<div align="justify"> <p>Are you gambling with your supply network? As we look back on supply chain management pre-Sept. 11, 2001, it's fair to say that many companies were indeed unwittingly gambling. Sadly, it took the terrorist attacks and subsequent reactions to expose a cold reality: The supply network is inherently vulnerable to disruption, and the failure of any one element in it could cause the whole network to fail. Further, the attacks dramatically illustrated the interdependence that exists in the supply network--not just among the trading partners but also with the U.S. government agencies involved in the flow of goods and the transportation infrastructure. </p><p>This new operating environment calls for a supply network design that is both secure and resilient. That means a supply network that has advanced security processes and procedures in place, while at the same time being resilient enough to respond to unexpected disruptions and restore normal supply network operations. Certain initiatives will provide the dual benefits of supply network security and resilience. Others will contribute to either security or resilience but not both. Ultimately, companies will need to design for both security and resilience, as a secure supply network does not guarantee a resilient supply network, and vice versa. </p><p>Today's operating environment also calls for new organizational capabilities. Specifically, companies will need to forge new relationships with those U.S. government agencies that now also are working to make supply networks secure and resilient. Similarly, deeper relationships need to be developed with suppliers and customers to co-create a more secure and resilient network. Internally, the biggest organizational challenge may be to give individuals a solid understanding of the interdependencies and operational imperatives that now exist. </p><p>The Center for Transportation & Logistics at the Massachusetts Institute of Technology (MIT) initiated a research project to study how organizations are responding to this new environment. The study sample included major global companies from a wide range of industries. (For more on the project, see the sidebar "The 'Response to Terrorism' Study" above.) Overall, we observed a broad range of responses, the majority of which can be characterized as reactive--that is, the actions taken were in response to government regulations and other mandates. For those companies responding solely to mandates and regulations, the only thing that may be standing between them and a major supply chain disruption could be luck. </p><p>In a few notable cases, however, we observed companies executing against previously established plans and honing and refining their supply network for security and resilience. Notably, most of the companies in this advanced category had actually experienced supply chain disruptions in the past. </p><p>What seems to set these leaders apart is their ability to learn from experience and take action to design and operate their supply networks to be resilient as well as secure. These organizations do not rely on luck but instead emphasize supply chain collaboration, intensive training and education, and sound strategy development. The sidebar "Classifying the Responses" on page 27 presents a summary of the corporate responses, classified into four levels of initiatives--from basic to advanced. </p><p>A first step in creating a supply network that is both secure and resilient is to recognize that the two are not the same. This distinction becomes important when developing plans focused on security and resilience respectively. </p><p>Yet while security and resilience are independent of one another, our study revealed that some types of responses address both--that is, they enhance security and resilience of the supply network. These responses center on such activities as business continuity planning, designing systems to "fail smartly," using layers to provide backups, aggressively training people in the organization, and making security and resilience a part of the company's culture. </p><p>The sections below describe those key actions that can improve security as well as those that can enhance resilience. Also described are the types of initiatives that address both, thereby bringing dual benefits. </p><p><b>Actions to Improve Security</b> </p><p>Our study found that companies typically undertake a series of security initiatives to protect their supply chain from disruption. These responses can be classified into three groups: physical security, information security, and freight security. These groups, in turn, can be further segmented into two levels of response, basic and advanced. The basic level involves traditional activities that have become almost standard practice today. The advanced responses entail more forward-thinking initiatives, used by relatively few companies. The table below summarizes supply chain security measures at the two levels. </p><p>We don't necessarily conclude that every company should adopt advanced responses. Those that have done so among our survey sample are organizations highly exposed to risk. Companies with less exposure could be sufficiently protected by the basic measures. </p></div>