"By 2025, 45% of global organizations will experience software supply chain attacks, a three-fold increase from 2021." On March 21, Gartner, a world-renowned supply chain think tank, warned of this and listed "digital supply chain risk" as the second of the seven major security and risk management trends in 2022.
On the day Gartner issued the warning, US President Joe Biden also publicly called out to American companies, "Russia is planning a new cyberattack on the United States, and Private American companies need to strengthen their defenses." "What is intriguing is that at this time, the United States, as the world's number one "matrix", is still unprecedentedly busy launching cyber attacks.
According to China's National Internet Emergency Response Center, "since late February this year, U.S. hackers have attacked Russia, Ukraine, and Belarus by attacking computers on the mainland." Within 72 hours, the attack shut down more than 1,500 networks linked to the Russian and Belarusian governments, major banks and businesses. “
note! While the United States and Europe are kicking Russia out of the global supply chain system, the United States has turned to the government, major banks and corporate networks of Russia and Belarus by attacking computers in China. What is this operation? However, discerning people can see that the United States is more urgent to attack China, the world's second-largest digital economy country, which is already the world's most competitive digital supply chain market.
I. China's Digital Supply Chain Red Flags: Warnings from 360 and Gartner
Warning 1,360: What the NSA Quantum Attack Platform Does
On March 22, china's 360 government and enterprise security group fully disclosed the technical characteristics of the Quantum attack platform, a representative cyber weapon used by the US National Security Agency (NSA) against targets in China, for the first time.
(Zhou Hongyi, founder and chairman of 360 Group)
Quantum attack is an advanced network traffic hijacking attack technology specially designed by the US National Security Agency for the national Internet, targeting all Internet users around the world who visit Us websites such as Facebook and Twitter, and Chinese social software such as QQ is also their target.
Hundreds of millions of citizens around the world have nowhere to hide their privacy and sensitive information like "naked running", China as one of the NSA's key supply targets, the number of victim units may reach the order of millions, which of course includes some of China's world's leading digital supply chain platforms.
2, Gartner warns: Digital supply chain risk is the second biggest risk in 2022
On March 21, Gartner said it identified seven trends that security and risk managers must address to protect the expanding and digital footprint of modern organizations from new threats in 2022 and beyond.
"Digital Supply Chain Risk" was ranked second by Gartner as the second of seven security and risk management trends for 2022. "As cybercriminals find that attacking digital supply chains can yield high returns, businesses are expected to face more digital supply chain threats. Gartner predicts that 45% of the world's organizations will experience software supply chain attacks by 2025, a threefold increase from 2021. “
This risk has also been raised before, and supply chain attacks are seen as one of the top six emerging threats in 2020. According to the 2019 Supply Chain Security Report released by Crowstrike, a world-renowned Saas security company, 16% of companies have purchased IT equipment that has been tampered with. 90% of companies are "unprepared" to respond to supply chain cyberattacks.
Second, digital logistics, China has gone a long way and found that it forgot to wear a hard hat
China's digital economy has developed more than 10,000 in Europe and the United States, but it has continuously ranked the second largest digital economy market in the world, and the most active market for the development of global digital logistics and supply chain.
1. Digitization, China's policy support is great, but it does not put security in an important position
In 2015, the State Council issued the "Internet +" Action Guiding Opinions, which deployed and promoted the "Internet +" action for the first time, and "Internet +" efficient logistics was included in 11 key areas. The "Opinions" clearly require the National Development and Reform Commission, the Ministry of Commerce, the Ministry of Transport, the Cyberspace Administration of China, etc. to jointly promote the "construction of a logistics information sharing and interconnection system".
In 2017, the State Council issued the first policy on the innovative development of modern supply chains, the Guiding Opinions on Actively Promoting Supply Chain Innovation and Application. The second sentence of the whole text is, "With the development of information technology, the supply chain has developed to a new stage of smart supply chain that is deeply integrated with the Internet and the Internet of Things." This is also the first time that the State Council has clearly proposed the development direction of "smart supply chain".
In 2020, the National Development and Reform Commission launched the Implementation Plan for Promoting the Action of "Using Digital Wisdom on the Cloud" to Cultivate New Economic Development, which can be said to push the development of China's digital economy to a new height. The first sentence of its development goal is to "vigorously cultivate new formats of the digital economy on the basis of existing work, deeply promote the digital transformation of enterprises, build a data supply chain, lead the flow of materials, talents, technology and capital with data flow, and form a digital ecosystem of upstream and downstream of the industrial chain and cross-industry integration..."
In January 2022, the State Council launched the first "14th Five-Year Plan for the Development of the Digital Economy" in mainland China, mentioning the supply chain more and making "vigorously developing smart logistics" one of the seven key industries' digital transformation projects.
By the end of 2021, 28 places across the country have issued digital economy development plans, and Zhejiang, Beijing, Tianjin, Fujian and other provinces and cities have all required that the digital economy account for more than 50% of the regional GDP by 2025 in the "14th Five-Year Plan", and all localities are actively laying out the development of the digital economy.
However, in the synthesis of the above policies, the first logistics network of the palm chain network combs the relevant policies, and all find that the digital supply chain and digital logistics policies only focus on the development of awareness, rarely have security awareness, and rarely put digital security in a prominent position. It's an unfortunate recognition, but it's also an objective existence! For many years, China's economic development has been born in a peaceful environment, so that we often only talk about development and pay little attention to security.
Now that Russia has given us a trial of almost all the mines in advance, it is time to realize!
2. Digitalization, Chinese enterprises run fast, but generally have no security awareness
Driven by a series of digital policies, China's digital economy market has shown unprecedented vitality. In just a few years, China has cultivated the world's largest road freight information platform Manbang Group, the world's largest real-time logistics platform Meituan Distribution, and one of the world's largest same-city freight information platforms. And cainiao network, the world's largest digital express service platform, which was established in 2013 but developed rapidly in 2015.
The advent of the industrial Internet has made the digital industry supply chain space huge. In 2020, China's industrial digitalization will account for 80.9% of the digital economy, and digitalization is deeply empowering all walks of life.
3. Digitalization, China's underlying security is very bad, and security management is far from enough
According to Peter Firstbrook, vice president of the Gartner Institute, "Organizations around the world are facing sophisticated ransomware attacks, attacks against digital supply chains, and deep vulnerabilities. The pandemic has accelerated the development of hybrid work models and the speed of migration to the cloud, which has raised a difficult problem for the CISO concept: how to protect the increasingly decentralized enterprise while solving the shortage of senior security personnel. ”
China's problems may be more serious, 360 founder and chairman Zhou Hongyi attended the World Internet Conference in 2021, and proposed that the current digitalization of Chinese enterprises is facing six basic security issues: cloud security, big data security, Internet of Things security, terminal security, supply chain security, communication security, and traditional network security cannot be dealt with. As of September 2021, 360 has captured 46 overseas APT organizations and found more than 3,600 attacks involving more than 20,000 targets.
Third, digital logistics reflection: standing at the largest outlet or also standing at the largest risk outlet
As the forerunners of digital supply chains, logistics and supply chain service enterprises are also at the forefront of network security.
1. Cainiao Network: China's largest digital logistics and supply chain infrastructure
(Cainiao Network Released Logistics IoT Open Platform)
In 2019, Cainiao Network released the logistics IoT open platform and minimalist PDA, which will help realize the digitalization and intelligent upgrading of logistics full-link logistics such as warehousing, transportation, distribution and station collection. The platform is fully open to the logistics industry, welcomes all logistics scenarios and equipment access, and effectively promotes the digitalization and intelligence of the logistics industry. In terms of self-built warehouses, Cainiao has built 22 self-built logistics parks in areas with concentrated logistics operations and convenient transportation to undertake the logistics needs of e-commerce and traditional business, and about one-third of the parks are located in East China, where logistics services are in demand, with a total area of 3.15 million square meters. Based on high technologies such as IoT, edge computing and artificial intelligence, the park is the main pilot area for Cainiao to try the latest technology to improve logistics services.
2. JD Logistics: China's intelligent supply chain infrastructure
(Liao Jianwen, Chief Strategy Officer of JD Group)
At the 2020 JD Global Technology Explorer Conference, Liao Jianwen, Chief Strategy Officer of JD Group, systematically explained JD.com's digital and intelligent social supply chain for the first time. Liao Jianwen mentioned that based on this supply chain, JD.com can use digital intelligence technology to connect and optimize all aspects of social production, circulation and service to achieve cost reduction and efficiency. Focusing on the "commodity supply chain + logistics supply chain", JD.com continues to integrate and innovate its core competitive technologies in the field of retail and logistics, and gradually forms the three major technical capabilities behind the supply chain infrastructure, namely smart supplies based on big data, smart logistics-based operations (SmartLogistics), and smart consumptions based on people's yards.
3. SF Group: A digital supply chain company established with eight supply chain companies in Shenzhen
In April 2018, SF and Oriental Jiasheng Supply Chain Co., Ltd., Pegasus International Supply Chain Co., Ltd., South China City Investment Co., Ltd., Yiyatong Supply Chain Co., Ltd. and other eight local companies in Shenzhen invested in the establishment of a big data operation platform. The joint venture company will be committed to building the most influential supply chain big data platform in China, promoting the establishment of an efficient and collaborative modern supply chain system through scientific and technological innovations such as big data and artificial intelligence, and creating an innovative smart supply chain.
(SF founder Wang Wei and Tencent founder Ma Huateng)
1. System: Accelerate the construction of a national digital supply chain risk emergency response mechanism
Strengthen the coordination of multiple departments such as the Cyberspace Administration of China, the National Development and Reform Commission, the Ministry of Industry and Information Technology, the Ministry of Public Security, the Ministry of Commerce, the Ministry of Transport, the Ministry of Foreign Affairs, and the Ministry of National Defense, build a collaborative governance mechanism for digital supply chain security, and safeguard the security of digital territory. The "14th Five-Year Plan for the Development of the Digital Economy" mentions that it is necessary to improve the early warning and notification mechanism for network security emergency incidents, and improve the network security situation awareness, threat discovery, emergency command, coordinated disposal and attack traceability capabilities.
Improve network security emergency response capabilities, strengthen network security protection capabilities for critical information infrastructure in important industries such as finance and transportation, support the development of normalized security risk assessments, and strengthen network security level protection and password application security assessments.
2. Law: Improve the Data Security Law And formulate the Supply Chain Security Law
To further improve the Data Security Law, and at the same time accelerate the formulation of the Supply Chain Security Law based on the development of digital suppliers, we should fully draw on the research that has been carried out in the field of supply chain security at home and abroad, such as the "ICT Supply Chain Risk Management Standard" and "Commercial Information Technology Software and Firmware Review Project" (VET) promulgated by the United States, and formulate relevant standards for improving the supply chain security of critical information infrastructure.
3. Technology: Add a safe and autonomous digital hardware and software service system
From the perspective of digital hardware, to strengthen the promotion and application of independent technical equipment, it is necessary to replace and restrict the underlying devices such as IBM, Amazon, Dell, Microsoft, Cisco, Google, and Apple in the fields of government and state-owned enterprises, and strengthen the security of digital supply chain enterprises.
From digital software vendors, accelerate breakthroughs in core key technologies, form a large number of core general foundations and industry software reserves as soon as possible, continuously improve the software supply chain security ecosystem of key industries, and actively and effectively respond to key information infrastructure software supply chain security risks.
(Author: Lu Yu Hu Xueqin)
Typography: Xiaolan