An inside look at a large supply-chain security initiative

DIGITALISATION efforts in operational technology (OT) have caused a surge in cyberthreats, posing significant challenges to the security and resilience of industrial systems worldwide. As recent as March 2024, among these threats was a modification in the XZ Utils open-source software project that highlighted the risks in the supply chain and the need for a comprehensive approach to supply-chain security. The XZ Utils code was altered to incorporate a malevolent backdoor, granting attackers as much control as authorised administrators within impacted systems.

Supply-chain cybersecurity takes centre stage at Singapore’s Operational Technology Cybersecurity Expert Panel (OTCEP) forum this week (Aug 20-21), including a session where I will be giving an inside look at a large supply-chain security programme. The presentation offers a deep dive into the establishment and implementation of a thorough supply-chain security initiative, based on the example of Schneider Electric.

In the current OT landscape, characterised by escalating cyber risks and interconnectivity, this topic is relevant for industrial stakeholders and society at large in Singapore and globally. Financial losses are expected to reach US$81 billion in damages and lost revenue globally by 2026, according to Juniper Research in their May 2023 report. As supply chains continue to expand and with hacker techniques becoming more sophisticated, the resilience and security of suppliers are paramount to safeguarding critical infrastructure and ensuring the uninterrupted functioning of essential services.