Tag Archives: supply chain

Building a Resilient Supply Chain Domestically and Globally

Posted on by

While the supply chain issues of the pandemic (remember the lengths we went to, to get toilet paper?) may seem like ancient history, the fragility of global supply chains remains a reality that our government needs to address for long-term economic stability. The Biden Administration has issued a number of orders and goals around shoring up supply chain practices for physical goods as well as software. In June, a new executive order formalized the role of a White House counsel on supply chain resilience.

Defining Resilience

A resilient supply chain is defined as one that can "easily adapt, rebound, or recover when faced with economic shocks." Creating a resilient environment requires boosting domestic manufacturing, supporting research and development, fostering innovation, strengthening critical infrastructure, and recruiting high-quality talent. The White House Council on Supply Chain was first convened in November 2023 to discuss these very measures, and this latest order has specific action items to deliver before the end of 2024. Continue reading

Security Takes a Leading Role in Acquisition

Posted on by

Recent security breaches via software have made supply chain security a priority across government. No longer is it enough to build security into a solution; now every product that is part of that solution is being examined for its security and risk. In response, the Biden Administration issued a Cybersecurity Executive Order that aims to provide more control over the content of code that comes in contact with government systems and infrastructure.

Continue reading

Government Security: Looking From the Inside Out

Posted on by

With a number of high-profile security hacks involving widely used software, government agencies are retraining their focus on their organization's security measures and those of the vendors and service providers that work with them. This shift in focus was actually on the rise before the recent hacks in anticipation of cyberattacks just like the ones we've recently seen.

In January of 2020, the Defense Department implemented the Cybersecurity Maturity Model Certification (CMMC), a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. Contractors have always been held responsible for implementing and documenting their IT systems' security that touch sensitive government data. Under CMMC, this continues, but adds the need for a third party to assess the contractor's compliance.

Continue reading

Re-Imagining Government Supply Chain Management

Posted on by

This spring, the concept of supply chains became a household discussion as families searched high and low for household staples like toilet paper, flour, and hand soap. However, supply chain for government is more complex than the supply and demand driven model for consumer goods. Government supply chains involve monitoring for security and foreign involvement. This means knowing where all parts of a solution were manufactured, programmed, and assembled.

Gregory C. Wilshusen, director of information security issues at the U.S. Government Accountability Office, noted that "supply chains can be long, complex, and globally distributed and can consist of multiple outsourcing tiers. As a result, agencies may have little visibility into, understanding of, or control over how the technology that they acquire is developed, integrated, and deployed."

This lack of visibility is due in part to incomplete vendor reporting. Not only do vendors have to manage all the pieces of their solution, but they themselves may be managed by multiple organizations in an agency. Reporting happens through numerous tools and is siloed, making it difficult to get a full picture of the chain that led to the delivery of a solution to a government agency.

Continue reading

Exposing the Supply Chain is a Matter of National Security

Posted on by

The phrase "Supply Chain" may make you immediately think of retail giants like Amazon and Walmart or manufacturers like GM and John Deere, but government is highly reliant on security supply chains. A supply chain is the network of all the people, organizations, resources, activities and technology involved in the creation and sale of a product. It encompasses the delivery of source materials from the supplier to the manufacturer, to its eventual delivery to the end user. In government, supply chains have come front and center with the Trump administration's rulings banning government use of products from certain Chinese manufacturers citing security concerns that products could contain ways for the Chinese to spy on the U.S. Companies selling technology to the government have to be able to trace the source of all elements of their products to ensure nothing originated with the banned distributors.

Being able to do this requires a mature supply chain process and solution. Interagency committees have been established to determine best practices in securing increasingly complex supply chains. Understanding supply chains is an expensive undertaking and one survey found that small and mid-sized businesses are opting out, counting on the fact that they will not be the ones called out to defend their supply chain to government. This mentality may not be an option for long.

DoD is getting more and more prescriptive in their security and supply chain guidance, adding the review of contractor purchasing systems as part of bid reviews. GSA has also explored banning the use of refurbished IT, since that includes products where a supply chain cannot be re-created.

The rules and regulations around supply chains can seem just as complex as the chains themselves. Luckily, it's a topic of discussion at a number of upcoming events.

Continue reading