Predicting Risk and Optimizing Resilience of Digital and Physical Supply Chains

Author(s)

Hu, Kevin

Advisor

Levi, Retsef

Abstract

A number of disruptions and related challenges have affected the landscape of global supply chains in the past decade. These include the COVID-19 pandemic, geopolitical tensions, and cross-industry cyber breaches, highlighting the need for resilient and adaptive supply chain management. This thesis explores the role of data, machine learning, and analytics in developing predictive risk models to evaluate supply chain-related risks and optimizing the supply chain to improve resiliency. This thesis focuses on the two primary industry application domains of cybersecurity and the global shipping industry. Chapter 2 and 3 are motivated by the increasing prevalence of supply-chain related cyber breach incidents such as the SolarWinds breach in 2020. Chapter 2 develops the first predictive model for cyber risk that relies on innovative supply chain features. It utilizes large-scale data from more than 30,000 entity enterprises and their respective digital supply chain networks. In particular, this chapter develops descriptive features of the local supply chains of these entities, and then leverages these features to develop a supervised ML model for predicting whether an enterprise will experience a data breach incident. The results from this analysis demonstrate that local supply chain characteristics are significant predictors of data breach risk. Additionally, including supply chain features increases predictive power compared to baseline models that rely solely on internal enterprise features. Chapter 3 introduces an innovative global supply chain network graph and cyberattacker framework for modeling cyberattacker behavior in supply chain network environments. Theoretical analysis of this model proves that certain local supply chain characteristics determine an upper bound on the probability that an enterprise is compromised in this framework. Furthermore, the supply chain graph is calibrated with real data and then used to train an unsupervised reinforcement learning (RL) attacker agent. The agent traverses the supply chain network graph by cyberattacking and compromising nodes with the goal of maximizing its reward. The trained agent is used to produce an unsupervised risk assessment of the company nodes by simulating attacks within the network graph. The assessment, which is validated using public breach data, is competitive with basic unsupervised models and can significantly improve predictive performance when included as a feature for supervised models. An attractive aspect of this innovative modeling approach is that it does not require access to historical breach data needed for supervised models and algorithms, as unfortunately, the currently available data on cyber breaches is very partial and sparse. Chapter 4 develops a novel methodology for optimizing shipping container scheduling for the last leg in the shipping container global supply chain, called the \textit{drayage trucking} delivery process. The work in this chapter details the drayage trucking process from end-to-end and highlights key sources of inefficiencies throughout the process. An integer programming (IP) model is introduced to schedule each step in the drayage trucking delivery process to improve efficiency and minimize additional costs that are incurred as a result of inefficiencies in the container delivery schedule, which are known as \textit{accessorial charges}. The IP generates optimized schedules using industry delivery data, which are then compared with historical schedules. The results demonstrate that this approach can significantly decrease costs and improve container scheduling efficiency compared to current industry practices.

Date issued

2024-09

URI

https://hdl.handle.net/1721.1/157125

Department

Massachusetts Institute of Technology. Operations Research Center

Publisher

Massachusetts Institute of Technology