When A Cyberattack Takes Down Your Supply Chain Software

In a March 2010 article in The Atlantic titled “Cyber Warriors,” James Fallows writes, “[Cyber] attacks — not just from China but from Russia and elsewhere — on America’s electronic networks cost millions of dollars and could in the extreme cause the collapse of financial life, the halt of most manufacturing systems, and the evaporation of all the data and knowledge stored on the Internet.”

That article opened my eyes for the first time about the great risk cyberattacks posed to global supply chains. I’ve written several posts about this threat over the years, including:

In short, as I wrote in 2016, “The threat of cyber attacks has only intensified since [2014], and as our supply chain networks and processes become more dependent on [cloud] software, GPS, and other technologies, the risk for a cyberattack on supply chains will only continue to grow.”

There have been several disruptive cyberattacks in the logistics industry in recent years, including Expeditors International in February 2022 and CMA CGM Group in October 2020. Other industries have also been impacted, including software providers, such as CDK Global which was attacked last week. Here are some excerpts from a Wall Street Journal article titled, “Car Dealers Grapple With Dayslong Software Outage After CDK Cyberattack”:

A cyberattack that has forced car dealerships around the U.S. to use pen and paper to sell cars is expected to continue for several days. 

CDK Global, the company behind the software, told dealerships in a message that it had two cyber incidents Wednesday [June 19] and that it took down its software out of caution to protect customer information. Nearly 15,000 dealers use CDK’s software to manage their sales, payroll and general office operations, according to the company’s website. The system has been down since the incidents, disrupting how dealerships sell and repair cars.

The hack on a major supplier to car dealerships highlights a common weak point in companies’ cybersecurity programs. Even if a company secures its own technology systems, they may still be vulnerable if one of their suppliers is attacked. 

Considering that many (if not most) supply chain and logistics software applications are now deployed via the cloud, what if any of these systems — such as your transportation management, warehouse management, or ERP — goes down for several days due to a cyberattack on the vendor or hosting provider? Do you have contingency plans, processes, and tools in place to keep your operations running in such a scenario? What actions are your software vendors taking to fortify their cloud services against cyberattacks?

Those are some of the questions we’re asking members of our Indago supply chain research community in this week’s survey. Indago members will receive the results next week. 

But it’s not too late to take the survey. If you’re a supply chain or logistics practitioner from a manufacturing, retail, or distribution company — and you’re interested in learning from your peers and taking this week’s survey — I encourage you to learn more about Indago and join our research community. It is confidential, there is no cost to join and the time commitment is minimal (2-4 minutes per week) — plus your participation will help support charitable causes like Breakthrough T1D (formerly JDRF), American Logistics Aid Network, American Cancer Society, Feeding America, and Make-A-Wish.

In the meantime, what do you think? When a cyberattack takes down your TMS, WMS, or other supply chain software (it’s a question of when, not if), will you be ready to respond as effectively as possible or will everyone on your team look at each other and frantically ask, “What do we do now?”