Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.
Supply chain security issues have been dominating the news lately. That plus rising costs and longer delivery times. The Biden administration has taken some steps to help logistics companies. For an assessment, Federal Drive with Tom Teminproducer Eric White spoke with the Senior Vice President of Policy and General Counsel at the Information Technology Industry Council, John Miller.
John Miller: I would start by saying agencies are actually doing a lot better. February’s America’s Supply Chain Executive Order kicked off a flurry of activity on supply chains across the government. In my world, Commerce and CISA, the Cybersecurity and Infrastructure Security Agency, had been working on the ICT supply chain piece. Commerce previously put out a report on the semiconductor piece. But there’s numerous other agencies also involved doing things too, Energy Defense, HHS, and others. So there are a number of implementation activities in flight. And one of the other hats I wear is as the co -chair of the CISA lead ICT supply chain risk management task force. And the taskforce has been engaged with commerce and CISA, providing our expertise as they as they write the one year report that was required pursuant to the America Supply Chain executive order. So I think in terms of what more could could be done besides all of this activity, in a lot of ways, one of the things that we consistently urge the government to do is to at least make sure that everything you’re doing is streamlined. And I think there are so many activities going on that from an industry perspective, we really continue to urge the government to drive a strategic coordinated and holistic approach to these issues so that we’re all pointed in the same direction.
Eric White: Yeah, that’s a good segue into my next question, which is there are so many moving parts, or lack of moving parts recently, that go into this sort of thing. Is it the kind of thing where they’re doing all they can and it’s just gonna have to resolve itself? Because, like you said, there’s just so many moving parts, that even streamlining, it may not actually end up streamlining it.
John Miller: I would not say that the situation that we’re currently dealing with will simply resolve itself. I mean, it’s true that some of the issues that we’re experiencing are the result of the the unprecedented pandemic that we’ve all been been dealing with for the past year and a half plus already at this point. But I think one of the things that the pandemic has actually helped us all understand is that there were some systemic challenges to supply chain to the areas of supply chain risk management, that it’s really important that we collectively address longer term some of these things were already underway, such as the need to diversify supply chains to a broader array of locations and away from single source or single region suppliers. The pandemic has just underscored the need to to continue working on that issue, even beyond the pandemic.
Eric White: Yeah, even before the pandemic, as far as critical supply chains go for those tools and materials needed for things like major infrastructure projects that are critical, how vulnerable were those supply chains and was anybody really kind of raising the alarm bells before all this happened to say we need to really diversify where we’re getting this stuff from?
John Miller: Yeah, I mean as I just said, the pandemic has reminded us that due to the complexity of these supply chains, and the many, many potential threats that are out there different types of threats, of course, that the supply chain, that they’re always supplied, that there was always vulnerability in the supply chain, I guess maybe is the best way to put it. And that really helps to to illustrate why there’s always a need for supply chain risk management. I mean, I can tell you, again, from both the ITI perspective and the perspective of the task force that I mentioned earlier, I mean, that was incepted in December to 2018, so that’s certainly well before the pandemic came into our lives. So that task force, and that’s a task force that that involves over a dozen federal partners as well as from the IT and communication sectors, has been working on these supply chain risk management issues for nearly three years. And there are many across industry and government who have been working on these issues for a decade or more. I mean, one of the things that that we did as a task force was to catalog roughly 200 supplier related threats ranging from cybersecurity to counterfeit the legal and economic risks to indeed external end to end risks, such as natural disasters or pandemics. And one of the things that, again, been driven home here is that any of these many risks could have disruptive impacts on a complex supply chain, and the pandemic has really helped to highlight what some of the structural issues are. And I think it’s one of the reasons that the work that’s happening right now to address these issues is so important.
Eric White: As the government piles on more and more responsibilities to critical infrastructure companies in the industries itself, could we see something in the future where there might be a self reporting requirement for when supply chain issues are going to arise where they need to notify said agency to make them aware of the situation and see if there’s anything that they can do so that there aren’t major disruptions that end up blowing into any disaster or lack of improvement going on?
John Miller: Well, that’s an interesting question. I mean, I think the short answer is that, particularly if we widen the aperture a bit and think about this through the lens of supply chain, information sharing, we are already seeing active discussions underway in a couple of different places. I mean, information sharing in the supply chain context is certainly important. It is important to note this is a different kind of sharing than we’re seeing in a few other contexts and have seen particularly in the cybersecurity context.