The recent ransomware attack on Change Healthcare has thrown the spotlight on the potential disruptions caused by cyberattacks targeting supply chains. This incident highlights how essential connections between healthcare providers, hospitals, pharmacies, and insurance companies can be severed, impacting the ability to process insurance claims and receive payments for medical services.
Such cybersecurity breaches, particularly data theft, are becoming alarmingly common, often targeting large multinational corporations via their smaller supply chain vendors. These interconnected systems make formidable targets for attackers, significantly affecting both large and small enterprises.
Researchers from MIT and the Hasso Plattner Institute (HPI) in Potsdam, Germany, are investigating the varying organizational security cultures present within large corporations and their suppliers. The differences in cybersecurity practices often stem from a lack of emphasis on security at the senior leadership level within small to medium-sized enterprises (SMEs).
The team, led by Keri Pearlson, executive director of Cybersecurity at MIT Sloan (CAMS); Jillian Kwong, a CAMS research scientist; and Christian Doerr, a professor at HPI, is focused on their research project titled “Culture and the Supply Chain: Transmitting Shared Values, Attitudes, and Beliefs across Cybersecurity Supply Chains.”
This project was awarded a grant as part of the inaugural HPI-MIT Designing for Sustainability program in 2023, a collaboration between the two institutions that funds multidisciplinary projects. It aims to support innovative research addressing the United Nations’ Sustainable Development Goals (SDGs) by offering grants to diverse teams skilled in areas like computer science, engineering, and business management. Applications for the 2024 Call for Applications are currently open until June 3.
Enhancing Cybersecurity Culture in Supply Chains
The recent trends indicate that many ransomware attacks remain unreported. Smaller companies often find themselves unable to recover from such attacks, leading them to shut down instead. This makes it challenging to assess the full extent of cyber threats in the corporate landscape. Jillian Kwong emphasizes, “As more data transitions online and into cloud services, the urgency of securing supply chains becomes paramount. Investments in cybersecurity ensure the safe exchange of information, allowing for continued progress towards sustainability.”
A notorious example of SME cybersecurity failure occurred in 2013 when hackers accessed Target Corporation’s network by infiltrating a Pennsylvania-based HVAC vendor. This breach led to the theft of financial and personal information of over 110 million customers, sold on the dark web.
To bolster security, large corporations often mandate SMEs in their supply chains to adhere to specific cybersecurity protocols. However, many smaller vendors lack the resources and training to meet these expectations, which compromises the security of interconnected systems.
Kwong further explains, “Today’s organizations are economically linked but misaligned in cybersecurity culture and practices. Larger firms are realizing that smaller suppliers struggle with implementing required security measures, prompting some corporations to reduce requirements, which does not necessarily enhance security.”
According to Pearlson, a shift in responsibility regarding cybersecurity is essential. Board members and senior management must take affirmative action to cultivate a robust security culture throughout SMEs, rather than relegating it to single departments or isolated personnel.
The research team employs case studies, interviews, focus groups, and observations to understand how organizations interact with their vendors and to investigate how cybersecurity is integrated into routine operations. Their ultimate aim is to foster a collaborative cultural approach to cybersecurity across supply chains.
This initiative aligns with the Charter of Trust Initiative, which unites large corporations to improve cybersecurity across supply chain networks. Last year, the HPI-MIT team collaborated with members of the Charter to assess the impact of cybersecurity regulations on SME supply chain participation and develop frameworks for implementing more stable cybersecurity measures.
Kwong asserts that a secure supply chain is fundamental for achieving the United Nations’ SDGs. Disruptions to vital resources such as food, clean water, renewable energy, and healthcare can occur without a secure supply chain. By safeguarding these connections, organizations can promote sustainable development and support the role of SMEs as economic cornerstones in the U.S. and Europe.
Innovative Approaches to Sustainable Design
Another project under the Designing for Sustainability initiative focuses on utilizing AI for “Personalizing Product Designs While Minimizing Material Waste.” This endeavor aims to leverage AI to optimize how parts are arranged on sheets of material for laser cutting, enhancing efficiency while reducing waste.
Stefanie Mueller, from MIT’s Department of Electrical Engineering and Computer Science, and Patrick Baudisch, from HPI’s Human-Computer Interaction Lab, are co-principal investigators on this project. Their collaboration builds on years of working together, with Baudisch having mentored Mueller during her doctoral studies at HPI.
The duo is developing tools that allow students to design and fabricate 3D objects from sheets of material, teaching them crucial skills in design and structural engineering through hands-on experience.
Mueller’s MIT lab has created an innovative AI-based layout algorithm that suggests optimal arrangements for components in real time, significantly reducing the time spent on material-efficient designs. This technology provides instant feedback on material usage, thus enhancing the user experience in design processes.
AI-Driven Startup Design for a Sustainable Future
Additionally, Svafa Grönfeldt, director of MITdesignX, has been instrumental in guiding startups to align their designs with the problems they address. In collaboration with MIT’s John Fernández and graduate student Tyler Kim, Grönfeldt is now working to incorporate AI into forecasting startup success.
Through this initiative, the research team aims to create a machine learning model that assesses various parameters—such as team dynamics, proposed business models, and market trends—to evaluate the likelihood of startup success. This approach not only aids entrepreneurs in navigating the complexities of launching a company but also aligns ventures with the growing demand for sustainable practices in the business landscape.
Advancing HPI-MIT Collaboration Goals
All three projects exemplify the mission of the HPI-MIT collaboration. MIT MAD is dedicated to using design as a catalyst for innovation, while HPI focuses on developing user-centered innovations. The partnership encourages interdisciplinary teams from both institutions to propose ambitious, sustainable projects that deliver measurable solutions to pressing global challenges.
Photo credit & article inspired by: Massachusetts Institute of Technology