Skip to main content

RECAP: Protecting the Supply Chain with Jenni Hesterman

On March 27, NCITE hosted Jennifer Hesterman, Ed.D., for a presentation on securing the supply chain. Hesterman is retired Air Force colonel and a national expert on securing soft targets.

A photo of Jenni Hesterman next to text saying Werner Speaker Series: Protecting the Supply Chain" and "Jannifer Hesterman, Speaker"

On March 27, NCITE hosted Jennifer Hesterman, Ed.D., for a presentation on threats to the supply chain. Hesterman is a retired U.S. Air Force colonel and a national expert on securing soft targets.

The event was sponsored by Werner Enterprises and hosted by NCITE, the UNO College of Business Administration, and UNO College of Information Science & Technology.

Everything is Connected

Hesterman emphasized the interconnectedness of the supply chain with other pillars of society, including critical infrastructure, international affairs, and transportation. Threats to the supply chain include geopolitical tensions, security risks from third-party vendors, drones, insider threats, and others.

“We have to really be experts on what’s happening around us and in our environment,” Hesterman said.

  • Those looking to improve security at their organization can find more information from the government, including the Cybersecurity and Infrastructure Security Agency, and by looking at what other organizations are doing to protect themselves. “What I find as a practitioner, at the 30,000-foot level, is I see the best practices from everywhere that can be harnessed and used at your location. Everybody has a cyber problem, or everybody has an insider threat problem,” Hesterman said.
  • Public and private partnerships are helpful for security. Public agencies can offer intelligence on threats and regulations to address them, and the private sector can offer agility and creativity. “We have to work together. I mean, we’re in the same space and there’s so much to learn from each other,” she said.

Focusing on Risk

Hesterman said organizations should develop a risk-based approach, rather than a compliance-based approach, to security. This means organizations should be proactive about addressing unexpected threats, rather than simply checking items off a list to meet a compliance standard.

“The compliance-based approach sees the surface, and the risk-based model sees everything that’s under the surface, kind of like an iceberg,” Hesterman said.

  • From people in security to operations to oversight, everyone should be involved in risk and threat assessment, she said: “Everybody needs to be at the table ... Right now, it’s really important to have a holistic view of these processes and cross-functional collaborations.”
  • It’s often hard to see the return on investment for security measures unless an attack is identified and thwarted. However, adopting a security posture mitigates risk of attacks that could result in the loss of lives and the loss of resources.

The Need for Imagination

Threat actors are creative and adaptable, so organizations need to think creatively about how to secure themselves.

  • Security should be layered, and these layers can extend beyond the building premises. For example, monitoring the internet for people talking about your organization is a part of a layered approach. Security at main entrances can be another layer.
  • Security should be “baked into all your processes.” For example, Hesterman described how, when she was living in the Middle East, nearly all construction included considerations of security.
  • “Security can be beautiful,” she said, using the example of bollards designed as planters with trees or lights.
  • “Don’t put a bullseye on what’s important to you,” Hesterman said. She showed examples of critical infrastructure designed to conceal targets and deter attackers, including 5G towers designed to look like water towers and trees.
  • AI tools can help enhance security and identify unforeseen risk. But, Hesterman said, “Technology was meant to enhance human security, not replace it.”
  • “The takeaway is, you have to shape the environment that you want. You have to be proactive. You have to get on the defense. You have to take bold action and don't apologize for it,” Hesterman said.

NCITE Insights: Supply Chains and Soft Target Security

Hear more from Jenni Hesterman on our podcast, where she discusses the threats malevolent actors pose to supply chains and other soft targets. Since 2007, Hesterman has served as a security services consultant for the public and private sector, investigating transnational terror and crime threats and providing risk assessment.

Disclaimer: The views and conclusions contained in this podcast are those of the authors and should not be interpreted as necessarily representing the official policies or views, either expressed or implied, of the U.S. Department of Homeland Security, the University of Nebraska, or guest-affiliated institutions.

Listen and subscribe to NCITE Insights on major podcast platforms: