DLA’s Supply Chain Security Strategy: Strengthening Operational Resiliency
By DLA Public Affairs
The Defense Logistics Agency has a new roadmap for addressing supply-chain security issues like counterfeit parts and the compromise of Commercial and Government Entity codes.
Executive Director of DLA’s Nuclear Enterprise Support Office Col Scott Ritzel, USAF, and 20 subject matter experts from throughout the agency wrote the comprehensive strategy, which highlights the importance of DLA’s global supply chain, its security architecture, strategic focus areas, and how DLA leverages innovation, data management, technology and cybersecurity.
DLA Director LTG Darrell K. Williams, USA, explained the significance of the strategy to the organization, “DLA’s Supply Chain Security Strategy is the roadmap for how the agency will address supply chain security challenges across the enterprise. This cross-cutting effort is fundamental to our operations and underpins DLA’s ability to support the warfighter. Interruption of DLA supply chain operations compromises our nation’s ability to deliver combat power and execute critical missions.”
According to Ritzel, addressing supply-chain threats typically involves numerous DLA organizations. The new strategy outlines an all-inclusive path forward for identifying, prioritizing and mitigating risks and existing threats.
“We operate a global supply chain that’s vulnerable to various threats, whether it be cyber or nefarious actors who are intentionally trying to either disrupt supply chains or present themselves as legitimate vendors,” he said. “Without a strategy, we don’t have a focused effort to protect the global supply chain.”
DLA’s Global Supply Chain
Cyber-attacks are a continuous threat to DLA’s global supply chain due to the interconnectedness of its information technology-dependent operations. There are more electronic devices than people in DLA, and cyber-attackers are growing in their sophistication.
Each year there are millions of attempts to access sensitive information on the DOD network. However, the threat spectrum extends far beyond cyber-attacks. Natural and man-made disasters and accidents can disrupt a vendor’s ability to supply DLA critical parts for the warfighter for an extended period of time. Geopolitical developments have the potential to constrain DLA’s access to allied partners, vendors, and critical resources.
The proliferation of sensitive information by the unintentional mishandling of export controlled technical data can lead to an adversary’s ability to intercept US military technology. Bad-actors engaging in nefarious activities can steal the identity of legitimate suppliers, introduce counterfeit parts into DLA’s global supply chain, and disrupt the agency’s financial position. Sole-source and diminishing manufacturers can ground fleets of aircraft if they choose to discontinue operations while foreign dependencies and lack of visibility into sub-tier suppliers can lead to additional counterfeiting, cyber-attack, and espionage.
Architecture for a Secure Global Supply Chain
DLA’s overall supply chain security strategy is designed to establish an architecture that comprehensively addresses supply chain security from an enterprise perspective. The architecture consists of five broad components:
- Threat/vulnerability identification and risk prioritization
- Offensive risk-mitigation solutions
- Defense risk-mitigation solutions
- Resilient supply chain operations
- Prevention through detection, protection and defense
Strategic Focus Areas
To create an architecture that comprehensively addresses supply chain security from an enterprise perspective, DLA will concentrate on the following four strategic focus areas:
- Institutionalize supply chain security across the DLA enterprise
- Maintain integrity and access to key data
- Partner with valid, reputable vendors who produce quality supplies and services
- Strengthen the resiliency of systems, processes, infrastructure and people
The strategic focus areas represent “strategy bins” that house supply chain security-related initiatives, which are mapped to objectives within DLA’s 2018-2026 Strategic Plan. These initiatives are the essence of DLA’s overall supply chain security strategy. They put the strategy into motion by actuating the four strategic focus areas for the purpose of achieving an architecture that comprehensively addresses DLA’s supply chain security challenges.
Desired End State
DLA’s mission is to sustain warfighter readiness and lethality by delivering proactive global logistics in peace and war. Maintaining an effective supply chain security posture through Supply Chain Risk Management is fundamental to the agency’s ability to meet its mission. It is within the threat spectrum captured above that DLA must innovate to strengthen operational resiliency in support of the warfighter.
DLA must continuously identify, assess, report and mitigate threats, vulnerabilities, and disruptions to its global supply chain. DLA’s end state is to establish an enterprise architecture that comprehensively addresses supply chain security challenges. An architecture that evolves as new threats emerge, one that endures the test of time and provides uninterrupted support to the warfighter.
Implementation of the strategy will require a team effort according to LTG Williams, “Supply chain disruption is not an option for the warfighter. With each of us synchronized on supply chain security, together we can thwart disruption by strengthening operational resiliency.”
A Closer Look
STRATEGIC FOCUS AREA 3: Partner with Valid, Reputable Vendors Who Produce Quality Supplies and Services
The purpose of the third strategic focus area is to ensure that the vendors DLA partners with produce high-quality materiel for the warfighter. The accompanying initiatives are heavily focused on preventing counterfeit and non-conforming parts from entering into DLA’s global supply chain. With well-established processes in place to ensure DLA partners with valid and reputable vendors, fraudulent exploitation still exists given the sheer volume of purchases, business transactions and the automation required to support them. Further complicating this is the complexity of sub-vendor relationships that support DLA’s primary vendor base.
To protect against counterfeit parts and fraudulent vendor activity, DLA engages in a number of mitigating activities. First, the agency will continue to “DNA mark” trusted-source microcircuits through DLA’s Product Test Center for Electronics in order to positively identify integrated circuit cards throughout their life cycle. The agency will also refine and implement vendor network mapping tools and Business Decision Analytics platforms to help identify subvendor relationships and enhance DLA’s ability to report suspect counterfeit activity to the Defense Criminal Investigation Service.
DLA will also continue its collaborative efforts to enhance the agency’s capabilities to protect against counterfeit parts and supplier fraud through existing cross-functional working groups. DLA is also in the process of developing enhancements to DLA’s Internet Bid Board System to strengthen the agency’s capabilities to mitigate counterfeit and fraud risk when procuring parts from an independent distributor as opposed to a trusted supplier within DLA’s existing vendor base. DLA also established a market intelligence initiative designed to give the agency a better understanding of the atmospherics within its vendor network. Fundamental to this initiative is the development of a business process focused on collecting, analyzing and disseminating actionable intelligence for specific markets of interest to help shape acquisition strategies.