Network Disruption Analysis

As the perhaps overly long title implies, A Review of Current Practice in Network Disruption Analysis and an Assessment of the Ability to Account for Isolating Links in Transportation Networks presents a comprehensive review of the scholarly literature related to the field of network-disruption analysis. James Sullivan, Lisa Aultmann-Hall and David Novak show that while a number of methods have attempted to deal with the problem of isolating links in different ways, but none has been ubiquitously successful. To develop a comprehensive and useful measure of transportation network robustness it is thus important to successfully address the issue of isolating network links.

Comprehensive

The review in this paper is indeed comprehensive and after reviewing close to 40 papers they design a tree diagram of the various methods or approaches for transport network disruption analysis that are employed in the papers. I know many of these papers, some have even been reviewed on this blog, but there is quite a number that are unknown to me. Persumably those are highly quantitatative papers, as I tend to shy away from those. A bit on the side perhaps, but I am slightly surprised that they did not mention Bell and Iida’s book on Transportation Network Analysis, which does have a chapter on network reliability.

Anyway, they also included one of my papers on the subject, a seminar paper I wrote in 2006 on Transport Network Vulnerability – Which terminology and metrics should we use? and according to the authors, I fit into the “Business as usual” box, which is right, I guess.

Not only does the paper categorize the various approaches, it also highlights the potential shortcomings of each method, compared to the other methods.

Vulnerability, Reliability and Robustness

Before designing the tree map the authors initially categorize the papers as falling into three main categories:

• minimizing a network’s vulnerability, or its potential for large-scale failure due to relatively minor disruptions
• maximising a network’s robustness, or its capability of adapting to or recovering from disruption
• maximizing a network’s reliability or its resistance to disruption

I think this is a very interesting division that can be used in many settings, not just for transport network analysis. Suddenly, the difference between vulnerability, reliability and robustness is very clear to me.

Vulnerability versus suscpetibility

Another interesting take-away from this paper is that the authors make a clear distinction between vulnerability and susceptibility:

Vulnerability in a network typically refers to the degree of inability of a system to function due to the effects of disruption, whereas susceptibility refers to the link-specific measure of the likelihood of link failure due to a disruptive event.

Essentially, links that are well-protected are not susceptible to failure, while links that are critical to a network make the entire network vulnerable.

Isolating links

The authors contend that one important consideration for disruption analysis is the presence of isolating links or isolated sub-networks. An isolating link is one that is the sole connection for a subset of the network to the rest of the network:

Isolating links are very important,  because

The presence and number of isolating links has a major impact on the robustness of transportation networks; as adoes the connectivity of the network. A useful measure of network robustness must account for connectivity, the presence of isolating links, demand and capacity. In addition, the measure must address these various issues in such a way that no single factor unduly dominates the final output value.

In other words, measuring the impact of transport network disruptions is not an easy and straightforward task.

Conclusion

This is an excellent paper that summarizes and categorizes most of the current literature on transport network disruption, and presents a framework that enables a more holistic understanding of the field of network disruption analysis.

In line with the authors’ conclusion, I too think that the paper is of particular value when considering global transport systems that consist of numerous interconnected networks of vastly different shapes and scale and where the presence of isolating links is a major challenge that needs to be adressed.

Reference

Sullivan, J., Aultman-Hall, L., & Novak, D. (2009). A review of current practice in network disruption analysis and an assessment of the ability to account for isolating links in transportation networks Transportation Letters: The International Journal of Transportation Research, 1 (4), 271-280 DOI: 10.3328/TL.2009.01.04.271-280

Author links

• uvm.edu: James L Sullivan
• linkedin.com: Lisa Aultmann-Hall
• linkedin.com: David C Novak

Related links

• uvm.edu: James Sullivan’s MS thesis

Related posts

• husdal.com: Bad location equals bad logistics?

Transport planning in times of hardship

The Association for European Transport has been responsible for the organisation of the Conference, which has been held annually since 1973, and for those involved in transport planning, research and practice, 2012 will prove to be yet another challenge to their skills, namely budget constraints. “Transport issues in times of financial hardship” is perhaps a good description of this year’s overarching conference theme.

Conference topics

The Association is keen that the papers presented at the Conference address themes of current relevance to the transport policy agenda in Europe and worldwide, and this year’s list of topics is no exception to that rule:

• Low emission vehicles – providing infrastructure and achieving higher levels of usage
• Issues in the challenge of the movement of goods and people across long distances
• Changes in travel behaviour and demand patterns during changing economic times
• Climate change and extreme weather conditions – lessons to be learned and how to plan for an uncertain future
• How to minimize social exclusion in times of economic hardship
• The response of transport planning to the rise of social media
• Bus Rapid Transit and Personal Rapid Transit – the future of public transport?
• New approaches and applications in modelling
• City logistics – what difference does e-shopping make?
• How can reduced transport infrastructure funding provide an opportunity to shift attention to lower-cost but more environmentally friendly projects?
• Challenges faced in providing for leisure and tourism in an economic downturn
• Achieving the goals of the Decade of Action for Road Safety

Offers of papers on other topics will also be accommodated and authors should not feel constrained by this list.

Submission of abstracts

The deadline for submitting abstracts is 12 February 2012 and abstracts 250 to 750 words long are to be submitted  via the AET website. The full written paper is due by 7 September 2012, which gives you plenty of time to write a paper if the research is still in progress or nearing completion. That is one reason why I like submitting papers to the ETC; it does not yet have to be a finished paper.

The ETC and I

I should add that yours truly has been a reviewer of abstracts submitted to the ETC since 2005, and while I haven’t had the chance to attend the ETC in recent years, being a ETC programme committee member has kept me abreast of much of the transport research that is going on in Europe at the moment. Considering the career change that I mentioned in an earlier post there will probably be a lot more mentioning of transport conferences than supply chain conferences on this blog in the future. This posts may in fact serve as a marker signifying the switch, as my new job is only two weeks away now.

More information

• etcproceedings.org: ETC 2012 conference website

Related posts

• husdal.com: Reliability and vulnerability versus costs and benefits

Risk centers and connectors

This year’s risk map is rather different from the map presented in 2011. Last year, the map was presented in a likelihood-impact risk matrix fashion, and not that easy to read, since there were simply too many risks and too many connections. Economic disparity and global governance failures were at the center, with other risk scattered around:

This year the map has changed. Based on a survey of 469 experts and industry leaders, the report identifies 5 centers of gravity (top 5 risks), and 4 critical connectors, hence the diamond shape of the diagram:

To me, this makes the report and its conclusion much easier to understand.

A new methodology

The seventh edition of the Global Risks report is based on a revamped methodology combining surveys, workshops and interviews that engage various stakeholders of the World Economic Forum. The starting point is a set of 50 global risks – which are defined as having global geographic scope, cross-industry relevance, uncertainty as to how and when they may occur, and high levels of economic and/or social impact requiring a multi-stakeholder approach to response. They are divided into five categories: economic, environmental, geopolitical, societal and technological risks. In each category there is a center of gravity and four connectors between the category, with additional weak signals at the outer edge.

Centers of gravity

- Chronic fiscal imbalances (economic)
- Greenhouse gas emissions (environmental)
- Global governance failure (geopolitical)
- Unsustainable population growth (societal)
- Critical systems failure (technological)

Connectors

- Severe income disparity (economic)
- Major systemic financial failure (economic)
- Unforeseen negative consequences of regulation (economic)
- Extreme volatility in energy and agriculture prices (economic)

Weak signals

- Vulnerability to geomagnetic storms (environmental)
- Proliferation of orbital debris (technological)
- Unintended consequences of nanotechnology (technological)
- Ineffective drug policies (societal)
- Militarization of space (geopolitical)

Three constellations of risks

Three distinct constellations of risks that present a very serious threat to our future prosperity and security emerged from this year’s set of risks:

- The seeds of dystopia

Dystopia, the opposite of a utopia, describes a place where life is full of hardship and devoid of hope. Many countries are currently heading towards dystopia, where the failure to manage ageing populations, youth unemployment, rising inequalities and fiscal imbalances may lead to greater social unrest and instability in the years to come.

- How safe  are the safeguards?

Safeguards and regulations are necessary and needed in a world that depends on technology, but as the systems on which the global economy relies become increasingly interdependent and complex, what is meant as a mainly national regulation can capable of having unintended repercussions globally. What one country does, can affect many.

- The dark side of connectivity

The critical infrastructure15 that underpins our daily lives increasingly depends on hyperconnected online systems. The security of these systems are no longer just a matter of private concern, they have become a public good and new mechanisms are urgently required to secure private investment in exploring existing system vulnerabilities before they can be exploited.

Conclusion

Now in its seventh edition, the Global Risk Report is perhaps the most comprehensive report on the most important global risks that have the potential to shape our shape, change and disrupt if not destroy our future. It is a report that should be read and acted upon, it is not a mere whitepaper, it is a tool for a less worrysom future.

Related link

• weforum.org: Global Risks 2012 (interactive)
• weforum.org: Global Risks 2012 (pdf)

Related posts

• husdal.com: Global risks and global supply chains
• husdal.com: Transportation risks in global supply chains

Transport vulnerability and I

My first introduction to the field of transport vulnerability was when I read Katja Berdica’s article on road vulnerability, which in turn inspired my own research into why vulnerability and reliability should be considered as a decision factor in infrastructure development.

INSTR and I

Having read the book that contained the papers from the 1st Symposium on Transportation Network Reliability, I was inspired to present a paper at the 2nd International Symposium on Transportation Network Reliability in Christchurch, New Zealand in 2004. Busy with other research, I only attended the 3rd and skipped the 4th symposium, but perhaps I will attend this one? I hope so.

INSTR2012 – Topics

The scope of the 5th symposium includes all aspects of analysis and design to improve network reliability, including:

• User perception of unreliability and vulnerability
• Public policy and reliability of travel times
• The valuation of reliability
• The economics of reliability
• Network reliability modeling and estimation
• Transport network robustness
• Reliability of public transportation
• Travel behavior under uncertainty
• Vehicle routing and scheduling under uncertainty
• Risk evaluation and management for transportation networks
• ITS to improve network reliability

Conference website

• instr2012.org: INSTR2012

Related posts

• husdal.com: Reliability and vulnerability vs. benefits and costs

Did I reach my traffic goals?

It is very ambitious, I know, but when I started 2011 I was aiming at doubling my 2010 traffic, which meant going from 100,000 visitors to 200,000 visitors…well, I missed that one. I only increased by 60%, not 100%. Nonethless, 160,000 visitors in one year are some 13,000 visitors per month, and I’m quite happy with that.

Click image for full stats

What I find noteworthy is that the average visitor spends more than 4 minutes on my website; that’s good. Now, for 2012, considering my coming career change and less time for blogging, I’ll adjust my goal to 200,000 visitors. That should be a fairly reachable goal.

What drives traffic to husdal.com?

Looking at what sites/domains that bring in the most traffic, a marked change has taken place in 2011, compared to 2010:

Click image for full stats

In 2010, en.wikipedia.org (#1 in 2011) wasn’t even on the list, linkedin.com was #8 (#2 IN 2011), researchblogging.org was #2 (#4 in 2011) and google.com was #3 (#5 in 2011). The reason for Wikipedia’s jump in ranking is that some articles list my posts as external reference, e.g. this post on the Northern Sea Route is referenced in Wikipedia’s article on the Northern Sea Route. The increase in linkedin.com as a referrer I put down to that not only have I linked up with a lot of people using Linkedin, I have also been active in Linkedin Groups and Linkedin Answers. The last to referrers are a result of my cooperation with Incapsula, the state-of-the-art security and performance provider for websites, and which has protected my blog from a number of attacks in 2011.

 What were the most popular posts in 2011?

2011, as did 2010, confirmed that sometimes posts may take a while before they gain an audience, as the most read posts in 2011 may be posts that I wrote quite some time ago, and not at all in 2011:

Click image for full stats

If I disregard my home page as the most read “post”, the real #1 in 2011 was #3 in 2010 and was written in 2009: Supply chain risk management in six steps is a straightforward and reasy to read and understand post about SCRM; it is essentially supply chain risk made easy, and that is probably why it is so popular. Interestingly, my 2009 post on the latest trends in SCM still holds up as #2 (#2 in 2010), presumably because people are using that as a search phrase.  Surprisingly, #3 and #5 on the list are new posts from 2011, and a result of securing my blog with Incapasula, and the promotional posts and comments I made about it. What was #1 in 2010 is now #4 in 2011, thankfully, because the post is only popular among those searching for an image on cost-benefit analysis, and has nothing supply chain risk about it.

What can I do  to improve in 2012?

As already mentioned, there will be a career change in 2012, and consequently there will a change of focus of this blog. It remains to be seen whether this will be an improvement or not, but it will certainly – I hope so – widen the audience of this blog, and will inspire me to write better, I think. As to other things I could improve, I ask you as my readers to come up with suggestions, so please leave your thoughts in the comments below.

Less posts – more visitors

In summary, my writing was a lot less prolific in 2011 than in 2010, only 87 posts, compared to 121 posts in 2010, not to mention 164 posts in 2009. I think it truly goes to show that less is more and that churning out post after post is not the key to success in blogging. I did not reach my goals, but I am satisfied the way things turned out after all. Bearing in mind that I posted almost nothing  during the entire months of November and December I am quite content that I did not suffer a greater loss of visitors.

2012 – here I come

To all my followers and fellow bloggers, Happy New Year 2012!

Related links

• getclicky.com: GetClicky web stats

Related posts

• husdal.com: Looking back at 2010
• husdal.com: Looking back at 2009

How to handle a supply chain disruption?

one of the ideas from this article that I like very much are the different alternatives for handling a supply chain, basically only two: to act or not to act, that is the question.

These two options start from the very first signs of disruption: To act: close down the supply chain, or not to act: keep the supply chain running.

The same goes for pre-event measures, or mitigative measures as I like to call them. Here, to act means trying to prevent disruptions from happening, while not to act mens either to accept the disruption and its consequences despite possible actions that could be taken, or to accept the disruption because it can neither be influenced as to probability nor as to consequence.

Similarly, when it comes to post-event measures, or contingent measures as I would call them, there is again the option of acting or handling internally or not acting or passing on the event and it s consequences.

Going with the flow

Another interesting though from this paper is the supply chain flow, and where the purpose of handling supply chain disruptions is to regain a stable flow in both incoming, outgoing and internal flows.

Furthermore,  regaining a stable flow after a supply chain disruption also implies short-term stability or market patience while the disruption is handled and long-term stability or market confidence after an event has been handled.

Total expected result impact

Combining the disruption handling options, the types of flows and the chain of events creates twelve possible combinations of impacts which must be added in order to obtain the total expected result impact:

This splits the disruption impacts into individual units while at the same time keeping the full picture intact.

Conclusion

What I like about the model developed in this paper is that addresses the entire supply chain from supplier until end customer. It is a holistic and generic model for estimating disruption risks in the supply chain flow in a systematic and structured manner. The model presents, as far as I can see, the most complete estimation of disruption risks, it includes incoming and outgoing flows and it separates between mitigative and contingent handling of disruptions, thus balanacing proactive and reactive risk management.

Reference

Paulsson, U., Nilsson, C., & Wandel, S. (2011). Estimation of disruption risk exposure in supply chains International Journal of Business Continuity and Risk Management, 2 (1) DOI: 10.1504/IJBCRM.2011.040011

Author links

• lu.se: Ulf Paulsson
• linkedin.com: Carl-Henric Nilsson
• linkedin.com: Sten Wandel

Related posts

• husdal.com: Ulf Paulsson’s DRISC model
• husdal.com: Inbound and outbound vulnerability

A goodbye to supply chain risk?

Having said the above, I will not leave supply chain risk or this blog behind. My job title is senior adviser in civil protection and emergency planning, and much of my work will be centred around risk analyses and vulnerability assessments related to road infrastructure. The official title of the position of the title is adviser in societal security and emergency planning, or in other words: how road infrastructure can contribute to societal security. The focus of this blog is thus likely to switch in the direction of supply chains on roads, and the risks related to road transport, which – after all – is my where personal research interest in supply chain risk  is rooted, considering what I wrote about transport vulnerability as early as 2002.

More practical?

If anything, this blog is likely to become more hand-on and practitioner-oriented, based on what I learn and experience in my new job. That’s what I hope, at least. There willl still be plenty of academic papers to be found, as I have a mile high stack of  not yet reviewed journal articles on my desk that I am going to take with me to my new place.

Related posts

• husdal.com: Bad locations bad logistics?
• husdal.com: Why reliability matters in transport

Chokepoints

One major issue in supply chain security is the vulnerability of so-called “chokepoints”. Using AON’s risk map, the report features a map of important global supply chain links, hubs and associated threats, showing how chokepoints constitute vulnerability hotspots that supply chain managers need to be aware of and take precautions against.

According to the report “chokepoints” are geographic features where there is only one narrow way across a strait, valley or bridge, are another potential weak point. Admittedly, they are right, because disrupting traffic through the Panama Canal, Suez Canal or the Strait of Malacca, for example, would slow down freight flows significantly.

Highlights

The report is focussed around three major topics:

Ensuring secure passage
Where are global supply chains most at risk? Countries that are less stable, either politically or economically are often hot spots. Gateway regions where there are very large flows of cargo are particularly important for global supply chains, and are therefore also of special interest to those looking to disrupt them. We believe that transportation and logistics companies will need to take security concerns into account when choosing transport routes. They’ll need to take a close look at how dependent their business is on particular logistics hubs or chokepoints, and then assess how they can reduce the impact of threats to particular locations. Transportation and logistics companies will also need to be prepared to respond quickly if risk levels change.

Keeping cyber space safe
IT systems are becoming more interdependent, as companies connect across their supply chains. While this increases information flow and efficiency, it also means that one successful cyber attack could have disruptive, unpredictable, devastating effects on other systems and companies and cause long-lasting consequences to economies. Consequently, cyber attacks inducing physical damage are an increasing threat for the transportation and logistics industry. The transportation and logistics industry already relies heavily on Information and Communication Technology (ICT), and virtual threats need to be taken just as seriously as physical ones. Indeed, we believe that cyber attacks designed to induce physical damage will be an increasing threat for the transportation and logistics industry.

Investing in a more secure future
Enhanced security measures mean higher costs. Does all this emphasis on improving security measures mean profits will decline? Not necessarily. Well-planned security investments provide a payback not only in terms of loss prevention, but also by enhancing supply chain performance. Mind you, additional safety measures also create a range of opportunity costs that might not always be immediately apparent for transportation and logistics companies, i.e. costs incurred through longer transport times, longer dwell times and increased turnaround times.

The report also stresses the importance of industry and government cooperation:

Stricter standards and the need to take the lead
And while they won’t need to go it completely alone, transportation and logistics companies shouldn’t expect government to pick up the slack. We believe that governments won’t take a leading role in executing supply chain security, although they will continue to regulate security measures. Transportation and logistics companies will need to work together with governmental institutions to develop new security standards that are not only effective, but also efficient.

Obviously, there could be other threats, but I believe PwC has hit the nail on proverbial head here.

Wildcards

The report also introduces the notion of “wildcards”, arguing that any look into the future should not be limited to the most probable scenarios though. Unlikely events do sometimes happen – and can have a huge impact on both society and the economy. Such low-probability, high-impact events can be termed “wildcards”:

What if terrorist attacks shut down logistics networks?
Logistics networks are the backbone of the global supply chain. That means disruptions could slow down national economies, making them potentially a preferred target for terrorist attacks. Important hubs, such as seaports and airports, could be shut down by physical aggression.

What if insurance companies stop covering major risks?
In the future, insurance companies might refuse to underwrite some types of large risks – for example damage resulting from natural catastrophes, or from terrorist actions. If transportation and logistics companies are no longer able to offset risk through insurance, logistics costs might soar.

What if key transit points are blocked?
A large portion of total world trade passes through important transit points such as the Panama Canal, the Suez Canal and the Strait of Malacca. Today the access to such transit points is almost unrestricted. If access to important trade routes were limited or made prohibitively expensive by operators, it could have severe consequences for global trade.

What if a super-virus paralyses large ICT systems?
Computer viruses are becoming more sophisticated and are causing greater damage to ICT systems. If a new and more powerful virus was able to infect large ICT systems, it could result in massive system breakdowns. That could potentially shut down a whole range of automated processes, paralysing entire supply chains.

What if cryptography doesn’t work anymore?
Imagine what happens if new super computers are powerful enough to crack any cryptography system or password within seconds? Communications in the transportation and logistics industry, customer data, transport routes, freight content and further confidential data would be accessible to competitors, criminals, and other unauthorised parties.

That is certainly more than enough to be worried about.

Critique

I’ve read and reviewed a number of whitepapers and reports for this blog, and honestly, some are better (or worse) researched than others, some seem to be mere infomercials, while others even hold some academic value. This report definitely falls into the latter category: well-researched, well-founded and well-written…and it contains a long list of references well worth further investigation.

Reference

Ruske, K D; Kauschke, P and von der Gracht, H (2011) Transportation & Logistics 2030 Volume 4: Securing the supply chain. PwC/EBS Whitepaper.

Author links

• pwc.com: Klaus-Dieter Ruske
• linkedin.com: Heiko von der Gracht

Related links

• pwc.com: Securing the supply chain

The Transportation and Logistics 2030 series is a foresight publication series that anlayzes future scenarios within the transportation and logistics domain. If you found the above interesting, you may also want to have a look at the other reports:

• pwc.com: How will supply chains evolve in an energy-constrained, low-carbon world? 
• pwc.com: Transport infrastructure—Engine or hand brake for global supply chains?
• pwc.com: Emerging Markets – New hubs, new spokes, new industry leaders?

Related posts

• husdal.com: From vulnerable to valuable (another PwC whitepaper)

The three gaps

Because SCRM is still a nascent area, so the authors, most researchers in this area tend to come from different more established areas. However, this diversity affects collaboration with other researchers [...] and it can also hamper research engagement with industry. Essentially, there are three areas where researchers disagree most:

(1) a definition gap—there is no clear consensus on the definition of SCRM (because some limit the scope of SCRM to rare but large impact events while others believe that SCRM is about demand-supply uncertainties);

(2) a process gap—there is lack of research on an important aspect of the risk management process, namely, the response to supply chain risk incidents; and

(3) a methodology gap—there is shortage of empirical research in the area of SCRM.

This is creating three gaps that need to be closed for supply chain risk research to achieve some common ground.

SCRM Literature Review

According to the authors, a useful first step in learning more about these gaps is to characterize the diversity in scope in supply chain risk research methods among researchers. So they do, and they come up with this selected list of articles (in chronological order):

• Jüttner et al. (2003)
  Based on sources: environmental risk sources, network risk sources, and organizational risk sources
• Spekman and Davis (2004)
  Six dimensions of supply chain as risk sources, (1) inbound supply, (2) information flow, (3) financial flow, (4) the security of a firm’s internal information system, (5) relationship with partners, and (6) corporate social responsibility
• Cavinato (2004)
  Based on five subchains/networks as risk sources, (1) physical, (2) financial, (3) informational, (4) relational, and (5) innovational
• Chopra and Sodhi (2004)
  Categorize supply chain risks at a high level as disruptions or delays. These risks pertain to (1) systems, (2) forecast, (3) intellectual property, (4) receivable, (5) inventory and (6) capacity risk
• Christopher and Peck (2004)
  Categorize supply chain risks as (1) process, (2) control, (3) demand, (4) supply, and (5) environmental
• Kleindorfer and Saad (2005)
  Based on the sources and vulnerabilities of risks, (1) operational contingencies, (2) natural hazards, and (3) terrorism and political instability
• Bogataj and Bogataj (2007)
  Categorize supply chain risks as (1) supply risks; (2) process risks; (3) demand risks; and (4) control risks
• Sodhi and Lee (2007)
  Categorize supply chain risks in the consumer electronics industry broadly as those requiring strategic decisions and those requiring operational decisions, in three categories: (1) supply, (2) demand, and (3) contextual risks
• Tang and Tomlin (2008)
  Categorize supply chain risks as (1) supply, (2) process, and (3) demand risks, (4) intellectual property risks, (5) behavioral risks, and (6) political/social risks
• Manuj and Mentzer (2008a)
  Categorize supply chain risks as (1) supply, (2) operations, (3) demand, and (4) other risks including security and currency risks, See
• Manuj and Mentzer (2008b)
  for another categorization: (1) supply, (2) operational, (3) demand, (4) security, (5) macro, (6) policy, (7) competitive, and (8) resource risks
• Oke and Gopalakrishnan (2009)
  Consider low-impact high-frequency and high-impact low-frequency risks in three major categories: (1) supply, (2) demand, and miscellaneous risks in the retail sector
• Rao and Goldsby (2009)
  Categorize supply chain risks as (1) framework and (2) problem specific, and (3) decision making risk

Many of these articles have been reviewed on this blog (see links), some I know of, but hadn’t had the chance to review, while some are completely unknown to me, adding yet more papers to my already 2-foot high pile of “to be reviewed”-papers on my desk :(

The authors come up with even more articles and

classified the existing SCRM literature according to four key elements for managing supply chain risks: (1) risk identification; (2) risk assessment; (3) risk mitigation; and (4) responsiveness to risk incidents, the last one subdivided into responsiveness to (a) operational risks (frequent risk events stemming from inherent supply-demand uncertainty); and (b) catastrophic risks

I think this is an excellent classification scheme, as it follows the standard risk management procedures laid out in ISO73.

What is supply chain risk management?

Because the literature review indicated that there is much diversity in the scope including in definition of SCRM, the authors decided to investigate this further and conducted a survey on the definition of supply chain risk and of SCRM, asking the following main questions, with subsequent follow-up questions.

Q1 What is supply chain risk management (SCRM)?
Q2 How is SCRM different from supply chain management?
Q3 What is the link between SCRM and Enterprise Risk Management (ERM)?

Interestingly, the answer for the first question are somewhat divergent, see below:

When asked what SCRM is, disruptions and disasters rank low on the list.

When asked what SCRM should primarily be defined as, disruptions and disasters come up top of the list. Personally, I am not sure which is better; what do you think?

Supply Chain Risk Management goes where?

The authors also asked where supply chain risk management should be placed in relation to supply chain management and in relation to enterprise risk management, resulting in the following figures:

I think they got it right, because SCRM cannot be decoupled from SCM, nor can it be decoupled from ERM. In my opinion.

Conclusion

This paper should be required reading for any supply chain risk researcher. Not only does it list the most important works in supply chain risk management research, it classifies them in accordance with established risk management norms and it also lays the groundwork for future research into supply chain risk, by asking the research community itself where it thinks supply chain risk should place itself and where it should be headed, thus building rapport with those most likely to follow suit.

Reference

Sodhi, M., Son, B., & Tang, C. (2011). Researchers’ Perspectives on Supply Chain Risk Management Production and Operations Management, 21(1), 1-13 DOI: 10.1111/J.1937-5956.2011.01251.X

Author links

• city.ac.uk: Manmohan S Sodhi
• city.ac.uk: Byung-Gak Son
• ucla.edu: Christopher S Tang

Related posts

• husdal.com: Current gaps in supply chain risk research

Why Incapsula?

Incapsula is a cloud-based shield that wards off hackers, bots, scrapers and spammers and prevents them from even reaching my blog, and only lets legitimate traffic pass through. This also improves my blog’s performance, since it no longer has to deal with traffic that has real reason to be there.

In fact, in the three months since I signed up with Incapsula it has saved me 40% or 15GB of bandwith, said goodbye to some 15000 visits by spammers and took care of the TimThumb vulnerability and the Apache DOS vulnerability long before I knew they existed, by sending me an alert that an attack had just been thwarted.

The Upgrade – what’s in it?

Firstly, the user interface has gotten much better, giving a fuller overview of your site’s security stats and performance details. All stats are available as Today, Last 7 Days, Last 30 Days, Last 90 Days and Month to Date. Secondly, the user options have increased vastly, allowing a fuller selection of which traffic to allow and which not, and last but not least, it is now possible to blacklist or whitelist individual traffic. With Incapsula having undergone this major upgrade in its dashboard and user options, there is no reason and certainly no excuse for not using it.

Reason #1: Rich and Deep Traffic Stats

The traffic stats present you with a full overview of your site’s traffic, how much of that are bots, how much that are humans, and how much that has been blocked, including the top 5 countries and applications. Server load is shown as Hits per Second and Bits per Second, and accumulated bandwidth. I cannot think of anything else that should have been included here, can you?

Reason #2: Detailed Threats Stats

The threats stats are also a major improvement over what they used to be, now clearly displaying which threats that are most prominent and what countries you should watch out for. The five latest security events and what Incapsula did to them (based on your settings) are also shown.

Reason #3: Extensive Performance Stats

The performance stats show well Incapsula is speeding up your site, caching requests and saving your bandwidth. Very useful if you have a global audience is the pie chart showing which data center that gets the most requests, let alone the graph showing the global response time and that features a slider that you can run along the graph to study the details.

Reason #4: Recent Updates Overview

The recent updates stats is just that, a list of the settings you changed most recently or the alerts that Incapsula sent you. It even displays outage time and lost visitors, if you wish so (see reason #7).

Reason #5: Easy Threat Handling

Threat management couldn’t be easier: Do Nothing, Observe and Report, and Block Request. That’s all you need, really. Note that it is possible to whitelist certain IPs, something that previously was only possible after and event, now you can do it in advance. For example, I use it to whitelist my own IP, since my WordPress theme allows me to do some inserts that the latest WordPress version I am using does not allow. Incapsula, knowing that I am using the latest WordPress version then blocks me from doing these inserts, unless I whitelist myself.

Reason #6: Fine-tuned Access Control

This is perhaps the setting that has undergone the biggest change in this upgrade, allowing you to block or whitelist individual countries, user agents or clients, and IPs, see my note under reason #5.

Reason #7: Informative notifications

If you wish, you can let Incapsula do its job without telling you anything, or you can stay on top of it and receive an e-mail as soon as something suspicious happens. This is how a weekly report looks like.

Reason #8: Easy Performance Acceleration

Incapsula is security first and performance second. Consequently, unlike for example CloudFlare, there are few performance settings. In fact, there are only two, Standard and Advanced, but them again, since they do the job more than well enough, I really don’t need more. Do you?

Reason #9: Detailed Visitor Stats

While it is unlikely that you will use Incapsula for your stats needs, they are nonetheless useful in identifying your visitors and threats in more detail.

Conclusion

This being the first major update since its release, Incapsula has taken a huge step forward. I am almost compelled to say “a small step for Incapsula – a giant leap for website security”, but that wouldn’t be right. What I can say is that while in a previous post I compared Incapsula and CloudFlare, stating that Incapsula is for security and CloudFlare for performance, this update clearly shows where Incapsula’s heart is, and that is state of the art website security (with performance included, but not the main issue). No comparison needed and no comparison possible, because this is how website security should be.

Related links

• incapsula.com: Incapsula Tutorials
• incapsula.com: Incapsula website security – How does it work?
• incapsula.com: Incapsula web application firewall – How does it work?

Other reviews

Related posts

• husdal.com: Incapsula versus CloudFlare
• husdal.com: CloudFlare or CloudFront
• husdal.com: Backup, Backup, Backup