SIMPLE Supply Chain
Bear Systems is building on its next generation cybersecurity platform to provide a range of SIMPLE (Secure Integrated ML Platform Leveraging Expertise) solutions for the world’s most pressing needs. This blog entry is one of a series of introductions showing how Bear can provide a SIMPLE solution for specific vertical challenges.
I love the term supply chain or the chain that hold back armies. I know, I know – the chain is supposed to be the thing the integrates all of the pieces together. To me, however, that chain is a noose that strangles innovation, prevents expansion, and cuts everybody involved.
This is not a slight to the many Supply Chain Management (SCM) solutions on the market which, I am sure, do a great job of keeping supplies flowing to whatever degree is required. My comments are more focused on the actual production and security of supplies. Taking a look at the production, there are serious issues with largescale supply chains given the preponderance of damage equipment. Now commonsense would suggest that fixing this equipment in the field would make the most sense (least cents?). The reality is that most large manufacturers require that the damaged equipment be shipped back and then a new shipment sent out…that typically arrives damaged yet again.
This inane process results in massive delays, headaches throughout, and there are a rapidly growing number of customers demanding change. There are solutions, by the way, already here in the form of Additive Manufacturing and all of those cool 3D printers. In fact, the only reason that this type of solution is not instituted is due to manufacturers wanting to both ensure that they participate in any remote parts production (after all it is their equipment) and to ensure that the fixes are made correctly (after all it is their equipment).
The second issue revolves around security and WOW is that an epic disaster. I can, and have, written massive discourses on all of the security issues in supply chains. For this post, I will breakdown two on the main issues (ignoring the entire Additive Manufacturing issue as that is covered under our SIMPLE AD blog post).
The first is focused on component manufacturing wherein hardware pieces that are smart enough to cause mischief are produced. Currently, a small subset of potential component manufacturers get certified to make “safe” parts. In exchange, these manufacturers are able to charge 3X to 8X the cost compared to its “unsafe” counterpart. Fine, if you really want to pay for protection, so be it (no, seriously…).
But this approach does not work.
Despite these certifications, these components have proven to be no safer than their “unsafe” cousins. These “safe” parts are oftentimes inferior in production and functionality compared to the rest of the industry and they offer absolutely no real benefit. Innovation is a nonstarter given the challenges of getting into a certified manufacturer and that manufacturer’s complete lack of desire to change anything. In fact, it is only government regulations that forces the usage of these certified manufacturers – much to the chagrin of device manufacturers globally.
The second issue involves downstream supply chain partners that are supposed to keep customer data safe. Almost all sensitive data theft occurs through supply chain vendor systems. Governments attempt to regulate this problem away, but their attempts are doomed to fail. A given supply chain might have thousands of vendors in it and hundreds of steps removed from the source. Good luck auditing everybody in one chain much less all of them.
SIMPLE Supply Chain solves these security problems by essentially not trusting anybody. SIMPLE Supply Chain assumes that every hardware component is corrupt and looking to do something bad. As such, each component is authenticated, authorized to do specific tasks, and then constantly monitored to ensure only those tasks are completed. With SIMPLE Supply Chain, there are no more backdoors, corrupt hardware, or a need for those expensive “safe” pieces of hardware.
SIMPLE Supply Chain also assumes that every supply chain partner is completely exposed, their networks and devices exploited, and nothing is safe. To this end, SIMPLE Supply Chain provides a machine-learning equipped application and data deliverable that locks out the network and even the host device while running. SIMPLE Supply Chain enables quantum resilient lines of communications and a SIMPLE Blockchain system that secures multi-vendor collaboration…even if none of those vendor systems can be trusted.
As for production, SIMPLE Supply Chain enables Manufacturing Profiles that track whenever a part is printed and can handle microtransactions at the edge. These Profiles can also be used to verify that a given repaired piece of equipment is working as intended without requiring expertise in the field.
There is obviously more, much more, to our SIMPLE Supply Chain solution and, if you are interested, please contact us to learn more!