The Bad Guys' No.1 Threat

Apr 1, 2007 12:00 PM, Denis Dunann

Sharing security intelligence has proven its value time and again. For example, an information-sharing network saved the newly formed credit card industry in the late 1970s from uncontrolled and escalating credit card fraud facilitated by a lack of shared intelligence among retailers and banks. More recently, as stated in the 9/11 Commission Report, the lack of shared information among our government's intelligence agencies was directly related to our inability to circumvent one of our nation's greatest disasters. In order to protect the nation's critical infrastructures from threats, vulnerabilities and attacks to their industries, Presidential Directive 63 in 1998 encouraged sector-specific corporations to create Information Sharing and Analysis Centers (ISACs) in the hope that they could more efficiently and proactively capture, analyze and disseminate pertinent, actionable intelligence to the critical infrastructures they protect. As a result, 13 ISACs have been created for information sharing within industry sectors, including an ISAC specific to the Supply Chain (www.sc-isac.org). The sector-specific ISACs formed an ISAC Council (www.ISACCouncil.org) that meets monthly to share intelligence and refine the increasing value of ISACs.

Today, around the country, regional Cargo Security Councils meet monthly with security representatives from supply chain companies and law enforcement to share experiences and seek investigative intelligence on active cases. No one disputes the value of shared intelligence, but establishing a standardized national database populated with valuable information is met with skepticism about whether industry-wide sharing would occur and concern over confidentiality and data integrity. Unfortunately, this historical skepticism and concern are allowing the bad guys to continue perpetrating their multi-billion-dollar crimes against supply chain companies.

The most important reason for sharing security information is that as long as actionable intelligence is kept locked away in each company's information “silo,” the bad guys will continue to win. The less information available, the easier it is for criminals to succeed. For example, a truck driver getting paid 5 percent of the load value in a “driver give-up” is often not prosecutable, allowing the driver to move freely from company to company perpetrating the same crime. But, if historical cases are shared among supply chain companies, this type of crime is preventable.

Supply chain crimes are not typically violent since they are often perpetrated with the help of employees, resulting in low risk to the thieves and the victims, and low prioritization by law enforcement.

For this reason, it is incumbent on the supply chain industry to do some of the heavy-lifting and become more strategically proactive and preemptive with their security processes. Supply chain-dependent companies are realizing that shared intelligence plays an integral part in solving their present and past cases, as well as preventing future losses. Likewise, timely and detailed information is one of law enforcement's strongest weapons.

Imagine the effect on organized crime rings if all supply chain companies could easily track trends and modus operandi, and quickly ascertain case investigation similarities that would assist in solving current and historical crimes. Imagine the effect on a criminal's ability to go from company to company perpetrating crimes if supply chain companies shared investigative intelligence with each other. And finally, imagine the ability for all supply chain companies to receive predictive modeling based on shared statistical data that would prevent expensive future losses and pinpoint “hot spots” and trends on a timely basis.

Of course, information sharing must be done within a highly secure and protected environment to ensure that only vetted and authorized entities have access to the intelligence.

---

Mr. DuNann is an industry writer, national speaker, and co-founder and CEO of SC-integrity, which specializes in supply chain security. SC-integrity Inc. owns and operates the government-sanctioned Information Sharing and Analysis Center for the critical infrastructure of the global Supply Chain (SC-ISAC) www.sc-isac.org.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue