By Dennis Maida, Jr., Intelligence Manager

At Hetherington Group, we are the force multiplier often required by a Global Security Operations Center (GSOC), Executive Protection Team, or physical security entity to create a defense-in-depth strategy for safeguarding lives, property, and reputation. The ability to do so in a collaborative mannerwith our intelligence professionals serving as the early warning beacon at the outer perimeterhas proven successful time and time again.

Thinking strategically to aid our clients in anticipating and effectively mitigating areas of risk is our charge. As we enter into 2022, we step up to the front line of risk and assess the threat landscape for 2022. In doing so, it quickly becomes apparent that the majority of issues cuts across all business sectors. Whether in the financial, manufacturing, healthcare, or arts and entertainment sectors, we can see the potential impact is formidable even if the who, what, how, and why remain somewhat covert.  

In this 5-part blog series, I review the four most significant threat and risk concerns in the next 6-12 months: U.S. midterm electionsthe Great Resignation; supply chainand COVID-19. Each one is unique, yet there is a connection between them. Check-in with me weekly, as I identify their common threads while digging into each area’s unique risks and challenges.

Intelligence Risks in 2022: The Supply Chain

Two years into the COVID–19 pandemic, the devastating loss of life continues. It has shattered families, exhausted the global health care system, and changed the structure of the workforce while temporarily bringing global trade to a near standstill. Lasting implications are felt today and will continue well into the future. The confluence of these factors has led to shortages of workers and materials, contributed to inflation, and sent costs of goods much higher at a rate faster than anticipated.

Such shortages have not been seen before. The Economist reported at the beginning of the year, “A chip crunch knocked nearly 10m units, or more than 10%, off annual car production in 2021 as firms slashed orders at the start of the pandemic and were pushed to the back of the queue when demand rebounded.” If not enough to put a strain on the economy of the United States, in October 2021, Bloomberg Law reported logistic companies were becoming increasingly concerned U.S. vaccine mandates would intensify and expand the supply chain backlog. Those organizations representing the logistic companies warned, “substantial numbers of their employees are unvaccinated, and may quit or be let go at the height of the holiday season. The supply chain is already suffering as a shortage of workers, backlogged ports, and other challenges slow the movement of goods.”

Fast forward to the winter of 2022, and we watched the frustrations of both government and its citizens clash at the U.S./Canada border. Protesting vaccine mandates, the blockade of key points of entry into the U.S. had American automakers trimming shifts and pausing certain operations in both Michigan and Canadian plants. The ongoing protests in Canada once again remind us of how trucking disruptions in one country can send repercussions through the supply chain as was seen in trucking blockades in France (1996) Spain (2008) and Brazil (2018)

As the global supply chain became more complex, the ability to control security practices was reduced. COVID-19 exposed and amplified a multitude of vulnerabilities to the global supply chain for mostly every industry (just go to your supermarket, restaurant, brick/mortar, and even online store) and has made it “boardroom-relevant.” It has also created an environment where extremists and conspiracy theorists can easily export their ideologies to a welcoming audience eager to consume and support their agenda.

What are the Threats to the Supply Chain?

From board rooms to the local merchant, it is apparent—now more than ever—that the ability to identify, understand, and mitigate threats while also knowing where they fit in that chain is imperative to success.

  • Economic Threats: The coronavirus pandemic brought unforeseen and devastating economic impacts to the supply chain by shuttering the labor force of manufacturing plants, leading to food, electronics, and even furniture shortages, to name a few. The follow-on impact to economies comes in the form of pricing instability, higher labor costs, and inflationary pressures negatively influencing the ability to strategize foreign market investment.
  • Insider Threat: Disgruntled or former employees and those under foreign control could use their access to sabotage networks or steal data or worse—access physical locations to cause physical harm to employees. In 2018, the National Insider Threat Center at the Software Engineering Institute at Carnegie Mellon University found over 15% of insider threat events were “perpetrated by someone in the victim organization’s supply chain.”
  • Geopolitical: The geopolitical climate today remains unstable. Challenges to nations’ sovereignties, unpredictable regimes, and the fallout from Brexit continue to impact labor markets, slow growth, and add new stressors to border crossings. China’s moves on Hong Kong—stripping the city of its autonomy, enacting a national security law, and maintaining strict “zero-Covid” policies—are causing western businesses to leave. That in addition to China’s continued pressures on Taiwan will only expand and amplify the negative impacts on corporate supply chains in Asian markets. Furthermore, strategic self-sufficiency is acted out through the threat, and enacting, of tariff trade barriers. In his State of the Union Address February 28, President Joe Biden announced that the U.S. would ban Russian flights from its airspace, a move already adopted by the European Union and Canada.  Reuters reports that it will impact approximately 1/5 of all air freight traffic–impacting supply chains already hobbled by the pandemic.
  • Foreign Influence: Conducting business globally brings with it a plethora of supply chain issues including a foreign government’s intrusiveness into its data, information, and, at times, intellectual property. Giving a foreign power access to sensitive business information could hamper any ability to meet customer needs or operate within that nation’s borders.
  • Environmental: In April 2021, U.S. Secretary of Defense Lloyd Austin called climate change “an existential threat.” Longer rainy seasons, warmer winters, and drier summers all impact global supply chains—disrupting the sourcing of raw materials and food. More intense rain leads to more flooding, thus impacting transportation such as trucking or aviation. Product availability becomes more volatile, leading to higher prices which in turn impact local and global economies.

OSINT, Awareness Monitoring and the Supply Chain

Open Source Intelligence (OSINT) provides decision makers oversight across complex supply chains and serves as a means to monitor for strategic, operational, and situational supply chain threats in an effort to mitigate problems before they happens. Those threats, as noted above, are centered on breakdowns at any or all parts of the chain—be it financial, business competition, or natural disasters. Should a disruption arise, globally situated consumers and organizations will bear the brunt of it.

The global supply chain is deeply intertwined in most nations’ national or public safety, including that of the United States.

The global supply chain is deeply intertwined in most nations’ national or public safety, including that of the United States. Look at the supply chain just for the COVID-19 vaccines. Distribution delays can have life impacting consequences: outbreaks cannot be contained, death rates rise, and conspiracy theories can take a foothold—making it much more difficult for government and healthcare workers to battle the disease. Furthermore, the theft of intellectual property or the manipulation of data by a nation-state could cause massive delays in the delivery of vaccines and escalate geopolitical tensions.

How Open Source Data Can Support Supply Chain Risk Intelligence:

  • Reveal publicly-disclosed and deep web plots to assemble and obstruct operations near or at supply chain locations.
  • Identify the who, what, where, and when through the tracking of counterfeit or stolen vaccines and the associated packaging.
  • Offer ClearView ongoing, real-time data that forewarn of supply chain security risks such as civil unrest, weather-related transportation disruptions, or international hijacking schemes.

Case Study: Operation Vax

In 2020, Operation Vax (OPVAX) helped to ensure the safe and secure transportation, storage, and distribution of the Pfizer, Moderna, AstraZeneca, and Johnson & Johnson vaccines in the United States and abroad. OPVAX, a collaboration between Hetherington Group and the Healthcare Distribution Alliance coordinated efforts to unite 75+ industry leaders and public agencies.

During the early stage of the campaign, it was clear that most conventional supply chain protocols would not be sufficient. Those practices were stymied in a reactive posture, not considering the fluid movement of the situation. It was apparent that open source data—and the skills required to observe, orient, decide, and act in order to provide indications and warnings—worked in a proactive manner.

Risk intelligence and Awareness Monitoring is the first line tool to meet supply chain challenges. In sifting through millions of pieces of content from newspapers to the internet, social media, government and private sector channels, and risk intelligence tools, OSINT analysts can spot shifts in a company or program’s risk profile. Over the course of OPVAX, analysts collected over 105,000 open and dark web sources reporting on potential threats to the rollout of the COVID-19 vaccine. From there, analysts triaged 45,000 of those reports for further analysis—resulting in perpetual risk and vulnerability notifications to the OPVAX team.

From where I sit, the upside to employing a robust risk intelligence program is palpable. Providing organizational leadership with the oversight and tools to make effective strategic decisions is a must. Stay connected with me and Hg Insights for the next report on Intelligence Risk in 2022.

Mr. Maida joined Hetherington Group in 2021 as Manager of Intelligence. In this senior leadership role, Mr. Maida is responsible for the development of Hg’s Intelligence Center and day-to-day operations for risk monitoring, threat intelligence, and business and cyber support. He is tasked with fostering the growth of Hg’s Intelligence Center and maturing Hg’s Risk Intelligence program directly related to the security and welfare of clients. Prior to joining Hg, Mr. Maida served from 2016-2021 as Principal Lead of Strategic Cyber Intelligence at the Bank of New York Mellon, where he mitigated exposure to cyber vulnerabilities and drove strategic and geopolitical cyber threat intelligence initiatives.