Extended Enterprise Risk Management & Continuity Forum

NCMS Project Concept Statement

October 1, 2002

National Center for Manufacturing Sciences
3025 Boardwalk
Ann Arbor, Michigan 48108-3266

NCMS Project Concept Statement

Introduction and Background
The Extended Enterprise Risk Management & Continuity Forum is a phased initiative now forming within the Manufacturing Trust program area of the National Center for Manufacturing Sciences (NCMS). This effort will be conducted as a cross-industry forum leveraging knowledge and resources, guiding multiple collaborative projects, and utilizing proven structures, resources and collaboration models developed by NCMS that have repeatedly delivered high value to participants with leverage exceeding 10:1. The focus of this initiative is on improving the security, resiliency and survivability of manufacturing companies together with their supply chains, and will explicitly support execution of advanced business strategies leveraging the Internet, other advanced information technologies and inter-company collaboration. It encompasses multiple inter-related components of the enterprise risk management spectrum, including but not restricted to information security, intellectual property protection, physical security, business process integrity, hazard risk, operations recovery and business continuity.

Business, technology and environmental changes are driving trends that demand prudent response by corporate Boards and executive leadership:

• Risks related to information assurance and information assets, including critical intellectual property, are increasingly prominent components of the risk spectrum as enterprises, supply chains, key infrastructures and the economy have become inextricably information driven and threats continue to intensify.
• Increasing interdependence of physical and information systems and assets requires increasingly integrated physical and information security policies, procedures, and assessment methods.
• Efficiency and effectiveness are increased by appropriate collaboration and/or integration among the traditionally distinct security and risk management functions within the enterprise.
• Competitive business strategies driving supply chain integration and increased outsourcing require increased collaboration among enterprises to manage risks to shared and interdependent assets, operations, goals and values.

The NCMS Extended Enterprise Risk Management & Continuity Forum is being established to provide forum members an exceptional collaboration experience that addresses these challenges to create compelling value. NCMS has a long established strong track record based on identifying advanced technology concerns and business drivers/trends, and then forming self-sufficient collaborative consortia of cross-functional industry participants with common or complementary technology goals, business goals and thematic interests. This cross-industry forum will give members opportunities to efficiently and systematically develop and deploy capabilities to improve and secure competitive capabilities. NCMS is attracting domain experts from industry and academia for knowledge sharing, networking, and problem-solving in this arena. Partners brought together for this facilitated collaboration are primarily complementary end-users from a range of industries, but at the discretion of the initial core team members, competitive companies and organizations with complementary and/or unique industry knowledge may be encouraged to fully participate. NCMS specializes in organizing project collaborations that manifest an ambiance of trustworthiness and common goals and interests, governed by proven management and legal structures.

This document is a concept statement intended to recruit interested parties to join the core industry project team, now forming, that will continue to define this initiative, guide and participate in its execution, and reap the expected benefits.

Project Concept Summary
The overall objective of this initiative is to improve the ability of senior executives to more holistically and efficiently manage the many, dynamic dimensions of risk facing the modern manufacturing enterprise. Elements of risk and their interrelationships are rapidly evolving in the world now shaped by the Internet, e-Commerce, globalization, emerging governance and regulatory factors, increasing threats and Homeland Security challenges.

This forum responds to the growing need and high business value of an increasingly integrated approach and updated toolset for manufacturing enterprise security and risk management, both within the enterprise and for its extended interactions with suppliers, partners and customers. The goals of this initiative are:

• Identify, benchmark and validate replicable sets of tools, processes and methods for efficiently managing a range of risks and business continuity in the extended manufacturing enterprise, including supply chains;
• Identify common risks and effective risk management approaches among OEM and multi-tier supplier communities;
• Identify, adapt, develop, validate and deploy key enabling technology & method extensions, in the shortest practicable timeframe.

The goals of this initiative cross supply chain tiers, industry boundaries and traditional functional disciplines. True collaboration is essential to reach these goals. An important aspect of this initiative is the expectation that each industry member will secure the active participation and collaboration of at least one key supply chain partner in the forum (either customer or supplier). Likewise, participating companies will gain benefits from leveraging this forum to build collaboration among their respective security and risk management functions, owners of key business processes including supply chain management, and with their peers in other forum member companies.

The initiative will consist of an initial phase establishing a foundation of benchmarks and roadmaps; a multi-threaded phase of collaborative project activities by teams of members to adapt, develop, pilot, implement and otherwise validate selected practices and tools; and an ongoing umbrella effort to coordinate activities, guide initiative direction, and assure information dissemination among core members.

• Advanced methods and technologies will be addressed, potentially including:
• Vulnerability and risk assessment methodologies tuned to manufacturing industry and supply chain environments
• Innovative and refined financial mechanisms for risk management
• Collaboration technology applied to risk management and continuity planning
• Quantitative risk assessment/analysis tools and methodology
• Business process and event/condition response management
• Agent-based technologies for decision support, continuous audit and analysis
• Advanced simulation technologies applied to cross-functional response and business continuity scenarios.

Benefits
Participating members will gain benefits that are demonstrable, immediate, and sustainable.

• Achieve near-term actions toward protecting highest priority assets, reducing vulnerabilities and managing risks, both within the enterprise and collaboratively in the supply chain.
• Gain leverage for internal resources from the power of cross-industry collaboration. Bring together the right players and experts from industry, laboratories and universities, leveraging a broad spectrum of resources and expertise to produce robust solutions at a cost and speed that no single participant could achieve alone.
• Maximize benefit through focused solutions. Continually obtain solutions accurately filling evolving needs as forum members identify opportunities and critical needs for managing risks, set priorities and define/execute specific projects.
• Get advantages of earliest access to solutions and advanced research knowledge created through forum collaboration, beginning with the initial Benchmark Study.
• Reduce training costs through leveraging unique NCMS e-Learning resources.
• Through ongoing collaboration, become “better, cheaper, faster”, and more secure and resilient, to better prosper in the changing global environment.
• Obtain ongoing insight from NCMS involvement, and potentially direct forum involvement, in evolving Homeland Security initiatives.

Project Description

Scope
Modern manufacturing companies face a range of risk issues that can be described by the business structure involved, type of risk and approach taken to the risk. This forum will engage participants in cross-functional and cross-organizational collaborations to address high priority issuesor opportunities within the space described by these dimensions:

• Business structure focus: Enterprise; buyer-seller pairs; tiered supply chains; supply networks.
• Types of risk: Intellectual property compromise/loss; hazard; operational disruptions and catastrophes; supplier viability; strategic.
• Approaches to risk: Risk identification and analysis; vulnerability and risk assessment; management strategies and methods for avoidance, mitigation, transfer and sharing of risk; incident response and recovery; business continuity.

Objectives & Deliverables
Objectives and deliverables from this initiative are subject to the ongoing direction of the forum membership. The foundation objectives and basic deliverables are:

• Benchmarks of targeted processes and technologies
• Roadmaps to guide research and improvement action in the extended enterprise
• Forum Website
• Management roundtables, seminars, workshops
• Project outcomes: Member-directed technology and method demonstrations/pilots, R&D, validations, production implementations
• Enterprise awareness resources
• e-Learning modules
• Research and industry publications/reports.

Strategy and Approach

• Forum driven by industry (user) members

  o Industry members guide through Steering Team.
  o NCMS initiates, manages, facilitates, integrates, resolves.

• Collaborative Project Portfolio: Leveraging resources and results

o All Members propose projects to Steering Team.
o Members collaboratively define, charter, execute and fund (as necessary). Initial candidate project agenda is described below.
o Projects carry out research, innovations or extensions, validations, and deployment pilots/implementations, as directed by Steering Team.
o Ongoing cross-project coordination and information exchange.
o Knowledge transfer to members.
o Special licensing terms to members (as applicable).

Figure 1. Formation and execution approach for NCMS Extended Enterprise Risk Management & Continuity Forum

Projects will be undertaken according to the interests of forum members. Potential interest, and advanced technology and method components have already been identified by NCMS for the following initial list of candidate project topic areas:

• Industry-specific tailoring of advanced risk and vulnerability assessment methodology
• Supply chain collaborative risk and vulnerability assessment methodology
• Quantitative risk analysis methods and tools
• Tools and practices for protection of intellectual property protection from internal and external threats
• Manufacturing operations business continuity planning methods and tools
• Collaboration environment for risk management and business continuity planning
• Application of continuous audit methods and tools to extended manufacturing enterprise risk management and supply chain collaboration
• Application of sense & response, intelligent agent and decision associate technologies to incident response and business continuity execution.
• Application of advanced simulation technologies to cross-functional scenario planning and training for event/incident response, risk management and business continuity.

Structure

• Forum governed by Collaborative Project Agreement administered by NCMS:

o Bylaws
o Membership
o Intellectual Property
o Confidentiality
o Forum subscription
o Project chartering and funding.

• Steering Team composed of one designated representative from each Industry Member.
• Forum Projects governed by Charters from Steering Team.

Participants

• Industry Members – each with a minimum of one supply chain partner that will actively participate as a forum member. Industry Members will be sought from a range of industry sectors, including but not limited to automotive, aerospace, semiconductor, electronics, equipment and insurance/capital.
• Technology Members – long-term participants contributing substantial intellectual property and other forms of in-kind or leveraged resources to Forum Projects.
• Affiliate Members

o University Researchers
o Federal Agencies/ National Laboratories
o Industry Consortia & Associations

• NCMS

o Collaborative project development
o Collaborative project management
o Legal support
o Financial management
o Seeking leveraged funding opportunities

• Subcontracted Technology & Service Suppliers
• Benchmarking Partners

Figure 2. Participation structure of NCMS Extended Enterprise Risk Management & Continuity Forum

Initial Schedule

• Formation and launch in 4Q02.
• Duration is open, with annual recommitment by forum members.

Next Steps
Companies with potential interest in participating in any role in this forum or desiring more information should contact

Michael Fancher
NCMS
Executive Director
Ph. 734-995-7049
michaelf@ncms.org

About NCMS Manufacturing Trust

Making the manufacturing enterprise
SECURE, RESILIENT, RESPONSIVE

The unprecedented opportunities and competitive advantages of exploiting the Internet are well known, as manufacturers strive to become “better, cheaper, faster.” But the open, ubiquitous environment that makes these opportunities and advantages possible also poses significant risks – risks that must be managed to ensure that information assets are protected and increasingly information-dependent infrastructures, business processes and supply chains are secure and resilient. Strategies such as supply chain integration, collaborative product life cycle management, e-Manufacturing and e-Commerce bring the potential of new vulnerabilities and risks along with the promise of business advantage. The horrific events of September 11 only served to heighten the need for a bold new approach to risk management, not only for a company’s physical assets but also for its information assets.

Progress will not stop. The National Center for Manufacturing Sciences – through its innovative Manufacturing Trust initiative – has both the strategic collaborative vision of what is required and a proven track record in building public/private partnerships to respond to this compelling need. Manufacturing Trust recognizes that these advantages and risks go hand in hand, and provides manufacturers with unique powerful opportunities to respond to the challenges of continually building competitive advantage while controlling risk, through the leverage of collaboration.

The Program

Manufacturing Trust comprises three highly synergistic thrusts:

Strategic Communications

• Face-to-face interaction among senior business leaders and senior government officials to exchange views on the impact of policies, practices and procedures.
• Thought leadership in evaluating and creating national policies and procedures affecting information assurance and Homeland Security.
• Participation in the NCMS-led, InfraGard Manufacturing Industry Association (IMIA) programs.

Strategic Education

• Workforce awareness resources and training in information assurance practices, cyber-forensics and risk management, based on content provided by world-class institutions, to ensure availability of the workforce skills needed to successfully mount and maintain information assurance and risk management programs.
• Executive and operational level education targeted to meet manufacturer’s needs and priorities in information assurance and risk management.
• Engage InfraGard chapters across the country together with federal and state government.

Strategic Action

• Services tailored for strengthening manufacturing enterprises and supply chains:

o Risk assessment
o Benchmarking
o Road mapping

• Propose, assemble, facilitate and manage collaborations for effective, high-value outcomes. Collaboration opportunities currently available include:

o Extended Enterprise Risk Management & Continuity Forum
o Supply Chain Collaborative Value Management
o Extended Enterprise Intellectual Property Protection
o Secure B2B Internet Settlement Processing
o Shop Floor Operations Protection & Security

• Collaborative business trials to develop and test information technology solutions, information assurance solutions and business processes in real-world settings.
• Collaborative development and adaptation of supporting technologies, products and services.
• Collaboration among government agencies, industry and academia to build trusted relationships between industry and government entities charged with maintaining critical infrastructures.
• Advocate / develop policies, procedures and systems that support widespread application of information assurance and risk management techniques.