A Perspective on Threat-Based Supply Chain Risk Management

Steven Klemencic writes about the RAND Corporation’s recently released major study, Managing Risk in Globalized Supply Chains. While the report was commissioned by the United States Air Force (USAF) and, as a result, is USAF-centric, it has applicability across US military services and US defense contractors. With supply chain risk management (SCRM) meaning different things for different people, the key findings are both unsurprising and, given the highly competitive geopolitical environment we find ourselves in, worrisome.

Read the full paper.

Key Findings

• USAF policies and responsibility for SCRM are widely dispersed, with limited alignment, coordination, and information sharing.
• USAF places implicit and explicit trust in its vendors to manage their supply chain risks sufficiently to protect USAF from the effects of disruptions.
• SCRM analysts have a limited understanding of which suppliers are actually in the supply chain of a given program or weapon system beyond the first tier.
• Although many sources of SCRM-relevant data exist, they are in diverse formats and can be difficult to access, integrate, and analyze.
• The USAF acquisition workforce of 2020 has had limited in-the-job training and exposure to the full range of supply chain risks and how to collect sufficient information to understand them.

The study provides a series of recommendations directed to USAF and the Department of Defense to avoid and mitigate the effects of supply chain risk. Like the key findings above, the recommendations are unsurprising and equally worrisome.

Recommendations

• USAF, and DoD more broadly, may benefit from an executive SCRM council to establish policy, set standards, and facilitate information sharing across the enterprise. At a minimum, council membership would represent the acquisition, logistics, intelligence, counterintelligence, and operational user communities. A separate analytic organization within USAF could support the council’s agenda.
• USAF may consider having its acquisition policy require programs that are strategically significant to consider supply chain risk as part of source selection.
• To gain insight into the lower-tier providers, some program offices could collect a complete list of raw materials, parts, and subcomponents and the associated suppliers needed to produce an end item (e.g., the bill of materials). To help prioritize SCRM activities, these program offices could also consider the value of requiring contractors to provide lists of items that can critically affect the reliability of contract end items (e.g., a critical item list) from contractors.
• To reduce the burden on program offices and to facilitate supply chain risk assessment, DoD could develop a comprehensive plan to manage SCRM-relevant data collected throughout government that would include USAF logistics, maintenance, and safety programs. In the absence of a DoD-wide effort, USAF may wish to consider developing a resource for its own community.
• DoD may benefit from developing an ongoing, formal, enterprise-level SCRM curriculum that trains acquisition professionals on identifying and mitigating supply chain risk.