For links and show notes, mouse over the player and click the .
Transcript
Brett Williams is a senior leader, board member, keynote speaker, consultant, and coach with extensive experience leading large, complex, multidisciplinary organizations. Following a successful 33-year Air Force career, he co-founded IronNet Cybersecurity. At IronNet, Williams served in multiple roles, including COO, and was instrumental in taking the company public on the NYSE in 2021. Since retiring from the military in 2014, he has gained significant experience with all aspects of starting and growing a business, including marketing, sales, product development, software engineering, data science, finance, and internal operations.
During his time as an Air Force General Officer, Williams served in four senior executive leadership positions. As the director of operations at U.S. Cyber Command, he led a team of 400 people responsible for the global operations and defense of all Department of Defense networks as well as the planning and execution of authorized offensive operations. Prior to this position, he served as director of operations, U.S. Air Force, where he led the largest air staff directorate, consisting of more than 1,300 airmen and civilians stationed world-wide. In this role, he developed and justified the operations component of the annual $120 billion Air Force budget. Williams also served as the director of communications for U.S. Pacific Command. His 150-person directorate executed an annual budget of $57M and was responsible for the design, implementation and operation of all command and control networks supporting DOD’s largest geographic warfighting command. Finally, as the inspector general for air combat command, he led the inspection, audit and compliance process for all U.S.-based combat flying organizations.
Operationally, Williams led a variety of large, complex organizations ranging in size from 300 to over 9,000 personnel. In his most significant operational leadership position as 18th wing commander in Okinawa, Japan, he led the largest combat wing in the Air Force. Williams was responsible for relationships with Japanese political and business leaders in a highly volatile community environment. He executed an annual budget in excess of $100 million to support a community of over 25,000 U.S. service members, their families, and Japanese employees. He delivered success across a wide variety of mission areas, including aircraft operations, aircraft maintenance, logistics, civil engineering, security and policing, community support, human resources, financial management, and medical services. Williams is an F-15C fighter pilot with over 28 years of flying experience, including more than 100 combat missions.
Williams is a keynote speaker, leadership coach, and cybersecurity expert. He has appeared several times on national television and testified before the Senate Armed Services Committee. Williams has served as a faculty member with the National Association of Corporate Directors Board Advisory Services as well as a guest professor at Duke University. He has served on the Defense Science Board and on a variety of corporate boards. Williams holds a BS in computer science from Duke University and three graduate degrees in management and national security studies. Williams met his wife of 41 years, Lt. Col. (Ret.) Marianne Tango Williams, in Air Force ROTC at Duke. They live in Durham, N.C., where they actively support the university and mentor Air Force ROTC students from across the country. They have two children, Mikaela and Sean. Sean is an Air Force Captain flying the F-16.
How vulnerable are supply chains to cyberattacks? Shipping demand continues to be sluggish. And new tech for retailers.
Pull up a chair and join us as the editors of DC Velocity discuss these stories, as well as news and supply chain trends, on this week's Logistics Matters podcast.
Hi, I'm Dave Maloney. I'm the group editorial director at DC Velocity. Welcome.
Logistics Matters is sponsored by Beckhoff. Have the entire digital fufillment center at your fingertips with automation by Beckhoff. It's digital transformation done right. For more information, please visit Beckhoff.com/intralogistics.
As usual, our DC Velocity senior editors Ben Ames and Victoria Kickham will be along to provide their insights into the top stories of this week. But to begin today: Safeguarding critical data should be one of the highest priorities of any supply chain operation, but just how vulnerable our supply chains to cyber attacks and data corruption, and what can we do to stop them?
To find out, I spoke recently to one of the nation's leading experts in cybersecurity. Retired Major General Brett Williams is the former director of operations at the United States Cyber Command. That's a unified combatant command launched in 2010 to strengthen the Department of Defense's cyber capabilities and expertise, and while there, Major General Williams led a team of 400 people responsible for the global operations of protection of all Department of Defense computer networks, as well as the planning and execution of authorized offensive operations. After he retired from a 33-year military career, General Williams cofounded a business called IronNet security, and he continues to be a consultant and sought-after expert in cyber security. Here now is my conversation with Brett Williams.
Thank you, Brett, for joining us today on Logistics Matters.
Brett T. Williams, Major General, USAF (Retired) 01:57
Yeah, thanks, Dave. It's a pleasure, and I'm privileged to be able to join you today to talk about what I think's a very important issue for your listeners.
David Maloney, Editorial Director, DC Velocity 02:07
To begin, how did you move from being a military commander to a cybersecurity expert?
Brett T. Williams, Major General, USAF (Retired) 02:13
Dave, I kind of kid, you know, I was in the Air Force for 33 years, 28 years, I was an F-15 pilot, and then I passed a highly selective screening process to move over into the IT and and the cyber world, and I finished up the United States Cyber Command, and so I had a pretty broad responsibility for making sure DoD networks were defended, as well as planning offensive operations. And the reason I think that's relevant to the audience here is that, you know, when I moved into this space about 12 years ago, I didn't, other than a 1981 computer science degree from Duke, I didn't have any background in this. But I put in the effort to learn, to get a little bit of technical expertise, and I think that concept's extremely important to the business leaders that are listening to this. They can't afford to delegate the risk decisions in this world of cybersecurity solely to the technical experts, whether they're in their company or they're outsourced. They need to get some relevant knowledge in this field so that they can decide, you know, what's appropriate for my company? What steps do I need to make sure are being taken? They need to be able to have, you know, an intelligent conversation, I call it, with whoever provides their cybersecurity in the same way they have with with everybody else on their leadership team. So I encourage them all to spend a little time to get familiar with these issues so they can ask the right questions and make sure the answers that they're getting make sense and will protect their business.
David Maloney, Editorial Director, DC Velocity 03:49
We continue to hear in the news about different breaches of security systems, and this computer was hacked or that company faced some sort of a ransomware. What are the biggest threats currently to our information systems and where are they coming from?
Brett T. Williams, Major General, USAF (Retired) 04:02
Yeah, there's two broad groups of threats out there. There's what we refer to as the nation-state threats, and for the United States, that continues to be China, Russia, North Korea, and Iran; and then the criminal groups that exist out there. But I think the most important thing for people to keep in mind is that they're no longer worried about, you know, the, the teenager in his basement and a hoodie that's hacking for fun. Whether you're talking about nation-state threats, or you're talking about criminal groups, these groups are well resourced, they're well trained, they have great expertise, they have great tools, and they are deploying those broadly. I would argue that there's no company of any size in any sector that doesn't have to consider the possibility that they can face a very advanced type of cyber attack.
David Maloney, Editorial Director, DC Velocity 04:52
And I think that's an issue that a lot of companies have, is they think, Well, I'm a small company. Why would somebody want to come after me? But the threat is real for everbody, right?
Brett T. Williams, Major General, USAF (Retired) 05:01
That's 100% right, and especially in the logistics business, you know, when we start talking about supply chains, etc., every company that's part of that supply chain is a potential target.
David Maloney, Editorial Director, DC Velocity 05:12
So that leads into the next question: In what ways are our supply chains under threat?
Brett T. Williams, Major General, USAF (Retired) 05:18
I would encourage the folks listening to this podcast, Dave, to consider supply chain in two ways with regards to the business that they're in, is number one, I would call it a strategic issue, right? Where, as Covid has shown us, this, the group of listeners to this podcast have known this for a long time, but the Covid really brought supply chain into the, you know, the common vernacular, and people understand that disruptions to supply chains are serious issues. And the other people that understand this are the people that would seek to potentially cause us harm, particularly those those nation-state threats I talked about. And they know that if they can interrupt these national supply chains that impact our economy, that impact our security, that impact our ability to do logistics, in the case we're talking about here, that they can cause significant internal friction, and they can really put us back on our heels, if they can interrupt those supply chains. And so I encourage listeners of this podcast that, you know, no matter how small they think their company is — maybe you just supply some software that helps people manage inventory, or maybe you're a very large trucking or rail company that coordinates deliveries all over the country or all over the world; you have a critical role in the supply chain that supports both our national economy and our national security. And these threats know that the smaller companies are the least well-defended, yet at the same time, they're frequently a critical cog in this supply chain. So the first thing I would ask folks to consider is that you are part of our national security. Your ability to make the supply chain work, and not bring risk to that supply chain, I would argue, is a national security issue, and I would ask you to take it that seriously. If we bring down supply chain to a more, let's call it a tactical issue, or at the company level, what you have to think about is that, you know, none of these companies operates alone. You have a supply chain, a quote, unquote, supply chain that you rely on to make your business run, and more than likely, you are part of a supply chain that makes another business run. And so, as you look at your supply chain, you have to take it very seriously, particularly when you're sharing data, or you're giving maybe these 3PL types of folks access to your systems, what kind of security are they maintaining, and how do I know that they're maintaining that security and protecting my interest? At the same time, you have to realize that you have a responsibility when you're providing services to another company to do the same. You know, number one, you don't want to bring risk to their operation, but number two, there can be some significant liability concerns if you become the one who somehow exposes data, or somehow interrupts the operations of that company that you supply goods or services to. So, kind of a long answer there, but this idea of supply chain, you know, has many meanings to many people, you know, and at that national level, it's about getting goods and services where they need to be on time to support our economy, to support our national security, and you're a critical part of that. And then at that more direct company level, think about the people that you rely on, what kind of information or what kind of risk are you essentially opening yourself to when you work with them, and how are you making sure that risk is controlled? And then on the other side, who do you provide goods and services to? Whose data, what companies trust you with their data, and how are you protecting that and making sure that, you know, you don't become the security risk for that other company that you have that very important business relationship with?
David Maloney, Editorial Director, DC Velocity 09:09
Sure. And if you're, as you're saying, you feel that the threats to our supply chains are national security issues, what are the potential costs to our nation if our supply chains are disrupted in this way?
Brett T. Williams, Major General, USAF (Retired) 09:22
I would argue there's two costs, Dave. Actually, the cost that worries me more is kind of almost cultural — is that, you know, in the United States, we've gotten used to Amazon delivering tomorrow, if not this afternoon. You know, we've gotten used to be able to stream anything, we want. We've gotten used to the ability to communicate with almost whoever we want. And so, what we've done is we've created a situation where we're vulnerable to that, and we're very sensitive to that. So as these supply chains are breached, our adversaries are not going to attack us in physical space in the South China Sea or someplace else directly. They're first going to come to the homeland, if you will, and they're going to try to impact supply chains that maybe affect health care, or maybe affect finance, or affect the delivery of critical goods and services, or just get in and mess up things like our air-traffic control system, or the systems that control, you know, trucking around the country. And so all of those have the impact of getting us to focus internally. They become political issues very quickly in our country. And [the] more we focus internally, the less we're focused on those those threats. So, that cultural issue, to me, is huge, and then there's the real issues of, you know, the stuff doesn't get to where it needs to be, right? And it affects our economic system, which affects our national security. So, it's hard to think of anything that's much more important than the supply chains that our listeners support.
David Maloney, Editorial Director, DC Velocity 10:51
Brett, can you share some examples of how some of these systems have you been breached? And what were the results of those breaches?
Brett T. Williams, Major General, USAF (Retired) 10:57
Yeah, I think, you know, a couple of the recent ones in the last couple, three years that are mainly most relevant to this audience was the the attacks the Not — that was called NotPetya, but I think everybody heard of the impact on Maersk, the very large global shipping agency, and that was literally billions of dollars in costs. And certainly, they weren't the only ones that bore the cost, right? There were a lot of people relying on them. And so, that was a system that was breached, initially, through what everybody's familiar with today, ransomware, and extortion, where their systems were locked up and they weren't able to do business like they normally do it, and we we saw how quickly that cascaded through the global supply chain. Another example, which you may not immediately think is relevant to this audience, was the ransomware attack that happened against the Colonial Pipeline. And the problem with that wasn't that they couldn't move oil in the pipeline anymore; it's they couldn't account for where it went. It was essentially the distribution and billing system. They can continue to move oil safely, but they couldn't track how much went where, right? And so there's kind of a direct, I think, analogy with, you know, folks that provide a lot of the services that your listeners do, is that it's one thing to get the truck from point A to point B; it's another thing to make sure it gets invoiced correctly, it gets paid, and that the driver knows where they're going next, right? And so, those types of attacks, particularly ransomware and extortion, if you look at this sector of the economy, about 25% of the attacks are these types of ransomware attacks. So, starting with making sure you're protected against ransomware, that you've got good basic hygiene in your systems. If you can make yourself just a slightly harder target than the next guy through some of these basic security practices, you can help protect yourself against those types of attacks.
David Maloney, Editorial Director, DC Velocity 12:55
So what can supply chain managers do to make sure that they ensure the security of their systems and their supply chains against any kind of potential threat or cyber attack?
Brett T. Williams, Major General, USAF (Retired) 13:05
Right. Well, there's three quick things that I would make sure that they do is, one, they've got to identify their critical data — you know, what data, if it were exposed or manipulated or destroyed, or what system, if it went down would have a strategic impact on their business. And so they have to prioritize their efforts to protecting those data and those systems. The second thing is, is that basic password security: two-factor authentication, the things people get very bored hearing about, are extremely important for basic security. And then number three, your best protection against ransomware is these two things: is making sure that you're very strict on identifying who has access to your systems, and that you have these multiple ways of making sure that they authenticate who they are, and only people authorized are in there. And then number two [sic], is that for all that critical data, we had, or all those systems we talked about, that you have good backups, and these backups have to be done correctly. They can't be connected to your normal system every day, because the bad guys get into the system, they immediately look for a backup, and they corrupt that as well. So you really have to understand, a) are you doing these backups and b) how are they managed — are they separate, etc.? And then I guess, wrapping all that up is, if you're the business leader in this company, whether you outsource this work or it's done internally by your staff, don't delegate the risk decisions. In other words, you're not going to be the technical expert, but you need to know enough about it to make sure that I am mitigating the risk that's relevant to my company, and you know, here's what the investment I'm making in that is, and here's what the payoff is. And if you don't understand some of these basic terms and concepts, you know, that will be very difficult to do, so I encourage them to get smart, ask questionsand be very honest Active in understanding how their systems are protected from cyber attacks.
David Maloney, Editorial Director, DC Velocity 15:05
That's very good advice. We've been talking to Brett Williams. He's a retired Major General with the United States Air Force, and formerly the director of operations at U.S. Cyber Command, and now also the cofounder of IronNet Cybersecurity. Thank you for being with us today.
Brett T. Williams, Major General, USAF (Retired) 15:23
Thanks very much, Dave. I enjoyed it.
David Maloney, Editorial Director, DC Velocity 15:26
Now let's take a look at some of the other supply chain news from the week. And Victoria, we've seen the slowdown in recent months of the trucking market, and you wrote this week about how carriers will continue in the early part of the year to compete for some of that more limited demand from shippers. Can you share some details?
Victoria Kickham, Senior Editor, DC Velocity 15:43
Sure, absolutely. Dave. So yeah, a slowing economy continues to affect the trucking sector, and, as you say, we've seen falling demand for services since really the end of last year. That's driven by inflation, concerns of a recession, and a general sense of uncertainty in the economy. An industry report out this week reinforced those issues, showing that, as you say, carriers will continue to compete for limited demand, at least through the first quarter. This all comes from the Cowen/AFS Freight Index, which is produced by Cowen Research and third-party logistics services provider AFS Logistics, and it was published this past Tuesday. The index is a forward-looking report on transportation-industry conditions, and it's drawn from AFS Logistics' own data and predictions based on that information. The Q1 outlook calls for continued slowing in transportation markets generally, and conditions that are trending more favorably for shippers. But that's not the whole story. The analysis shows that the truckload sector will continue to slow — rates will fall there — while rates will likely increase for less-than-truckload and parcel shipments. And that's mainly because of some general rate increases and surcharges that carriers are using to try to boost revenue under these weaker overall economic conditions.
David Maloney, Editorial Director, DC Velocity 16:59
Victoria, how does this match up to other recent trends or predictions that you've reported?
Victoria Kickham, Senior Editor, DC Velocity 17:04
Yeah, well, we've seen, as I said at the outset, a general slowing in demand for services, and I said since you know, late last year, but really, it extends back, for the broader logistics industry, since the middle of last year. And that was really a slowdown from what many have referred to as the unsustainable strong growth across the industry that we saw during the pandemic. This is something we've been tracking via the monthly Logistics Managers' Index [LMI] report. As I said, at the height of the pandemic, demand for logistics services, and transportation especially, it was really off the charts because of accelerating e-commerce, demand for faster delivery, and all of that. The report I wrote about this week is in line with the LMI and other recent industry reports that point to the effects of a slowing economy on the supply chain this year, and earlier this month, for example, we saw another report from German container logistics platform Container xChange, and that found that inflation and potential recession are among the top concerns of supply chain Leaders worldwide, and they say that the industry is in for a challenging year. The respondents to that report said that any supply chain disruptions this year would be driven by these macroeconomic conditions. But again, we are slowing down from unprecedented strong growth during the pandemic, so it remains to be seen just how deep and painful a downturn this year may be.
David Maloney, Editorial Director, DC Velocity 18:25
Right. As you mentioned, that really wasn't sustainable, what we've seen in the last couple of years, so a slowdown is really more of an adjustment back to more normal conditions, before things went a bit crazy earlier. Seems that way, yeah.
Victoria Kickham, Senior Editor, DC Velocity 18:37
Thanks, Victoria. You're welcome.
David Maloney, Editorial Director, DC Velocity 18:39
And Ben, you were at the National Retail Federation show earlier this week in New York City, and in some ways it's almost like a Disneyland for retailers to see the latest and greatest. What were some of the highlights you found there?
Ben Ames, Senior News Editor, DC Velocity 18:49
Yeah, that's a good description, actually. This is the the big retail show that's held in the Javits Center in New York City, there, and every year, you know, it's full of brands and vendors and stores, of course. But, you know, in recent years, there's an increasing overlap between that purely retail sort of operation, and also the core warehousing and transportation stuff that we cover in the magazine. For sure, this year's show had some of that Disneyland stuff, the cutting edge technology. There were several talking holograms. One of them was just repeating a recorded loop, but another one was holding a live video call. I think they were in Kansas City. The actual woman whose image was on the hologram did this is sort of within a box, like the shape of maybe your shower stall, if you can imagine it, on the show floor, and it was kind of like having a full-body three-dimensional Zoom call with the person. There were also smart shelves that we've been hearing about a couple years, that can keep track of whatever inventory is on them or it can automatically change the prices. There was also contactless checkout stores, also called just walk out, where you can just skip the cash register and, you know, stroll out the door with your groceries or items. That's assuming that you've already registered in the store system beforehand, of course. And another display that got a lot of attention was from Walmart — of course, enormous retailer there — but they were showing off their GoLocal platform. They launched it about a year ago, but it's been gaining momentum since, and it's a package of software and Walmart's network of delivery drivers that they've now opened up, so any retailer can become part of this and change their brick-and-mortar store into an omnichannel, or doing, fulfilling online orders, or doing you know, curbside pickup. So Walmart's system sort of enables that for smaller retailers.
David Maloney, Editorial Director, DC Velocity 20:54
Well, that does look like a really fun glimpse of the future, but are some of the cutting-edge technologies that you talked about really ready for broader marketplace adoption?
Ben Ames, Senior News Editor, DC Velocity 21:05
Great question. I was a little skeptical about that, like, you know, the hologram stuff is, you know, gee-whiz, kind of cool, but I'm not totally sure about the business applications yet. I guess we'll see. But I was interested that one of the classic warehouse tools,was also getting a lot of attention, a lot of promotion, and that's the basic barcode scanner. You know, people have been relying on those for everyday tasks for decades, but you still see a lot of improvements every year. I talked to folks at Honeywell, ProGlove, Zebra, and Scandit — so a lot of, you know, big companies that put a lot of work into this, but they had some neat improvements, really, to this boring old scanner that make them really a lot more powerful and easier to use. I can give some examples. Some of these guns can scan a barcode that's 30 feet away. So that could be at the top of a tall shelf, or in a warehouse and at the top of the rack. The newer guns, they can pair with your headset, like for voice-directed picking, or with a ring scanner on your hand, or a hip-mounted printer, so you can print out a new tag or barcode or price. They can give feedback in a lot of different ways to the person who's using this handheld scanner. For example, haptic, which means, like, buzzing, or visual or sound, so it depends on the preference of the user to some extent. Talking about the preference of the user, they can communicate in different languages. So, depending on the language of the of the worker, the associate, or even, they can use tunes, or emojis, like a happy face or a sad face, to indicate if that was the right choice. Some of them can read multiple barcodes at a single scan. You can take pictures of a whole shelf; it'll read all those barcodes. Some of them had some augmented reality. They can, on the screen, they can superimpose like a green dot over the target that you're supposed to scan. Also push-to-talk communications, like a walkie-talkie. And one of them — I appreciated this one — allowed employees to check their work schedules on the device in their hand; they can request time off, or they can swap shifts with a colleague. So, these machines are way beyond the point of just doing a, you know, single, simple job in the warehouse. Scanning barcodes is still a really fundamental part, either in retail or in the DC, of what we do, but these are increasingly really built around the worker. So, it'll be really neat to see as these you know, start hitting the marketplace in the coming weeks.
David Maloney, Editorial Director, DC Velocity 23:39
Yeah, some good innovations there, and it will be interesting to see how the technologies like these will be deployed in the future and what will be even coming next after that.
Ben Ames, Senior News Editor, DC Velocity 23:48
Yeah, we'll keep an eye on it for sure.
David Maloney, Editorial Director, DC Velocity 23:49
Thanks, Ben. We encourage listeners to go to DCVelocity.com for more on these and other supply chain stories, and check out the podcast Notes section for some direct links on the topics that we discussed today.
And our thanks again to Brett Williams for being our guest. We welcome your comments on this topic and our other stories. You can email us at podcast@dcvelocity.com.
We also encourage you to subscribe to Logistics Matters at your favorite podcast platform. Our new episodes are uploaded on Fridays.
Speaking of subscribing, check out our sister podcast series. It's called Supply Chain in the Fast Lane. It's coproduced by the Council of Supply Chain Management Professionals and Supply Chain Quarterly. Subscribe wherever you get your podcasts.
And a reminder that Logistics Matters is sponsored by Beckoff. Have the entire digital fulfillment center at your fingertips with automation by Beckhoff. It's digital transformation done right. For more information, please visit Beckhoff.com/intralogistics.
We'll be back again next week with another edition of Logistics Matters. Be sure to join us. Until then, have a great week.
Articles and resources mentioned in this episode:
- IronNet Security
- Carriers will continue to compete for limited demand
- Walmart boosts investment in GoLocal delivery as a service platform
- Visit Supply Chain Quarterly
- Listen to CSCMP and Supply Chain Quarterly’s Supply Chain in the Fast Lane podcast
Go to main Logistics Matters archives page | 2022 archives | 2021 archives | 2020 archives