AbstractThe global supply chain is a complex system of systems made up of and relying on other complex systems of systems (SoS) to achieve its goals. To take a typical example, Enterprise A is supplied essential parts on a regular basis to manufacture its products. To place the order requires global financial systems, integrated email systems, the internet, multiple telecommunications systems, and supply software provided by large companies. To deliver the parts may require air and maritime transportation systems, the rail network, interstate highway systems, road haulage companies, state and local transportation systems and so forth. When any of these complex systems fail, the impact can be global, and the results catastrophic. Recent examples include the shortage of Personal Protective Equipment (PPE) during the COVID pandemic, computer chip shortages delaying the assembly and sales of cars, and, most recently, the baby formula shortage. These were due to disruptions in the supply chain caused by an overreliance on single sourced suppliers who failed to deliver, transportation disruptions, outsourcing of critical parts, supplies, medicines to distant countries, and/or an overreliance on “Just In Time” for inventory management. This is the case of placing too many eggs in too few baskets, and often just one basket. Counterfeit or substandard parts and products can enter the supply chain via graft, breaks in chain of custody, or carelessness. This has included critical mechanical parts on aircraft, chips containing spyware, and substandard or out of date medicines substituted for the real thing resulting in serious illness and death. This complex SoS needs to be examined, studied, and understood in the same way as a mission critical system; threats, vulnerabilities, and risks need to be identified and mitigated and assurance cases defined to ensure a solid and reliable supply chain. This paper will look at the supply chain of an example factory system to determine how some of these problems can be predicted, prevented, mitigated, and solved using the UAF, RAAML and assurance case techniques.
Read full abstract