Corey Rhodes (00:00):
Hello everyone. I’m Corey Rhodes, the CEO of Everstream Analytics. I’m here to introduce Eric Elliot from Nissan. Eric, would you please come up? Thank you. Very much, sir. Appreciate it.
Eric Elliott (01:16):
So I grew up in the ’90s. Wrestling fans, not often in life you get your own walkup music in your adult life. So big plus for me, right? My name’s Eric Elliott. Senior manager at Nissan. My day job is I’m over cybersecurity for the Americas region. So essentially think third party risk monitoring, working with our suppliers, understanding what their ability to protect themselves are, assessing them, working with them, doing things like that. We’ll talk a lot about today about our resilience journey and cybersecurity is part of that resilience journey. So first let’s talk a little bit about Nissan as a whole. So Nissan has powertrain and vehicle manufacturing operations in 11 countries around the world. We sell to about a little over 190 different countries around the globe as well under the Infiniti and the Nissan brand. And depending on timing, anywhere from 30 to 40 different distinct vehicle models that are sold.
(02:12):
So move into the Americas region where our team has responsibility of headquarters out of Franklin, Tennessee, just south of Nashville. We sold a little over 1.2 million vehicles in the Americas region in 2024, with about 900,000 of those being sold in the US alone. So move into the Americas region. Again, this is where my team’s scope is, where our innovation team scope is and where this resilience journey is. So in the US, we have three manufacturing facilities. We’ve got a facility in Smyrna, Tennessee, which is just south of Nashville. Produced the rogue, produced some QX60, produce the Pathfinder, and produce the all new Murano. In Decker, Tennessee, which is just a little bit south of Smyrna, is our powertrain plant for the region. So produce powertrains, engines. And in Canton, Mississippi produce the Altima and the Frontier, which is what I own and absolutely love.
(03:07):
In Mexico, we have five manufacturing facilities, three that are really close together within about a five mile radius in Aguas Caliantes, Mexico. Plant A1 and plant A2, as we call it. Several vehicles for the Mexico and South America market, along with the Kicks and the Centra. Two brand new vehicle vehicles for the Americas market. In Cornavaca, which is just south of Mexico City, produce the Versa. And then Encompass facility, which is a facility in Aguscaliantes as well that is co-owned, cooperated with Mercedes. We build the QX50 and the QX55 Infiniti vehicles along with a few Mercedes models that are built there. Move further south into Rescinde, Brazil. A couple of kicks, an older model kicks and the new model Kicks is produced there. And then further, further south into Argentina, a facility that is co-owned and operated with Renault, where the Nissan Frontier for the South America region is built.
(04:06):
So we’ll talk briefly about our innovation team. And this is where all of our resilience journey kind of started, where the idea came from and where it went to execution. So the foundation of that is our people. So we had to identify people within the company that had innovation skills that we could train up to work in an innovative way. Move to the data analytics strategy that’s essentially centralizing all of our data together and being able to wrap analytics programs, workflow programs into working with that data. Regional systems, essentially finding systems that we can commonize and deploy completely across the America’s region, warehouse management, yard management, transportation management. So large SaaS type vendors that we can deploy across the region for economies of scale. And then lastly, and what we’ll talk most about today is our risk sensing, which is essentially intelligence monitoring and alerting for anything that might affect the supply chain.
(04:58):
And that’s where our sweet spot will be for today.
(05:03):
So the goal, ultimate goal was to transform Nissan into a highly proactive organization. And this really started around COVID, right? What really was just a blip in time, really transformed the way that companies operated, right? And what might 15, 18 months of time for COVID just transformed the way that businesses worked. And when we got done with COVID, there wasn’t a back to normal, right? It was figuring out what the new normal was. After that, immediately, what happened? Chip shortages. So we understood that we had to modernize the unpredictability of these events coming from out of nowhere. We had to learn how to prioritize, learn how to find these things before they happen and just be a more resilient organization. So we had teams of people that were just sitting on their hands, just firemen, waiting to react. The second of a problem came up, a react panic, hit the panic button.
(05:56):
We wanted to move away from that reactive into a fully proactive state where we got more of a watch tower, right? Where we’re looking over, we’re seeing everything that’s happening. We’re able to get the alerts early and react in a more proactive way.
(06:12):
So we really had these four resilience goals that our executive leadership had tasked us for doing. Identify the risk before they became issues, fairly self-explanatory. Get ahead of the storm. Help protect Nissan manufacturing. We wanted to be good partners with our suppliers, but at the same time, we want to make sure that the planes, trains, automobiles, things are flowing the way that they need to do to do business. Constantly observe the supply chain health. So we needed to be sure that we had the right people in place. We had the right tools in place to constantly monitor our suppliers, to monitor our logistics paths, to monitor everything, and then ultimately to shrink overall costs. That’s the goal. Panic costs money, and ultimately we wanted to take the panic out of the equation, address things in a calm, collected fashion, and just shrink overall costs.
(07:02):
So this is where we really defined what we felt our four pillars of resilience was. The first pillar is just tier end mapping, and that’s simply trying to find where all of our tier one suppliers were, not only who they were, but where they were physically located. And that was a bigger challenge than you might think. But after that, we had to find where our tier two suppliers, our tier three suppliers, where their supplier’s suppliers were at and just understand where that was. We had that data. It was part of our purchasing and procurement, but the data was in unformatted spreadsheets, PDFs, PowerPoints, back of a napkin. It really wasn’t usable. It wasn’t digitized. We tried OCR, we tried some screen scraping. There just wasn’t a way to get it in a usable fashion. So we went in, we partnered with a vendor. We created a custom program, custom application, worked with our tier one suppliers, get all of that data in, get it centralized and get it in a usable state.
(07:58):
Over the past six months, we’ve got about 93% supplier participation right now, and that number’s going to continue to grow. Second pillar was regulatory and compliance, global compliance, right? Something that everybody deals with. Import, export, the ability to monitor, the ability to see tariffs whenever they come, the ability to see forced labor issues and be able to monitor that. So we’ve partnered with a few companies, a few vendors that allowed us to be able to see that information. The third was the external threat monitoring. So it’s essentially external threat monitoring, being able to see where anything that could impact our supply chain externally might be coming from, and be able to alert it to that on time. And then lastly is the cyber threat. So the ability to monitor from a cyber perspective to assess from a cyber perspective and just see where the threats might be at.
(08:56):
So the tier end, being able to map where our third parties were at, that’s the core. That’s the foundation of the program. Just being able to get all of that information and get it into a good place, getting into a usable place where it can be consumed, because that is what allows all of these programs to work, all of these applications to work. So just from this simple view, top left, you can see where all of our tier one suppliers are at. Bottom left, you can see where all the tier two, top three or top right, our tier three suppliers and then bottom right, tier four and so on. Most of these are all the way down to raw material level. And I always think it’s funny, the bottom left, we have a tier two supplier in Hawaii. I don’t know what’s produced in Hawaii or where it comes from, but that’s a visit that my boss here hasn’t let me go on yet, but I’m working hard on it right Efrain.
(09:45):
All right, good deal.
(09:48):
So external threats. This is really the biggest thing that we wanted to get a handle on because this is the biggest challenge we had. You look at this and what do you think? All of this is unpredictable, right? And that’s what we had to overcome, a snowstorm that was just supposed to be a dusting, and it turns out to be eight inches of snow. We’re from Tennessee. We’re not equipped to deal with snow, right? We have 10 snowplows and a few good old boys that have a plow mounted to the front end of their pickup. We can’t deal with snow. So we had to be able to find a way to deal with that. I know that Atlanta, Birmingham, anybody like that will agree. So cyber threats, the cyber attack that happened overnight, regulatory issue that happened, nobody saw coming, promised tariff that you knew was coming, but has been in a constant state of flux.
(10:36):
So we needed a way to get ahead of this and to be able to cast the widest net, to be able to understand where the threats were at, where they would be coming from and what we needed to do to react. So for this, we looked at a lot of different vendors. We talked to a lot of different vendors that were kind of in this space, and we really landed on the one that best met our needs after several proof of concepts and a lot of interaction. And that’s where the Everstream partnership came to fruition with Nissan. So they had all of the things that we needed to be successful from our external monitoring. So configurable alerts. We needed to make sure that the alerts were getting to the right people at the right time, depending on what the alert category was and depending on the risk level.
(11:23):
Accurate data mapping. We needed to be sure that we could get our internal Nissan data into the tool, into the platform, and it’d be usable and in concert with the platform data. Training for optimal utilization. We needed to make sure there was a robust training plan in place that can train users at all levels of the organization, regardless of where they may be physically. We have people in Brazil, we have people in Argentina, we have people in the US, Mexico. So we needed training Portuguese, Spanish, English, and online and live training, and all that was offered. Weather forecasting was particularly important to us. And we’ll talk about that a little bit more in a bit. Advanced UXUI, we needed to be easy to use.This was not going to be anybody’s number one job, and we needed the tool to be easy to use, easy to consume, easy to work within, and it gave us that.
(12:16):
And then lastly, the geographic mapping capabilities. We wanted to make sure all the work that we had done capturing and gathering all that physical location of the tier-in facilities, we could load into the platform and it could be monitored effectively. So we’ve talked a lot about tools. We’ll get into techniques and kind of some examples of what we’ve seen. So at the top here, you see all the alerts that we saw from initial implementation sometime around September, October of last year to today. 6,000 alerts and 66 actionable items, but let me break that down a bit. From September to December, there wasn’t a lot of alerts coming in. And what we saw was we didn’t have the system configured right. You have the ability to configure highly … It’s highly configurable the type of alerts you get, the categories that you get, and how you get those on.
(13:09):
Now, granted, we had, what is it? 20 actionable alerts out of that, but we felt like it was more. So starting in January, we kind of opened the net up, right? We started getting all logistics alerts. We started getting port information. We started getting everything from the automobile industry and not just inside the Nissan network. We got a lot more alerts. Everybody takes … We have somebody that looks at all of these alerts. Some of them are actionable, some of them are not actionable. But in total, we’ve had 66 alerts for the time that we’ve had the program up and running that have required some type of alert by Nissan or some type of action by Nissan to remediate. But that’s the good part, right? That’s the easy part. That’s what the platform gives us. The hard part is what do you do? It gives you the breadcrumbs of what the alert is, what the problem is, but it doesn’t tell you how to react.
(14:07):
So that’s where we built in playbooks, as we call them. So essentially, it’s a series of tasks, workflows. Whenever alert comes in, depending on the alert type, depending on the severity, depending on the region where the plant is impacted, there’s a specific workflow that is built for everybody, depending on whether operational, forced labor, cyber. We’ve got 10 to 12 different workflows that are built out and specified within each region, within each plant because of the 10 plants that we have in the region, each supplier may affect that plant differently. So as an alert comes in, that alert is assigned to somebody in that category area and they take this workflow from beginning to end. And this is very cross-functional. We have it anywhere from inventory control to production control, to purchasing, to logistics, to legal, to corporate communication. So it was very cross-functional getting these workflows in place to be able to define who does what whenever an alert comes in.
(15:12):
We did have to get a lot of buy-in. There honestly was a little bit of pushback because we’ve always had the firemen that had been waiting, sitting on their hands, ready to hit the panic button and go. So it did require a little coaxing, but we do have all of these workflows in place and everything is working good. No, there’s no two alerts that are the same. So we are modifying, we’re evolving our workflows as we go to get them to be more comprehensive, and we’ve had great success with that. So we get into some individual things here, and I’m not going to dive deep into cyber. That’s another Gartner conference in DC, but we’ll talk a little bit about cyber alerts. So today, it’s about every week that somebody on my team is having to work a cyber alert. It’s a huge industry, right?
(16:01):
It’s estimated that cyber is going to be a 10 trillion with a T dollar industry in FY25. And just in Q1 alone of 2025, the industry’s seen a 47% growth. So if you have an industry that’s making trillions of dollars and it’s grown by 47% in one quarter, things are not going to slow down. So we have to constantly monitor and alert. So when we get an alert come in, we’re not only protecting production, it’s twofold. We have to protect production and also protect Nissan. If the vendor has any, the supplier has any type of live connections, if it was a ransomware attack, if it was a phishing attack, we have to do different things internally to protect Nissan internally, Nissan information systems, but also we have to work with our supply chain and we have to work with our manufacturing plants to make sure that production is still happening.
(16:50):
In the past, these are alerts that we would not have gotten. And there was always kind of a pattern whenever a cyber event would happen at a supplier location. First, it would be we’d get a call, “There’s something wrong with our EDI. We’ll send you a manual ASN.” A few days later, it’s, “We can’t print labels. Don’t know what’s going on, but we’ll still get you the parts.” And then three days after that, we’ve had a cyber attack, our systems are down, we can’t send you parts. So getting these alerts ahead of time allow us to react more proactively, work with our suppliers and really just keep the production flow going, keep the parts flow going as best we can if we need to order ahead or whatever we need to do to get the parts there. So third party is where the majority of cyber attacks happen these days.
(17:38):
Most companies do a good job of protecting themselves, but it’s very hard when that vulnerability is spread out to your third parties if you have their live connections and things like that. A lot of large companies do very well. A lot of the smaller companies we work with, I’m not entirely sure how they keep their email up and going, much less how they protect themselves from cyber attack.
(18:01):
So moving on to weather alerts. And this one, as I said, this was particularly important to us. So if you can see here in the orange, the tornado alley, as it’s called, it used to be in the North Texas and Arkansas, Kansas area. Due to geographic conditions, meteorological conditions, that has kind of shifted to the right and it is smack over the dead south and the Xs are a little bit to the right of where they should be, but those X’s are the Nissan plant in Canton, in Smyrna, Tennessee, and our Franklin location and Decker location is smack in the middle of that red blob. And then also 70% of our suppliers are in the middle of that red blob as well. So that impacts delivery immensely. And we needed to be sure that our information was in there, our logistics information is in there, our tier one to tier N physical locations were in there to be able to predict where the storm may be and effectively where the supply chain issues, parts delivery issues may be in April of this year.
(19:12):
We had 40 plus tornado alerts come in within the platform. Huge line of training storms were coming in right over the top of the Tennessee, Mississippi Valley.
(19:26):
After the tornado alerts, there’s severe flooding, there’s flash flooding, there’s everything that comes associated there. Of those 40 tornado alerts that we had and all the other alerts that we had, we had exactly zero manufacturing issues as a result of that. And it wasn’t an accident, right? It required careful coordination, our supply chain team working with the suppliers before the storm and after the storm to understand what the impact may be and just constant communication to keep the supply chain and the parts coming. And lastly, operational alerts, and this is something that was previously impossible to get, especially anything beyond tier one, right? These were often hidden until it was a true impact, especially when you start talking about labor issues or strikes or port strike or transportation strike or something like that.
(20:18):
We get the alerts now and it allows for immediate reaction from tier one to tier in. Example of this, few weeks back, we had a fire at one of our tier two facilities. That is normally before we had these tools in place, it’s something we would have not known anything about. Not only we would not know if there was a fire at a tier two facility, we would not have known that that tier two facility supplied seven other of our tier one manufacturing facilities that deliver production parts. Getting that information early, allowing us to pick up the phone, call the tier one suppliers in the US, call the tier one suppliers in Mexico, and that’s what the impact might be, allowed them to get ahead of things, to understand where the problems might be and to order appropriately. Two of these suppliers did have pretty critical issues with that and getting the parts to the components to be able to manufacture the production parts for us.
(21:13):
We weren’t bulletproof. We still had a little bit of an issue here. I think we estimated it to be about 5% of what it could have been if we didn’t get the proactive steps in place and kind of initiate the operational playbook. And what’s kind of funny with that as well, one of those suppliers, when we called and said, “Hey, are you going to have a problem with fire at X facility that we got what fire where at?” So we’re being better partners with our suppliers, having this information, being able to work with them because it’s data that they may not even have. So we’ve seen great success.
(21:50):
So finally, we have seen a tremendous amount of success with having these four pillars of resilience in place. About 10% of the alerts that we get within the Nissan network are actionable. So it’s something that we can take an action on. And of the ones that we take action on, 90% of those have resulted in a zero financial loss. Again, we’re not bulletproof, things are going to happen, but we’re in a much better place than we were before. And we estimate over the first six months of usage, we’ve had a seven figure cost avoidance getting these alerts, being able to work proactively. From a people perspective, we have over 200 users in the Americas region that are currently on the platform and working in it day to day and really just changing the mindset. We talked about, we had the firemen, the guys that were sitting on their hands just ready to react, the second alert come in.
(22:44):
We truly do have the watch towers in place. We have the right people getting the right alerts at the right time to be able to react appropriately. Our production planning and forecasting are much more stable and consistent because we know where the problems may be way ahead of time. And then finally, our supply chain data is more accurate. It’s more concise. All the work that we’ve done on the front end, gathering the data on the back end, filtering that data out to our vendors, our SaaS vendors that we’re working with, that we’re partnering with resilience. It just allows us to be more resilient overall and allow all these tools to be able to work together.
(23:24):
So as far as future planning, as with anything, we have to evolve, right? So we do plan to extend the solutions all the way into South America. Right now, we have a few things in place in Brazil, but we’re going to extend the solution fully into South America over the next probably five to six months. The other thing that we’re really excited about is we’re going to integrate our supply chain resilience program in with our physical security team. So essentially, we’re going to embed our supply chain team in with our physical security team. So think NASA control center, but for supply chain, right? We’re going to have people in place that are monitoring our supply chain with the same people that are physically monitoring Nissan physical locations in the Americas region. So we’re really excited about that. Lisa McClure sitting down here is heading that up.
(24:14):
She’s going to kill me. If I end up missing, she did it. And then lastly, we want to be able to pull all of this information into kind of a single pane of glass, right? Today, all of this information is an independent system. So we have one system that does regulatory. We have one system that does external, one system that does security, one system that does the tier end mapping. So we want to have a way to integrate all that data together into kind of a single pane of glass where we can intermingle all that data together and then ultimately leverage AI on top of that to be able to make small decisions from an AI perspective. And then if human interaction is needed, flag that and alert that for human interaction. So kind of some stretch goals there, but we are excited about where we are and excited about where the future is.
(25:02):
So ultimately, in summary, we’re transforming to a connected, resilient and predictive supply chain. We change our people. We had to change our people and our mindset to be more proactive, to understand where they could be more proactive and to not be the firemen. There’s a lot of adrenaline to being able to be a fireman, but there’s not a lot of cost savings in being firemen. So the earlier we can get ahead of things and work in a proactive way, the better off that we are. We’ve got our systems in place, right? We’ve got best in class systems in place that are all working together to be able to monitor our supply chain, find issues before they turn into risk or find risk before they turn into issues and to be able to react accordingly. And then risk sensing and prediction is more important than ever.
(25:51):
With the unpredictability of the world today and the unpredictability of the supply chain, we really have to have things in place to be able to monitor and to work on a daily basis. So resilience we’ve found is it’s not a race, it’s a journey and it’s something that you’re never going to win. You just have to continue to evolve. And as a video at the beginning, the only thing certain is the uncertainty. The challenges are going to continue, the bad guys are going to get smarter, and we’ve got to continue to evolve. So thank you guys for the time today. Visit the Everstream team at Booth 300.