3 Steps to a More Secure Federal Supply Chain

Lightspring/Shuterstock.com

A self-assessment is the first step in understanding where potential threats may come from.

With the federal government shutdown over—at least for the moment— there is a lot of conversation about the fallout from the shutdown, what didn’t get done and what it will take to recover. Much of that exchange has been around what threats to security the shutdown posed, and what risks were heightened during those 35 days and beyond. One silver lining to the shutdown is that it may serve as a forcing function for a closer examination of organizational operating practices with an eye toward building resilience.

One critical threat to the resilience of any organization is the security of its supply chain. In 2018, President Trump signed a law that effectively banned the use of Chinese-made technology by the federal government, and it is reported that he is considering a more robust ban against these products. This is one approach to threat management, but an earlier ban on Russia-based Kaspersky Labs anti-virus software has been costly and difficult to implement.

So how should federal agencies address potential threats posed by foreign-made products and services and secure their overall supply chain? There are three types of assessments that any government agency or organization can perform to reduce threats and improve their supply chain security. These self, supplier and product assessments examine all levels of an organization and their supply chains, prioritizing threats and improving security.

A self-assessment is the first step in understanding where potential threats may come from. Across federal agencies, hundreds of thousands of contracts supply goods and services that make the government and military function. The sheer volume of contracts can be daunting, but a good self-assessment starts with understanding where vulnerabilities lie, and which components are the most critical. By breaking down the importance of products and suppliers, it is easier to prioritize which suppliers for these mission-critical items should be the ones that are routinely audited or subjected to greater scrutiny. During the self-assessment process, agencies should ensure that they have auditing processes in place to examine their suppliers, develop an approved-supplier list for sensitive products and services and see if the agency can have some kind of oversight into specific suppliers.

It is also important during the self-assessment process to ensure that the supply chain security team and the procurement teams are working closely with one another. Procurement’s role is to look at quality and cost, but supply chain security analysts have the important job of identifying potential issues and threats to an agency’s mission. The supply chain team must be empowered to stop a contract and cease business with a supplier if they find evidence of counterfeit, compromised or suspect goods and services.

Once a self-assessment is complete, the next step is to audit the most mission-critical suppliers and arrange for audits of their other suppliers where possible. An important component of supplier audits is to examine what processes the suppliers themselves have in place for ensuring that their supply chains are secure, and building these obligations into contracts. Communication is key and there must be processes in place for suppliers to flag potential threats, counterfeit and compromised goods to their customers even if the issue occurs several tiers down in the supply chain.

Finally, agencies should do an inspection of mission-critical products they use. In an ideal world, these products would be built with supply chain security accounted for in the development process. If it is an existing product, before a new contract is started, agencies must thoroughly vet their suppliers and have a solid understanding of the origins of the most critical components within the products that they use. Agencies should also do regular spot-checks where a representative sample of the products supplied are thoroughly checked to ensure its quality, security and that it conforms to the contracted requirements.

While there may be few suppliers of some products, redundancies are important to ensuring a secure supply chain. If an issue is found with one product or with a certain supplier there should be a backup option that an agency can switch to. This has the advantage of giving an agency leverage over their suppliers and not surprisingly, most suppliers are willing to work closely and transparently with their clients to examine supply chains. If this is not possible, the agency should examine the exposure that a particular supplier poses, consider their leverage with that supplier, and attempt to get the supplier to change their processes for their own supply chains.

Globalization has stretched supply chains and made them increasingly complex, but a smaller supply chain will not solve the supply chain security threats faced by federal agencies, including the Defense Department. Recent events with China and Russia have been a wake-up call to government procurement offices and reinforce the need for proper supply chain security processes. With proper supply chain security, we can be best prepared to safely take advantage of the global market and international supply chains that have tremendous advantages: providing top-quality, on-demand and cost-effective products. Having good supply chain hygiene and security, is attainable for the federal government and will improve the overall contracting process.

Tony Pelli is a supply chain risk consultant for Supply Chain Services and Solutions at BSI.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.