What’s in a name? Wrestle over the threat, not what people choose to call it.
"What's in a name? That which we call a rose by any other name would smell as sweet." - William Shakespeare, Romeo and Juliet
Consider the term “Supply Chain Risk Management,” or the acronym SCRM. Raise the issue, and a logistics leader will likely ask you to take a seat.
On the other hand, think about “cyber.” Say that word to a logistician, and you’re likely to be sent down the hall to the folks in IT.
Cyber considerations are all over the supply chain. There are times when the first stop in a cyber threat is IT, but there are also a slew of issues where the operators need to lead.
Cyber is a risk, we have to manage it, and it’s in the supply chain. How do cyber considerations impact sourcing? Shipping? Communications? Subcontracts? ECO's? Industrial base management and oversight? Payment methods and international money transfers? The list is almost endless, and none of these examples are IT centric and all have a cyber component.
Here’s a citation the Defense Acquisition University offers to help students get their arms around Supply Chain Risk Management. “Supply chain risk management (SCRM) is ‘the implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity.’”
Cyber issues are just one of the risk vectors to consider in SCRM, and a good chunk of responsibility for that risk sits with the operators, not the techies. If you’re more comfortable grappling with Supply Chain Risk Management, fine.
On the other hand, if somebody knocks on your door to talk about cyber, ask them to take a seat and shock them with how cultured we are in the Supply Chain: quote Shakespeare.