Souser concluded by saying that FSMA is here to stay. Its actual implementation is probably three to four years away, but he counsels to start now and stay ahead of it. "If you try to deal with it then, you could be in big trouble," he warned.
Supply Chain Security
With today's business climate becoming more remote and spread out, information is key, added Douglas Bellin, senior manager, industry business development, Cisco, who spoke about the value of secured industrial intelligence for food and beverage companies.
"Consumers demand to know where their goods are coming from and who was a part of the supply," he emphasized. "Data security is key to this drive toward a full understanding of the supply chain, both internally and for your customers."
Bellin offered up Cisco's aggregated list of things that CEOs worry about in that regard, which also forms a to-do list for Cisco's efforts:
- Use of information to reduce costs and drive innovation;
- Flexibility in production capability;
- How to meet OEE metrics;
- Reducing energy consumption with sustainability success; and,
- Information systems to address government reporting and compliance.
Bellin went on to address today's supply chain hot buttons. The typical supply chain that was mostly internal to a company has changed, he said. "That has expanded to outside the wall, to the place where I'm getting billing done, how and when the product gets to the customer's dock. It's expanding even further to suppliers, the ones that make the packaging or raw goods for you. That relationship has to go down to your Tier 2 suppliers, other partners and ultimately to your customers."
A good example of that, Bellin said, is your carton supplier. What happens when his conveyor breaks down, and he can't supply those boxes? You find out about it when you run out of boxes, and that's probably too late. What if that supplier was integrated in a way that you were alerted when that conveyor broke and the consequences were realized? You probably could affect a contingency plan for alternate supply.
"It gets worse, though," Bellin stated. "Remember, those suppliers have suppliers, who have suppliers, so we have to somehow connect all those sources. Supply chain complexity has doubled in recent years." This can be handled, Bellin said, but once your information flow is outside your walls, your control breaks down. "So does your security," he added.
So how big are these risks, even inside the firewall? That's hard to know, Bellin explained, since only 2% of incidents are reported, as companies try to protect their reputations. "But of those we are aware of, 49% of intrusions are though the corporate WAN and business network," he said.
Bellin stressed that companies should think in terms of "defense in depth." That's looking at all the areas in the organization and designing the architecture right behind that. "If you look at the physical architecture, and if you have routing and switching down on the factory floor, do you have lockouts in there? Securing computers is pretty easy. You can virus protect them or put a firewall between them and sensitive areas."
Other devices pose other problems, but have to be looked at carefully. "But if you bring all those defenses together, if one area is breached, the others can be there to back them up, and stop [an intrusion] from spreading across the environment."