Supply chain is defined in several different ways but civilian and defense agencies have some focus areas in common.
At the Defense Logistics Agency, for example, it spans from raw materials to manufacturing, to storage and outbound logistics or delivery. Sly Ahn, supply chain security lead for the Portfolio Program Support Division at DLA, said the agency also has a disposition services addition to its normal supply chain — called “reverse logistics.”
“This is when one of our customers turns in something either for disposal or for reutilization, effectively making whatever is turned in into a supply chain of itself,” he said on a panel during the Due Diligence: Securing the Federal Supply Chain webinar Wednesday. “I wanted to highlight as well, though, it’s not just the nodes, if you will, that I just spoke to. It’s all of the transportation lanes in between those nodes, all the infrastructure, roads, airways, shipping lanes, and then it’s also the information flow between all of those different stakeholders involved with that kind of physical transport of material from the beginning to the end of that supply chain.”
Ahn added that DLA has more customers than just the Defense Department and the warfighter. Providing personal protective equipment for COVID-19 response, support for Forest Service firefighters in California, hurricane response and other humanitarian assistance, for example, are also dependent on the supply chain.
Now that the pandemic has set in for most of this year, Army Col. Ronald “R.J.” Hughes said DLA learned the value of additive manufacturing, which the agency leveraged to deliver 10,000 face shields to frontline health workers at the Javits Center in New York City.
Even though it’s nothing new, supply chain management continues to perplex federal agencies. Hughes, who serves on DLA’s J31 Supply Chain Security Team, said the agency alone manages 3 million items for the government — often prompting the question “Are you guys trying to boil the ocean?” That makes prioritizing key. To do that, DLA published the Supply Chain Security Strategy to act as a framework and risk register.
“I think that’s one of the first steps that when you talk supply chain, you really have to make sure you’re focused at the right level. Otherwise, it becomes an overwhelming issue, and then you’re not attacking it from a coordinated standpoint,” Hughes said during the Wednesday panel, hosted by AFFIRM.
Some disagreement still exists around acquisition’s role in supply chain management — whether the two are linked or should be viewed as separate. It’s critical to examine contract language for compliance, said Shon Lyublanovits, senior adviser for cybersecurity at the Office of Information Technology Category, in the General Services Administration’s Federal Acquisition Service. She said vendors cannot be expected to comply with supply chain risk management if their contract does not tell them how to do it. And that means federal acquisition officials also need at least a basic understanding of what to look for.
“I also think as vendors are trying to get on different schedules and sell their products, they need to understand coming in the door, what the expectation is,” she said. “Risk profiles — making sure that you understand the right vendors to contract with for the type of the work that you’re doing — makes a difference. So as an agency, what kind of mission do I have? Am I looking at a risk profile, one which could be low, versus the risk profile high?”
Both Lyublanovits and Theresa Lang, acting chief information security officer in the Department of Homeland Security’s Office of the Chief Information Officer, said the risk management framework is extremely important. DHS in particular is looking at DoD’s Cybersecurity Maturity Model Certification.
“DHS is very interested in these kind of innovations, because it’s important for us to be promoting our economy and our security. We sit in a place where we have enforcement and intelligence and national security and humanitarian responses — we have all of those things that come under our purview. And supply chain has become so important that we are one of the principals on the Federal Acquisition Supply Chain Council,” Lang said. “So it’s one of the things that we want to make sure that everyone is paying attention to, we want to make sure that we have the right guidance and governance in place.”