Close this search box.

Blockchain and AI for supply chain security


Supply chain cyberattacks that cripple software and vital operations are among the most destructive strategies cybercriminals use today. And as cyberattacks grow ever more sophisticated so companies must leverage ever-more-powerful technology to protect their supply chains. Blockchain and artificial intelligence technologies offer the power and scope required to protect today’s increasingly complex supply chains, where trust in data and transactions is essential to facilitate secure operation and commerce.

The vulnerability of supply chains is highlighted by New BlackBerry research that revealed eight out of ten IT decision-makers had been notified of an attack or vulnerability in their supply chain in the past 12 months. Over three-quarters said they discovered previously unknown participants within their software supply chain, entities they had not been monitoring for adherence to critical security standards.

Failure of supply chain oversight is highlighted by data that shows more than three in four IT decision-makers surveyed lack a holistic view of their security posture, an issue bought into focus by the UK government’s Cyber Security Breaches Survey 2022 that found only one in ten UK businesses review risks posed by their immediate suppliers and only seven per cent risk-assess their wider supply chain.

“In the current heightened threat landscape, a prevention-first approach to all attacks, regardless of their origin, is vital,” Keiron Holyome, VP of UKI and emerging markets at BlackBerry, says. “Companies that have suffered a supply chain cyberattack report significant operational disruption, data loss and reputational damage, with 90 per cent of organisations taking up to a month to recover.”

Identifying supply chain vulnerabilities

Securing a supply chain against cyber criminals requires knowing what elements in your system have the potential to be attacked, how it could happen and why. From a strategic point of view, ongoing vulnerabilities are caused by a lack of uniform security implementation, inconsistent implementation of adequate security by suppliers and reliance on self-attestation. Operational security vulnerabilities are caused by dependence on outdated paper-based systems, human interaction and legacy IT systems, while data security vulnerabilities are exposed by the multiple points of contact, communication and transactions involved in a supply chain.

“Many companies today are still using traditional and limited technology solutions that rely heavily on human knowledge and have too many manual steps and manual decision touch points to be able to protect their supply chains fully,” Holyome says. “Given process complexity, global reach of supply chain networks and the sheer number of chain nodes and links, companies must leverage advanced tech solutions to improve their ability to protect supply chains.” 

Securing the multiple disparate stages, points of contact, transactions and processes in a supply chain requires an over-arching solution that can operate at the core and encompass and protect all the critical processes involved. Blockchain and artificial intelligence can deliver the secure scope needed to achieve this.

Reducing cybersecurity risk with Blockchain security

Blockchain can protect a range of supply chain risks, from the security of physical assets and transport to IT and automation systems, financial transactions, and data flows throughout the whole chain, according to Sean Elliott, executive vice president & CTO at Körber Business Area Supply Chain. “Blockchain addresses the evolving threat landscape by preventing malware, ransomware and data breach attacks, financial fraud, and counterfeit or unlicensed goods getting into the supply chain,” he adds. “In addition, it creates trust and security that is essential to commerce.”

Blockchain can reduce cybersecurity risks intrinsic to supply chains by creating an auditable, immutable, unchangeable history of transactions that can be tied to a verifiable trusted identity. It is based on distributed ledger technology, a high-end security domain that only enables data to be recorded and distributed, not copied, making it difficult to change or hack a system. Blockchain data structures are secure because they are based on consensus, cryptography and decentralisation principles. Each new block of information connects to all the previous blocks in a way that is virtually impossible to tamper with.

There are three types of blockchain: public blockchain, a permissionless network where anyone can participate without restrictions; a permissioned or private blockchain and a federated or consortium blockchain.

Blockchain-based supply chain networks mostly require a closed private, and permissioned blockchain with four key elements: registrars, standard organisations, certifiers, and actors. Registrars provide network participants with distinct trusted identities; standard organisations establish rules, technical specifications or standards such as Fairtrade for environmentally friendly supply chains; certifiers that certify individuals for involvement in the supply chain, and actors – participants such as producers, sellers and buyers – that must be certified to retain the system’s credibility.

In a private and permissioned blockchain network, users must be validated by the network’s central administrator. The network limits who can participate and the types of transactions they can initiate and typically use a proof-of-authority security approach. Blockchain supply chain platforms help tokenise supply chain assets by dividing them into shares digitally representing ownership. Once a transaction is made, it is sent to the business’s blockchain wallet account, and no unapproved withdrawals can be possible.

Integrating blockchain with an AI solution can create a dual cloak of security to provide granular transparency of trusted data supported by intelligent insights and data-driven analysis.

The benefits of artificial intelligence

Artificial intelligence solutions monitor vast amounts of data from multiple endpoints to identify abnormal behaviour and detect malicious activity such as a new zero-day attack – the use of a zero-day exploit to cause damage to or steal data from a system affected by a vulnerability.  In addition, AI intrusion detection systems protect against malicious traffic that enters a network.

AI can also analyse and predict physical security risks; to identify unsafe sourcing, transport routes and human behaviours to avoid theft and hijacking. AI also analyses data from video surveillance cameras to recognise humans, vehicles, objects, and events.

“AI and machine-learning predictive analysis of supply chain data can identify trends and patterns, make predictions on future supply chain vulnerabilities and performance and detect areas for improvement,” Elliot explains. “By monitoring real-time supply chain data from IoT devices, AI can predict potential disruptions and provide valuable insights to optimise security.”

A single source of truth

Blockchain and AI solutions create a powerful wall of security based on a simple word that fuels all business: trust. In today’s complex operating and commercial environment, digital trust based on a single source of truth is paramount.

“AI-powered solutions can deliver transparency by securing vulnerabilities caused by privileged pipelines, protecting software artefacts, binaries and libraries,” Elliot says. “Images and files can be analysed for hidden threats or malicious content against a single source of truth. Internal repositories can be scanned for hardcoded secrets; API keys detected and verified; least privilege access to outside collaborators or inactive contributors can be enforced with vulnerabilities isolated quickly to minimise the attack surface.”

AI can automate various security processes, from basics, such as patch management and ensuring up-to-date regulatory compliance standards, to identifying vulnerabilities in open-source third-party software components and dependencies. As a result, technical debt can be tracked and eliminated, and licensing risks avoided.

Transparency is critical to security

End-to-end visibility of a supply chain is vital in securing the multiplicity of physical and data-driven assets and processes involved. However, as highlighted at the outset, many organisations lack oversight, creating multiple security vulnerabilities that criminals too easily exploit.

AI secures data and IT systems by providing granular visibility and insight into each process and micro-movement. With machine learning, AI ‘learns’ which data is relevant to each process, operation or security trigger point and remembers it for ongoing and future use. An AI platform can ‘read’ data in any format and language and then input it into an integrated blockchain network to create a single source of truth to deliver greater oversight and governance. 

Transparency is also vital in securing a supply chain against fraud and corruption. “Supply chain procurement requires high levels of security and visibility,” Jack Macfarlane, CEO at DeepStream, explains. “This begins with the Request for Proposal process, which involves intensive communication between businesses and suppliers. Unfortunately, the current framework of exchanging emails and attachments is highly inefficient, opaque and provides close to zero oversight from a security perspective. This leads to high compliance and governance risks, making it difficult to monitor corruption risks. AI can be used to identify patterns in communication that present compliance red flags in supplier tendering activity.”

Blockchain and AI offer massive potential in the security and efficiency of supply chains, and major organisations have been quick to adopt and reap the benefits. However, while the need for such robust security is widespread, it will take years for the wider industry to embrace these technologies fully. “We’re in an early-adopter and educational stage with increasing numbers of companies seeing the benefits and wanting to learn about blockchain and AI solutions,” Elliot concludes. “Security is a core driver of adoption with the added bonus that, once integrated into a supply chain, they operate with very little human intervention – the key objective of digital transformation.”

CTS The industrialisation of IT
CTS - Industrialisation of IT
Related Posts
CTS The industrialisation of IT
Others have also viewed

UK businesses see boosting connectivity as integral to growth

Study reveals a great opportunity for alternative network providers (AltNets) to meet growing demand for ...

Systemair look to Infor’s cloud solution to deliver more sustainable products

Systemair is moving its core business system to Infor CloudSuite Manufacturing, aiming at smoother integration ...
Supply chain

Will technology save the supply chain?

It is no surprise that events in recent years have led to supply chain shortages ...

Generative AI at work: Creating a transparent company culture

The power of generative AI has risen to prominence in the past year. Even for ...