Skip to Main Content
Access your saved content
Problems that plague commercial supply chains can be national security risk for governments.
The federal government increasingly is being challenged to understand and manage risk across global supply chain and transportation networks. The political, economic and security implications of regulating in a complex environment have necessitated new approaches for public-private collaboration.
The problems and challenges that plague the private sector supply chain—everything from theft to counterfeiting to natural disasters—are an even greater threat to the federal supply chain. For the government, risks to the supply chain can affect national security. The growing dangers of cyber espionage, for instance, mean that purchases of information technology, components and software must be guarded against the threat of compromise.
The General Accounting Office in its March 2012 report stated: “Reliance on a global supply chain introduces multiple risks to federal information systems and underscores the importance of threat assessments and mitigation. Supply chain threats are present at various phases of a system’s development life cycle and could create an unacceptable risk to federal agencies.”
By using leading commercial practices in risk management, the federal government can minimize the potential damage that a breach in supply chain integrity would cause. It is not realistic, in either financial or practical terms, to eliminate risk altogether, but vulnerabilities can be identified and strengthened; effects can be mitigated; and disruption times can be shortened. A parallel can be drawn to agencies' development of “continuity of operations plans,” contingency plans to keep functioning following a disaster, whether natural or man-made.
Because risk cannot be eliminated, only anticipated and managed, it is critical for agencies to define their risk policy, including objectives for risk tolerance levels. This is a necessary step— not all risk is created equal, and containment measures may be disproportionately expensive to the impact of the possible event. Assessing the risks, countermeasures and possible consequences provides the wherewithal to make tradeoffs among competing priorities.
Once a risk policy is in place, risk management can be addressed in three waves:
The first two waves are self-evident, though experience in executing the streamlining of physical and information flows is needed for these complex areas. The third concept, striking the balance between risk and reward, aims at the heart of government operations—what reserves (whether of manpower, physical and IT assets, financing or governing procedures) the agency requires to have available in the event of a risk scenario developing. There are many questions that can help develop this, among them:
For federal agencies, use risk management techniques is more than a mechanism for avoiding costs. Understanding the supply chain's vulnerabilities, then taking steps to avoid or minimize them, is a proactive measure in our national security strategy. It is not practical, for instance, to inspect every piece of IT hardware that will be placed on a network; undertaking a systematic examination of the supply chain and modifying its elements to minimize risk, e.g., certifying manufacturers in advance, is one way to gain much of the benefit of inspections.
Taking a comprehensive approach to implementing a supply chain risk management process will help agencies improve the performance of their supply chains, as well as increase the resiliency of those agencies in response to any risk. It is a complex process, but reducing the risks of failure in the links in the chain will produce both performance and budgetary benefits—while strengthening our national security.
May 16, 2012
Skip Footer Links