Skip to content
Search AI Powered

Latest Stories

THOUGHT LEADER

Defensive line: interview with Brett Williams

As former director of operations at the U.S. Cyber Command, Brett Williams knows what it takes to protect our vulnerable supply chains. We asked him what companies can do to safeguard their data.

DCV23_01_TL_Brett_Williams.jpg

When Brett Williams was flying F-15 fighter jets for the U.S. Air Force, he never dreamed he would become one of the nation’s leading cybersecurity experts. But when you answer the nation’s call, you accept whatever mission you’re given. For him, it was becoming director of operations at the U.S. Cyber Command, a unified combatant command launched in 2010 to strengthen the Department of Defense’s (DOD) cyber capabilities and expertise. Maj. Gen. Williams ended up leading a team of 400 people responsible for the global operations and protection of all DOD computer networks as well as the planning and execution of authorized offensive operations.  

During his time as an Air Force general officer, Williams served in significant senior executive leadership positions, including director of operations for the U.S. Air Force. He was also 18th Wing Commander in Okinawa, Japan, where he led the largest combat wing in the Air Force and oversaw a community of over 25,000 U.S. service members, their families, and Japanese employees. His 33-year Air Force career also included more than 100 combat missions as a F-15C fighter pilot.


Upon his retirement from the military in 2014, Williams moved into the business world, where he co-founded IronNet Cybersecurity. He is a recognized cybersecurity expert and sought-after speaker as well as a guest professor at his alma mater, Duke University, where he earned his B.S. in computer science. He also holds three graduate degrees in management and national security studies. 

Williams was recently a guest on DC Velocity’s “Logistics Matters” podcast, where he spoke with Group Editorial Director David Maloney. 

Q: How did you make the journey from military commander to cybersecurity expert?

A: I was in the Air Force for 33 years, 28 years as an F-15 pilot. Then I passed a highly selective screening process to move over to the IT and cyber world. I finished up at the U.S. Cyber Command and had broad responsibility for making sure Department of Defense networks were defended as well as planning offensive operations.

When I moved into this space about 12 years ago, I didn’t have any background in this field other than a 1981 computer science degree from Duke. But I put in the effort to develop a bit of technical expertise.

That’s something that I think is extremely important for business leaders to do. They can’t afford to delegate the risk decisions in the world of cybersecurity solely to the technical experts, whether they’re in-house experts or outside contractors. Leaders need to gain some relevant knowledge in this field so they can decide what is appropriate for their companies and what steps need to be taken. They need to be able to have an intelligent conversation with the providers of their cybersecurity services in the same way they do with everybody else on their leadership teams.

I encourage them all to spend a little time to get familiar with these issues so they can ask the right questions and make sure the answers they’re getting make sense to protect their businesses.

Q: We continue to hear about breaches of security systems, such as hacking and ransomware attacks. What are the biggest threats to our information systems right now, and where are they coming from?

A: There are two broad groups of threats out there. There are what we refer to as the “nation state threats,” and for the United States that continues to be China, Russia, North Korea, and Iran. And then there are the criminal groups.

I think the most important thing for people to keep in mind is that the worry is no longer about a teenager in his basement in a hoodie who is hacking for fun. Both the nation state threats and the criminal groups are well resourced and trained. They have vast expertise and tools, and they are deploying them broadly. I would argue that there is no company of any size in any sector that doesn’t have to consider the possibility that it could fall victim to a very advanced type of cyberattack.

Q: Along those lines, I think many companies feel that they’re too small to be threatened, that no one would bother to come after them. But the threat is real for everybody, correct?

A: That is 100 percent right and especially in the logistics and supply chain business. Every company that is part of that supply chain is a potential target.

Maybe you just supply some software that helps people manage inventory or maybe you’re a very large trucking or rail company that coordinates deliveries all over the country or the world—no matter how big or small your company is, you have a critical role in the supply chain that supports both our national economy and our national security. The people who are threats know that smaller companies are the least well defended, even though they are frequently a critical cog in this supply chain.

So, the first thing I would ask folks to consider is that you have a role in our national security. I would argue that your ability to make supply chains work and not bring risk is a national security issue, and I ask you to take it seriously.

Q: In what ways are our supply chains under threat?

A: The first thing to understand is that Covid brought the term “supply chain” into the vernacular and made people aware that disruptions to the supply chain are serious issues—including those who would seek to cause us harm, particularly those nation state threats I talked about. They know that if they can interrupt these national supply chains that impact our economy, our security, and our ability to “do” logistics, they can cause significant internal friction and really set us back on our heels.

Looking at the supply chain from a more tactical perspective, what you have to think about is that none of these companies operates alone. You have a supply chain that you rely on to make your business run, and, more than likely, you are part of a supply chain that makes another business run. So, as you look at your supply chain, you have to take it very seriously, particularly when you are sharing data or giving someone—such as a 3PL partner—access to your systems. What kind of security are those partners maintaining? How do you know if they are protecting your interests?

At the same time, you have a responsibility to do the same when you are providing services to another company. How are you protecting that data and ensuring you don’t become the security risk for that other company? You don’t want to bring risk to their operation, and there can be significant liability concerns if you somehow expose data or interrupt the operations of that company.

Q: If threats to our supply chains are a matter of national security, what are the potential costs to our country if our supply chains are severely disrupted?

A: Our adversaries are not going to attack us in physical space—say, in the South China Sea or someplace. They are first going to come to the homeland, if you will, and try to disrupt supply chains that maybe affect health care, or finance, or the delivery of critical goods and services. Or maybe they just get in and mess up things like our air traffic control system or the systems that control trucking around the country.

All of those have the effect of getting us to focus internally. They become political issues very quickly in our country, and the more we focus internally, the less we focus on those [actual] threats. That cultural issue to me is huge.

Then there are the real issues of not getting things to the places they need to be. That affects our economic system, which affects our national security. It is hard to think of anything that’s much more important than the supply chains that your [readers] support.

Q: Can you share some examples of how critical systems have been breached and the results of those breaches?

A: There was the attack called NotPetya that targeted Maersk, the giant global shipping agency. The total damages literally ran into the billions of dollars, and certainly Maersk wasn’t the only [company] that bore that cost, right? There were a lot of people relying on them. That was a system that was breached initially through ransomware and extortion, and then was completely locked up, preventing them from doing business the way they normally do it. We saw how quickly that cascaded through the global supply chain.

Another example was the ransomware attack on Colonial Pipeline. That one essentially targeted the company’s distribution and billing system. Colonial Pipeline could continue to move oil safely through the pipeline, but it couldn’t track how much went where.

About 25% of attacks in this sector of the economy are these types of ransomware attacks. So, make sure you practice good basic hygiene in your systems to protect them against ransomware. You can make yourself a slightly less attractive target than the next guy through basic security practices.

Q: What specifically should supply chain managers do to secure their systems and their supply chains against cyberattacks?

A: There are three quick things they should do. First, they need to identify their critical data. What data if it were exposed, manipulated, or destroyed and which system if it went down would have the biggest impact on their business? They have to prioritize their efforts to protect that data and those systems.

The second is to bolster password security by requiring two-factor authentication. The things people get very bored hearing about are nonetheless extremely important for basic security.

Then, number three, be very strict about identifying who will have access to your systems and have multiple ways to authenticate who they are and ensure that only authorized people are in those systems.

Then make certain that you have good backups for all your critical data and systems. These backups have to be done correctly. They can’t be connected to your normal system every day, because when the bad guys get into the system, they immediately look for a backup and then corrupt that as well. So, you really have to do backups and be careful about how they are managed.

Then, whether you outsource this work or handle it internally, if you are the business leader in the company, don’t delegate the risk decisions. In other words, you don’t have to be the technical expert, but you do have to know enough about it to make sure that you’re mitigating the risk that is relevant to your company. Understand the investment you are making and what the payoff is. Understand the basic terms and concepts. I encourage you to get smart, ask questions, and make sure you fully understand how your systems are protected from cyberattacks.

The Latest

More Stories

Trucking industry experiences record-high congestion costs

Trucking industry experiences record-high congestion costs

Congestion on U.S. highways is costing the trucking industry big, according to research from the American Transportation Research Institute (ATRI), released today.

The group found that traffic congestion on U.S. highways added $108.8 billion in costs to the trucking industry in 2022, a record high. The information comes from ATRI’s Cost of Congestion study, which is part of the organization’s ongoing highway performance measurement research.

Keep ReadingShow less

Featured

new technologies illustration with lightbulbs
Artificial Intelligence

Supply chain startups get creative

From pingpong diplomacy to supply chain diplomacy?

There’s a photo from 1971 that John Kent, professor of supply chain management at the University of Arkansas, likes to show. It’s of a shaggy-haired 18-year-old named Glenn Cowan grinning at three-time world table tennis champion Zhuang Zedong, while holding a silk tapestry Zhuang had just given him. Cowan was a member of the U.S. table tennis team who participated in the 1971 World Table Tennis Championships in Nagoya, Japan. Story has it that one morning, he overslept and missed his bus to the tournament and had to hitch a ride with the Chinese national team and met and connected with Zhuang.

Cowan and Zhuang’s interaction led to an invitation for the U.S. team to visit China. At the time, the two countries were just beginning to emerge from a 20-year period of decidedly frosty relations, strict travel bans, and trade restrictions. The highly publicized trip signaled a willingness on both sides to renew relations and launched the term “pingpong diplomacy.”

Keep ReadingShow less
forklift driving through warehouse

Hyster-Yale to expand domestic manufacturing

Hyster-Yale Materials Handling today announced its plans to fulfill the domestic manufacturing requirements of the Build America, Buy America (BABA) Act for certain portions of its lineup of forklift trucks and container handling equipment.

That means the Greenville, North Carolina-based company now plans to expand its existing American manufacturing with a targeted set of high-capacity models, including electric options, that align with the needs of infrastructure projects subject to BABA requirements. The company’s plans include determining the optimal production location in the United States, strategically expanding sourcing agreements to meet local material requirements, and further developing electric power options for high-capacity equipment.

Keep ReadingShow less
map of truck routes in US

California moves a step closer to requiring EV sales only by 2035

Federal regulators today gave California a green light to tackle the remaining steps to finalize its plan to gradually shift new car sales in the state by 2035 to only zero-emissions models — meaning battery-electric, hydrogen fuel cell, and plug-in hybrid cars — known as the Advanced Clean Cars II Rule.

In a separate move, the U.S. Environmental Protection Agency (EPA) also gave its approval for the state to advance its Heavy-Duty Omnibus Rule, which is crafted to significantly reduce smog-forming nitrogen oxide (NOx) emissions from new heavy-duty, diesel-powered trucks.

Keep ReadingShow less
chart of global trade forecast

Tariff threat pours cold water on global trade forecast

Global trade will see a moderate rebound in 2025, likely growing by 3.6% in volume terms, helped by companies restocking and households renewing purchases of durable goods while reducing spending on services, according to a forecast from trade credit insurer Allianz Trade.

The end of the year for 2024 will also likely be supported by companies rushing to ship goods in anticipation of the higher tariffs likely to be imposed by the coming Trump administration, and other potential disruptions in the coming quarters, the report said.

Keep ReadingShow less