The column – Cyber Security Week
The story we tell ourselves is a half truth: the weak point is always the supplier. Then comes an accident like that of Jaguar Land Rover And let’s find out the other half: when the center falls, the rays are first collapsed. At the beginning of September, a Cyber attack prompted Jlr to voluntarily turn off nets and systems, stopping lines in the UK and around the world; Not only production, but also sales and after-sales have had to arrange themselves with manual relief. The diagnosis has stretched over the first 48 hours, with the admission of a possible data exposure and a non -banal daily account (millions of euros); In the meantime, the stop was starting to hit those who were downstream.
The point, here, is not the cinematography of the attack, but the direction of the damage: the wave starts from the center and widens. While we repeat that “the supplier is the weak link”, here is the denial of practical: the chief-fond, which has become the digital brain of orders, distinct basic, logistics and quality, if it goes off the metabolism of the supply chain. We are not talking about some delay on the Bisarche: for some factories the stop has lasted, the dealers stopped selling and in the pyramid of suppliers (Often SMEs dependent in a critical way by a single customer) have already seen staff cuts, with the shadow of more numerous layoffs if the pause was prolonged. The genius of evil is not needed: interdependence is enough.
It is the ecosystem, not morality. We transformed the supply chain into a Supply cloud: Suppliers portals, forecast in real time, automated planning, transparent systems compared to each other. Efficiency grows, but the strength of gravity also grows: the more mass concentrated in the hub, the stronger attraction on the rest. The resilience of the whole not a sum of the forces: it is a multiplication and if we put one zero the result will be … zero. And if the hub concentrates the commands, continuity does not depend on its strength in sunshine time, but on its ability to fall well: isolate without paralyzing, degrades the services instead of turning them off, continue to speak with partners on emergency channels when the main infrastructure is on the ground.
The JLR case also shows a second level: when the center stops, the risk becomes macroeconomic. Only digital flows are not freezed, salaries, shifts, future orders are freezed. This is why, while the damage is counted (daily estimates and overall uprights), requests for public supports emerge to prevent the pause of the Hub breaks the most fragile rings; Unions and institutional representatives explicitly speak of layoffs and protection of the most exposed employees. It can be discussed in principle, but the substance remains: the manufacturer’s cyber-crisi translates into valley crisis downstream, and the case does not live as slide.
Then there is irony: for years we asked (rightly) to the policy, mfa, patch suppliers, plans of continuity. But if those who assign orders falls and publish the forecasts, the meter with whom we judge “the maturity” of others also falls. The fact that does not fulfill anyone, on the contrary, moves the focus on what is often lacking: redundancy of relationship. Not “another password”, but another road: emergency channels for minimum vital orders, paper mode for the distinct, operating windows that do not turn off the oxygen to the spare parts, sections of emergency contacts outside the portal. If integration is a wedding, the separation of goods must also be predicted: when one of the two leaves, the other must be able to eat.
The lesson is not “to return to the analogue”: it is to accept that the integration must be designed to fail grace. An economic grammar of resilience is also needed: those who have concentration power (hub) also have risk distribution duties. It is not enough to demand certifications downstream; It is necessary to invest in those who keep you alive when automation goes out. Otherwise the difference between “value chain” and “chain” only remains the preposition.
As a backlight, the news on JLR is less “isolated” and more postcard from the near future: Supply Cloud everywhere, with the promise of zero friction and the obligation, no longer postponable, to design “useful” frictions for when it rains strong. Because in the economy of dense nets the catastrophe is not to make mistakes, but to make a mistake that is “smooth as oil”. We leave the misunderstanding that the weak ring is “the other”: we are all and at the same time.
