Securing the Networks
Information attack — activities that could include outright theft of competitive intelligence, exploitation of sensitive data, disruption of an organization’s network infrastructure, or destruction of valuable information — could represent a far more serious threat to some companies than physical attack, especially in the United States, where large-scale adoption of Internet-based communications and commerce systems has made companies and government agencies the world’s most vulnerable. Paradoxically, the dispersed character of the Internet, designed to create an information system able to withstand a massive attack on its physical infrastructure, actually makes it and its users extremely vulnerable to cyber-attack, because the Net treats all users as privileged insiders. Hence the increasing frequency of denial-of-service attacks, computer viruses, and worms capable of crippling large companies, often for days at a time.
As the growing prevalence of information attack attests, in an economy of globally open networks, no organization is an island. Each is exposed to the vulnerabilities of the participants in its network, whether those participants are a company’s own employees — or even the employees of a supplier’s supplier. Senior executives must understand how the company can be affected by attacks aimed not at the enterprise itself, but at its larger community — related business sectors and their partners’ own infrastructures and networks. Ford Motor Company was not attacked by Al Qaeda in September, but supply disruptions caused by government efforts to prevent future attacks cost the automotive company $30 million, as trucks bearing parts idled at the Canadian border. Thus was interdependence risk suddenly made real. Protecting the network, therefore, goes beyond safeguarding telecommunications infrastructure: It means negotiating secure policies and practices in all of the organization’s critical relationships — in those associations where alliance partners can influence assets without having full ownership.
Securing against discontinuities in the extended network is no longer a foreign concept among senior executives. About six years ago, IBM created a Mission Relocations process, which facilitates the shift of manufacturing operations around the globe within 90 days. This capability has already saved the company millions of dollars by enabling it to move operations to more tax-favorable countries. It also allowed IBM to move production of chips used by the defense industry rapidly from Germany to the United States following the September 11 attacks.
But understanding the need for resilience within the extended network is still not routinized at most companies. Far from it: In pursuing basic outsourcing strategies during the past decade, most companies have sought largely to optimize efficiency at the cost of robustness. Risk has largely been excluded from the equation, catching many companies short of product at crucial times. This kind of network hazard has only grown with globalization, as companies have sought to take advantage of the increasing sophistication of overseas production by accepting extended lead times and reduced flexibility in return for lower costs.
The peril for the unprepared can be profound — as can the opportunity for ready competitors. Consider the differing responses of the Nokia Corporation of Finland and Telefon AB L.M. Ericsson of Sweden when a fire at a Koninklijke Philips Electronics NV semiconductor plant in New Mexico disrupted their supplies of chips. Nokia officials noticed a hiccup in the product flow even before Philips informed the company of the problem, and had its chief supply troubleshooter on the case immediately. Within two weeks, a team of 30 Nokia officials had fanned out over Europe, Asia, and the U.S. to patch together a solution. They redesigned chips, accelerated a project to boost production, and used the company’s clout to get more chips from other suppliers. Ericsson, with fewer safeguards built into its supply network, moved more slowly and came up millions of chips short of the supply needed for a key new product. Nokia gained three share points. Ericsson lost the same, and ultimately exited the handset market.