In this blog, a Fivecast Tradecraft Advisor discusses how the complexity of supply chains in critical infrastructure have made them a high-priority target for threat actors, and how open-source intelligence can play a significant part in protecting organisations from supply chain risks.
Our modern infrastructure, industries and way of life depend heavily on complex and interconnected global supply chains. They facilitate our access to resources, manufactured products, and services to quickly deliver these to consumers all over the world. However, as we saw in the COVID-19 pandemic, these intricate networks are vulnerable to shocks that quickly spread if not anticipated or prepared for. These risks are exacerbated by dependence on new technology and increasingly complex geopolitical and criminal environments. Critical infrastructure is a high-priority target for modern-day threat actors.
A successful attack or disruption can have a disproportionate impact on the dependent population. In the case of ransom or extortion, it increases the temptation to pay. In the case of outright harm and destroyed capability, the impact is often high and cascades through other sectors.
To learn more about how you can mitigate insider threats and meet the requirements of the new Australian Government SOCI CIRMP Rules 2023, read our solution brief with Providence Consulting.
Threat actors can use technological means to probe for weaknesses, identify vulnerable people and deploy or support various attacks on an organisation or facilities. That is why governments and industries across the globe are stepping up measures to ensure critical infrastructure is protected. But this technological impact cuts both ways. Now organisations can use new tools and sources to become more resilient in a hazardous world. In this blog, we will detail how the ability to use OSINT in an effective way is essential to owners/operators of critical infrastructure.
Identifying threats to critical infrastructure
Open-Source Intelligence (OSINT) is the collection, analysis and reporting of publicly available information from sources such as social media, news media and online forums. By using OSINT, organisations can quickly and cost-effectively, identify threats to their supply chains from direct and indirect sources. This could include civil unrest, natural disasters, political instability, or reputational risk that can change business relationships overnight. As well as seeking out broader threats, analysts can check for ones specific to certain locations, facilities or critical personnel. For example, an issue-motivated group may not hold any grievance against a particular business, but by targeting suppliers or logistics hubs for unrelated reasons, can still indirectly harm that enterprise.
For example, ports and transport infrastructure have been disrupted by mass movements, political crises and even cyber-attacks. The impact of these incidents moves quickly. An incident doesn’t have to be in your organisation’s city, state or even country to impact you.
By identifying and preparing for these supply chain threats, organisations can prepare for or mitigate risk. With OSINT, the analyst can also draw on supporting resources. This is because the online environment is full of allies as well as enemies – individuals and groups providing information to counter threats or raise awareness of risk. By ensuring OSINT collection includes a diverse range of sources, intelligence teams can leverage the good work being done by others to benefit their organisation.
Due diligence across complex supply chains
OSINT also presents opportunities for ensuring present or future partners or suppliers are not bringing any undue risk to your organisation by providing an additional layer of due diligence when assessing your business relationships and partners. It is an opportunity to identify undisclosed and/or inappropriate connections, previous controversies or relationships that may cause a conflict of interest. For ongoing relationships, OSINT allows continual monitoring of partnerships to identify negative customer sentiment or allegations of impropriety. With an early warning of a potential problem, analysts are building resilience into an organisation and allowing for the preparation of plans to counter and pivot when a situation turns critical.
Using OSINT to Protect Supply Chains
Supply chain complexity has delivered enormous benefits. However, it presents new risks. As such, OSINT should be a top priority for organisations building resilience into their supply chains. It is a resource that can be overlooked for its volume – there is too much for a human to meaningfully analyse. But by using a tool like Fivecast ONYX, organisations have a powerful, automated ability to search and analyse open-source information at scale.
This allows organisations to conduct due diligence and monitor threat groups or incidents that may impact them. Organisations can learn from the online communities working to help people mitigate their risks or raise awareness of developing situations. By leveraging powerful AI and analytics, we can help organisations deal with these hugely complex challenges in a more efficient way. The environment is challenging, but organisations have never had so much public information available. Properly harnessed, that will help protect your business directly, and the supply chains you depend on.
