Access data Process data Transaction data Reports Data Analytics / BIG DATA * Quality assurance
  16. 16. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 Applied Digital Trust (PRISM) requires the collection and preparation of relevant data People, Processes, Technology Governance & Control Framework Security, Privacy, Compliance Information (big data) Digital Data classified, separated in trust-domains ICT Infrastructure on premise, outsourced or in the cloud User and devices trusted? Compliant? Sec & Compliance Layer 2: Infrastructure and data access Sec & Compliance Layer 1: user and device identification PRISM Dashboard(s) Strategy and risk appetite Infrastructure,Device,Data Mgmt. Regulation & Standards@ Sec & Compliance Layer 3: Gateways and zone transitions Compliance Mgmt. Data analytics (SIEM, etc.) Requirements & policies
  17. 17. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 Two options how to avoid digital data loss: A: protect and monitor or B: detect and respond ‘Crown jewels’ must be identified and their protection prioritised, monitored and adjusted accordingly. • Technology risk strategy • Security architecture • Target operations model • Security governance • Security assessments • Breach indicator assessment • Data analytics for security information • Threat intelligence Detect malware, attacks and data exfiltration quickly and reliably • Incident response • Forensic services • Crisis management • eDiscovery • Data analytics Respond to incidents efficiently and effectively. Remediate and learn. Monitor & DetectPrevent & Protect Respond & Remediate ‘Data protection by design’ by considering people, processes and technology
  18. 18. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 Five Steps to identify and protect enterprise data appropriately Assess cyber risks and ensure risk landscape is aligned with risk appetite. Reduce, avoid or transfer inacceptable risks Select applicable cyber threat scenarios (10-15) and analyse impact to your business data and customer data Identify your most valuable information assets, align your cyber security strategy with business objectives and get funding Analyse current safeguards and their effectiveness, assess vulnerabilities in your infrastructure and supply chain Implement safeguards, monitor effectiveness, improve processes for earlier detection and reduce the time from detect to respond 1 2 3 4 5
  19. 19. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 Summary: Applied Digital Trust by PRISM Privacy, Security and regulatory compliance? Stepwise procedure: 1. The industrial sector will change in the coming years due to the industrialization / digitization  This is a chance to integrate "Applied Digital Trust" 2. Digital Trust calls for requirements of privacy, security and regulatory compliance that are formulated not only as a policy, but are integrated into the technical infrastructure 3. Security, privacy and compliance should be consolidated into a common architecture and integrated in the process (and not appended) 4. The processes should be designed in a way that only those things are possible, which are permissible 5. Controls should be designed so that their effectiveness is constantly measured and the enforcement of the rules is ensured 6. Digital Trust shall define which reports are to be generated in order to provide quality assurance / that the auditor are satisfied Applied Digital Trust through PRISM is the discipline of designing products or processes that have very low tolerances, are repeatable, and are stable over time
  20. 20. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 Thank you - Your PwC Industry 4.0 experts Talk to us… PwC Risk Assurance PricewaterhouseCoopers AG Birchstrasse 160 CH-8050 Zurich Switzerland Direct +41 58 792 19 46 Mobile + 41 79 128 67 61 rodney.fortune@ch.pwc.com www.pwc.ch Rodney Fortune Manager Cybersecurity Cybersecurity: Threat, Vulnerability & ICS Specialist, Switzerland PwC Management Consulting PricewaterhouseCoopers AG Birchstrasse 160 CH-8050 Zurich Switzerland Direct +41 58 792 1637 Mobile +41 79 878 3180 roger.mueller@ch.pwc.com www.pwc.ch Roger Müller Director Head Supply Chain & Operations Switzerland, Industry 4.0 Lead
  21. 21. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 PwC’s Global Operations Consulting Network – From Strategy to Execution (Category of One) PwC's global operations practice connects clients' strategies with execution. We start with the premise that operations can and should be a strategic asset, and we bring the industry, functional, and technology depth required to rapidly close the gap between ideas and results. Integrated, best-of-breed capabilities and thought leadership Unique combination of strategy, operations, technology, and marketing capabilities to support future consumer businesses
  22. 22. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 PwC’s Global Operations Consulting Network – From Strategy to Execution (Category of One) Together, we bring more than 250 years of experience helping global clients solve their toughest problems Global Supply Chain strategists network with more than 4.500 consultants Unique Supply Chain Strategy, Operations and Execution service portfolio Practical strategists committed to our client’s success Leading Supply Chain Strategy firm Local teams with access to global network Broad and in-depth experience Approach Management Consultants & Coaching oriented consulting approach using know-how and methodology Industry 4.0 Tax & Custom SCM Benchmarking Supply Chain Reference Model (SCOR) Plan Source Make Deliver Swiss-based core team and technical subject matter experts, well linked into
  23. 23. © GS1 Switzerland 201611. GS1 Forum Logistics & Supply Chain | 2. März 2016 We think and advise on end-to-end processes across the entire Supply Chain  How does my supply chain performance compare to that of my competitors?  How confident are we in the resiliency of our supply chain operations?  How do we quickly assess our functional strengths and weaknesses?  How can we maximize return on our existing assets and gauge the value of future improvements?  How do we align our supply chain initiatives with overall strategic objectives?
  24. 24. 28.10.2015 | © GS1 Switzerland 2015 | 52 Disclaimer This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers AG, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. © 2016 PwC. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers AG which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.

×