Supply chain risk management is now a GovCon necessity
But done right it can be a competitive differentiator
Against a backdrop of highly publicized cyber hacks, ransomware attacks and extended goods shortages, supply chain risk management has taken center stage as a pressing operational and national security concern. This increased focus on strengthening and securing critical U.S. supply chains has already resulted in new requirements appearing in federal acquisitions, obligating federal contractors to identify, assess and mitigate supply chain-related security threats.
At this moment – as cyber and SCRM-related regulatory and contractual requirements are being implemented – there is an opportunity for motivated government contractors to stand out and differentiate themselves with strong SCRM practices. Doing so will better position these organizations to mentor and assist critical suppliers, minimize future cyber and supply chain disruptions, support national resilience and deliver value to agency customers. To put it simply, a short-term focus that fails to consider supply chain risk invites the possibility of new stresses to our national security posture and could expose companies to reputational harm and financial liability.
Here are three considerations for federal contractors that are ready to seize on SCRM as a differentiator.
- SCRM is important to the customer
In the face of rising uncertainty over data security and surveillance by foreign adversaries, federal agencies are progressively relying on their industry partners to proactively monitor their third-party ecosystems. It is increasingly important for government that contractors have a solid understanding of the companies that they are working with and the risks that they may present.
In addition to other steps taken by the federal government related to supply chain security, recent executive orders direct agencies to assess the global and U.S. supply chains for specific segments of the industrial base, and to enhance the security of the software supply chain. Legislative acts have also been put into place that emphasize a preference for U.S.-made products and ban government purchases of certain foreign-sourced equipment and services.
The more that contractors align with federal supply chain security efforts, the better that they can protect their government customers (and themselves). Companies should monitor the evolution of top initiatives guiding agency and contractor behaviors and best practices. Several important initiatives to take note of include:
- National Institute of Standards and Technology’s Special Publication 800-161,Revision 1(slated to be finalized in April 2022) – designed to support federal agencies in identifying, assessing and mitigating supply chain risks associated with information and communications technology (ICT), the draft revision introduces a preliminary maturity model concept meant to improve visibility into and control of the highest impact ICT supply chain risks.
- Cybersecurity and Infrastructure Security Agency Information and Communications Technology SCRM Task Force – the leading public-private partnership focused on enhancing ICT supply chain security strategies recently published practical resources meant to assist organizations with mitigating threats to the ICT supply chain.
- DoD’s Cybersecurity Maturity Model Certification – intended to boost cybersecurity within the defense industrial base, the model is under review to ensure it does not unfairly penalize smaller companies.