The recent ransomware attack on ChangeHealthcare underscores the disruptive nature of supply chain attacks. Such attacks are becoming increasingly prominent and often target large corporations through the small and medium-sized vendors in their corporate supply chains. Researchers from Massachusetts Institute of Technology (MIT) and Hasso Plattner Institute (HPI) in Potsdam, Germany, are investigating different organizational security cultures that exist within large corporations and their vendors as such differences create vulnerabilities, usually due to inadequate emphasis on cybersecurity by the senior leadership in small to medium-sized enterprises (SMEs).
Keri Pearlson, Jillian Kwong, and Christian Doerr are co-investigators on a research project called “Culture and the Supply Chain: Transmitting Shared Values, Attitudes and Beliefs across Cybersecurity Supply Chains.” Their project was selected for the 2023 inaugural round of grants from the HPI-MIT Designing for Sustainability program. The program supports scientific research in line with the United Nations’ Sustainable Development Goals (SDGs), focusing on sustainable design, innovation, and digital technologies.
Most ransomware attacks go unreported as smaller companies often shut down instead of paying ransoms for their data. As data and processes move online and into the cloud, securing supply chains becomes crucial. Achieving secure supply chains is necessary for realizing the United Nations’ SDGs as disrupted access to resources and institutions can hinder progress towards these goals.
The researchers aim to generate a shared culture around cybersecurity that can be implemented across all vendors in a supply chain. Drawing from interviews, field studies, focus groups, and direct observation, the researchers intend to understand how companies engage with vendors and the ways in which cybersecurity is instituted in everyday operations. Creating a shared cybersecurity culture is in line with the goals of the Charter of Trust Initiative, a partnership of large corporations formed to enhance cybersecurity implementation in supply chain networks.
MIT and HPI are fostering cooperation on other projects as well. For instance, “Personalizing Product Designs While Minimizing Material Waste” employs AI for efficient and sustainable design creation, employing AI design software to layout multiple parts of a pattern on materials such as plywood or acrylic for laser cutting in real time. Another project, “AI-powered startup design for the Anthropocene,” aims to incorporate AI into forecasting the success probabilities for startups. Both projects underline the mission of the HPI-MIT collaboration, advancing sustainable design and problem-solving for global issues.