Diversity needs to go further than just HR. It needs to extend to our supply chains.

Me

COVID has brought out the worst in many areas. Its shown us how fragile supply chains for critical items like food and medicine are. In this case, a great many prescription and non-prescription medications are made either wholly or necessary compounds to create them are only made in a single location, often China.

Since we are talking about COVID, lets focus on acetaminophen aka generic Tylenol or as its known in the EU paracetamol. Two thirds of the world’s supply of this critical mediation all come from China. Most of the remaining third come from India, which is facing its own COVID related challenges these days.

We all saw and felt the outrage when China ordered supply ships that were already en-route with purchased goods to return to port. We also saw the outrage when the USA did exactly the same thing to Canada with the N95 masks. But what does all this have to do with publicly traded companies?

Well, this. Because our market drivers (e.g. stock price, EPS, etc.) all force companies to focus on next quarter’s profit, nothing can be diverted to long term planning and focus. Very little, if anything, gets devoted to anything that extends into the future more than a quarter or two. This has implications for R&D but, as COVID is showing us, it also has implications for supply chain. Too many companies, chasing savings, have outsourced far too many critical items to what are often end up a single mega-factories located on the other side of the planet. Setting aside any concerns about climate change due to this practice, it has other implications, particularly when your global counterparts in it ‘for the long game’, playing to win over years or even decades.

Then comes something like COVID and you end up with a basic medication, a critical fever reducer in short supply. Would companies, and consumers, be better offing, charging and paying a few cents more for that package of paracetamol/acetaminophen to guarantee that there are multiple factories around the globe, including here at home (where ever home may be), making it?

It might not have the economies of scope and scale that the mega-factories yield, but it would yield a far more robust supply chain where a smaller factory in an alternate location could, in an emergency, be scaled up to produce whatever is needed. Look at what happened with General Motors being tasked to convert one of its production facilities to produce enough respirators to essentially flood the world with a critical piece of hardware and others being tasked to redirect production to masks, gloves, gowns, and other PPE.

I think that the 690,000 people in the USA who have some degree of renal failure and can no longer get their medication because its only made in Wuhan, China would say yes. I would prefer that the rest of us continue to push for supply chain diversity. Between the volcanoes, earth quakes, fires, floods, the Saharan Dust Storm, terrorists, and all other things the world can throw at us, I think we, as consumers, should demand this for the safety of our families and the welfare of the societies we live in, where ever that may be.

I realize that this might seem at odds with supply chain hacking, where the natural response is to limit the number of vendors and vet them (and their security practices) thoroughly, but I am calling on my fellow security practitioners to up their game. We are uniquely positioned to start talking to management, not just about IT Resiliency and IT Disaster Recover and IT Business Continuity but take a holistic view of the business for Resiliency, Disaster Recovery and Business Continuity.

As security practitioners, we know how to probe for weak points and how to find single points of failure. We know how to stress test things and we have the paradigms to predict problems. We just need to start applying those skills to other areas of the business. Start talking to the business units about their supply chains. Start talking about diversity not just in HR terms but in terms of sourcing and supply and customer base. These won’t be easy discussions but I believe that they will be critical to the long term health of any business.