Supply chain cybersecurity governance is a top priority among FENC’s brand customers, and the Company has responded by introducing a dual-rating system in 2025, incorporating SecurityScorecard and Bitsight to safeguard information security. In 2026, FENC is giving its domain and supply chain cybersecurity management a complete upgrade by layering machine learning (ML) and automated analysis upon the existing FE Attack Surface Management Platform (FEASM). The upgrade marks a departure from passive stocktakes. Instead, FENC is moving towards preemptive warning and smart decision-making. By combining the in-house platform with ML models, FENC is constructing an intelligent joint defense architecture, linking internal and external forces from subsidiaries and supply chain partners to strengthen digital resilience across FENC.

Intelligent external attack surface governance (visualized risk control from the inside out)
AI-driven continuous monitoring facilitates systematic stocktakes of risk exposure from external domains and digital assets. FENC has reinforced the firewalls and implemented a real-name access and exit requirement for the Domain Name System to detect high-risk factors and potential misuses in advance. Instead of passive disclosure, FENC is taking a preemptive approach with proactive and controllable management of external attack surface risks, thus reducing human-induced or legacy system risks.

AI-driven joint defense platform for attack surface and supply chain 
The in-house platform, FEASM, automatically integrates threat intelligence, supply chain risks and internal knowledge base to conduct automatic cybersecurity stocktakes focusing on the attack surface, perform risk classification and issue real-time warning. The joint defense and reporting framework covers over 20 of FENC’s worldwide subsidiaries. Its monitoring and smart analysis functions operate 24 hours a day, 365 days a year, providing non-stop assistance to frontline and risk control units with identifying irregularities in advance and upgrading cybersecurity management from post-incident reporting to pre-incident warning with inter-departmental collaboration and response.

Dual information security ratings X intelligent risk insight and governance mechanism
FENC has implemented a dual rating system armed with SecurityScorecard and Bitsight. By integrating external ratings, attack surface visualization and observations of supply chain risks, the system forms a set of consistent risk monitoring standards that applies internally to the subsidiaries and externally to suppliers and partners. While Bitsight excels in third-party and supply chain risk control, SecurityScorecard provides real-time risk ratings and attack surface insights, creating a complementary security infrastructure that facilitates risk classification, decision-making management and governance tracking. FENC and its main subsidiaries are currently maintaining an “A” from SecurityScorecard and “Advance,” the highest rating from Bitsight, continuing to surpass customers’ requirements and international standards.