Request a demo

Alert –

Hurricane Milton Supply Chain Risks

Building Security and Resilience: Supply Chain Risk Management for Critical Infrastructure

Article

Table of Contents

Introduction

Critical functions, such as information and communication technology, energy, financial services, and transportation networks, underline much of our economic and national security fabric. This means that the resilience of critical infrastructure must be a top priority to maintain public health, safety, and economic stability.

With each critical infrastructure sector interlinked, a single point of failure in the supply chain can have cascading effects. That’s why it’s crucial for businesses and governments to prioritize systemic risk identification and employ cutting-edge technologies like AI and deep learning to navigate and mitigate these risks effectively. Understanding and managing supply chain risks within critical infrastructure sectors will ensure resilience and continuity.

What Is Critical Infrastructure?

The term critical infrastructure is defined in the USA PATRIOT ACT as the “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”

The U.S. government has traditionally framed critical infrastructure within 16 sectors — an approach that is like America’s allies. Businesses and organizations operating in each of those sectors are part of critical infrastructure.

In the United States, critical infrastructure sectors are defined by the recently published National Security Memorandum 22 (NSM-22), and work to manage risk associated with them is coordinated by the United States Department of Homeland Security (DHS) via the Cybersecurity & Infrastructure Security Agency (CISA). The NIST Cybersecurity Framework (updated in 2024) established a risk mitigation approach that critical infrastructure entities should  use for managing cyber risks.
In Europe, the European Programme for Critical Infrastructure Protection (EPCIP) defines critical infrastructure sectors based on EU COM (2006) 786. And in the United Kingdom, the Centre for the Protection of National Infrastructure (CPNI) oversees critical infrastructure policy and preparedness.
Across the Organization of Economic Coordination and Development members, most countries generally agree on many of the same sectors, policies and loose frameworks — despite divergent assets and an ever-evolving landscape of regulatory requirements.

Managing Supply Chain Risks in U.S. Critical Infrastructure

To function, critical infrastructure companies are reliant on a web of third-party entities that introduce ongoing risk to their supply chain. Managing and mitigating risk is a top priority for all organizations that are part of critical infrastructure.

NSM 22 lays out a blended collaborative voluntary and regulatory approach to managing critical infrastructure risk. Demonstrating commitment to security and resilience of critical infrastructure is crucial for businesses operating in the 16 sectors.

Over the past few years, each of these sectors have been impacted by supply chain failures, cyber attacks, severe weather, and geopolitical risks. From the Colonial pipeline attack to a spate of ransomware attacks that threatened health systems, the need to bolster security and mitigate risk in these sectors is vital.
To secure critical infrastructure, identifying and remediating supply chain risk across critical infrastructure sectors is crucial for the health, safety, and well-being of communities, and even more so for collective national security.

Prioritizing Some Sectors as Systemically Important

Bob Kolasky, SVP of Critical Infrastructure at Exiger, believes it important to prioritize systemically important critical infrastructure that enable “lifeline functions” — things like communications, transportation, electricity, water, and other essential infrastructure. Since communities rely on this systemically important critical infrastructure daily, particularly for communications, electricity and banking, disruptions can have cascading impacts across communities and a real-world impact.

“When we start to think about systemically important infrastructure, we recognize that it’s the hardware, software and control systems that enable infrastructure to function. They also hold some systemic importance because there could be systemic vulnerabilities if they’re exploited,” said Kolasky.

For example, satellite communications and position navigation timing services are important across infrastructure sectors, so an attack on the GPS system or satellite communications would cascade across multiple infrastructure sectors and have a systemic impact. By prioritizing and making sure that those services are protected, companies can minimize the consequences of loss of operations when incidents happen.

Intensified political tensions, trade disputes, natural disasters, terrorist attacks, digital threat actors and complex supply chains threaten critical infrastructure. Disruption is no longer a remote possibility; it is inevitable. To truly identify and remediate all supply chain risks across every supply chain node, AI and deep learning need to be applied at scale.

“It’s important to recognise that even if you’re good at what you’re doing on your own systems, there’s still some inherent risk by who you do business with, and managing that risk is importance. ”
Bob Kolasky
EXIGER SVP OF CRITICAL INFRASTRUCTURE

Build Resilience in Critical Infrastructure Supply Chains with Advanced Technology

Supply chain risk management (SCRM) is more than a best practice for all critical infrastructure organizations. It’s also required to help meet many legal and safety regulations, like Section 889, UFLPA, CMMC for the Defense Industrial Base, NERC CIP 13 for energy, the CHIPS Act, and many more.

Moreover, the complexities of supply chains demand advanced technology, like the supply chain AI in the 1Exiger platform. The comprehensive platform delivers end-to-end supply chain visibility for the entire supplier ecosystem. 1Exiger is the only open-source, third-party and supply chain risk management software that helps companies and government agencies achieve cost savings, resilience, and compliance in real time.

One of the leading aerospace and defense firms used Exiger’s technology to help de-risk their supply chain, and in the process achieved up to 35% savings on the cost of parts. They also mapped supply networks below the Tier 1 suppliers, gaining insights into where additional parts and materials were sourced. This allowed them to consolidate and leverage raw material volumes globally, thus simplifying their supply chain, reducing costs, and improving their risk posture.

Contact us to discover how Exiger’s award-winning, AI-powered technology is changing the way critical infrastructure stakeholders manage risk.

More Resources:

Table of Contents

Perspectives
SEE ALL 
insights

Perspectives

SEE ALL
DPW Takeaways - Perpectives
Article
How AI Transforms Procurement: Takeaways from DPW Amsterdam
Understanding_the_Role_of_AI_in_Combating_Forced_Labor_in_Supply_Chains
Article
Understanding the Role of AI in Combating Forced Labor in Supply Chains
Expect_Supply_Chain_Impacts_from_ChinaΓÇÖs_Antimony_Export_Restrictions
Article
Expect Supply Chain Impacts from China’s Antimony Export Restrictions
Industries
Solutions
Products
Company
contact us
join the team
Logo - Exiger AI-powered supply chain risk management
© 2024
Privacy and Legal Center

Demo The
Exiger Platform

Rule Your Cube

Rule Your Cube
Be a supply chain superhero