Unconventional Supply Network Operations: A New Frontier in Global Competition



The SolarWinds logo is seen outside its headquarters in Austin, Texas, December 18, 2020, photo by Sergio Flores/Reuters

The SolarWinds logo is seen outside its headquarters in Austin, Texas, December 18, 2020

Photo by Sergio Flores/Reuters

by Daniel Egel and Jan K. Gleiman

April 19, 2021

Supply chains have long been recognized as a key component in global competition. In warfare, commanders have always faced the challenge of defending their own supply lines or finding ways to attack the enemy's, illustrated vividly in the fight for natural resources like oil and rubber during World War II. Protecting both economic and military supply chains has also been a critical U.S. objective during peacetime.

President Biden's “Executive Order on America's Supply Chains”—issued on February 24, 2021—highlights the continuing importance of supply chains in competition in the 21st century. In large part, this focus reflects the growing importance of cyber and the resulting “supply chain wars” between the United States and China.

But the potential exploitation of supply chains for offensive U.S. operations has been much less discussed. Indeed, in sharp contrast to the multitude of discussions focused on the potential use of offensive cyber operations by the United States, systematic discussions on how to organize the United States to exploit fissures in modern supply chains in pursuit of U.S. objectives have not occurred.

We believe that the United States could consider formalizing and maturing a comprehensive approach for this offensive capability, which might be called Unconventional Supply Network Operations (USNO). USNO are the enhanced methods and activities for analyzing and exploiting complex, modern supply chains across multiple domains for the purpose of state competition. USNO would encompass all multi-domain covert and low-visibility delivery systems, whether the item being delivered is an individual, piece of equipment, or set of electrons. Cyber is and will remain a central and mission enabling component of USNO given its oversized role in supply chains and modern delivery systems of all types. However, USNO diverges from “traditional” supply chain operations in part because of the oversized role of purpose-built human operatives and bespoke technical and operational capabilities.

USNO would seek to take advantage of the increasing complexity of interconnected and networked supply chains (PDF)—or “supply networks (PDF)”—that is creating new vulnerabilities for the United States as well as its allies, competitors, and adversaries. The multi-layered and cross-domain delivery systems of supply networks have long been central to military, intelligence, and economic capabilities. However, the technological advances of recent decades that have made these networks drastically more efficient, valuable, and essential to every element of our daily lives have also created a highly interdependent, largely unsecured portfolio of potential attack surfaces. These vulnerabilities are not limited to the cyber domain but typically manifest themselves at key intersections and critical nodes where human beings are involved.

The U.S. could consider formalizing a comprehensive approach for this offensive capability, which might be called Unconventional Supply Network Operations.

Share on Twitter

Evidence that these modern supply networks create new kinds of risks for the United States (PDF) is now, unfortunately, well-understood and documented. The impact of a nation state supply chain operation was demonstrated vividly in the destruction of the CIA's human network in China, where a compromised supply chain for communications equipment was used to unravel a supply chain for U.S. personnel (the CIA's in-country network). And the recent SolarWinds attacks demonstrated vulnerabilities in supply networks that rely on a highly integrated combination of private and public supply chains. Further evidence is also emerging that discontinuities caused by public-private supply networks have created vulnerabilities in other critical U.S. capabilities, such as the Joint Strike Fighter.

The United States has a long and storied history with USNO, which have been implemented under a variety of different names and structures. For example, the United States invented the foundational methodology for identifying critical vulnerabilities in systems through the Office of Strategic Services in World War II (e.g., CARVER). While offensive USNO have historically been largely successful (despite some dramatic failures such as the Iran-Contra affair), the growing sophistication of U.S. peer and near-peer competitors creates new risks. And, to a far greater degree than the United States, these competitors have a demonstrated capability to blend government and private sector capabilities in “joint ventures” that significantly increase their effective prosecution of their national interest below the cost and risk thresholds of armed conflict—as we have seen with the Wagner Group, the Belt and Road Initiative, and many others. This unique public-private construct gives them a distinct advantage in deploying USNO against the United States.

There are three broad, integrated components to USNO. The first component centers on the rapid identification, mapping, and targeting of relevant adversarial supply networks and their critical nodes of vulnerability, not only within the adversary's own domestic ecosystem but, equally and perhaps more importantly, within the adversaries' adjacent geographies and other supply network spheres of impact and influence. As previously noted, the mapping of critical supply networks is not a new exercise. However, given the advances in relevant technologies, inherent network complexity, and a single network's cross-domain relevance and impact require new approaches to targeting and “sensemaking” of these networks to make USNO effective.

The second component, integrated into the first, is centered on the disruption or disintermediation of adversary's supply chains, typically including the use of human assets to exploit a vulnerability in adversarial supply networks. The Stuxnet virus, which relied on the delivery of a USB drive to a protected network, is a prominent example. As during the Cold War, these operations would largely be conducted in third-party countries and target the proxies or commercial interests of U.S. adversaries.

The third is enabling U.S. or allied USNO. This includes the train and equip of surrogate forces, which requires multi-layered supply networks designed to infiltrate U.S. personnel and equipment and provide assurance in communications and resupply. Covert influence is another important element of USNO capability, an example of enabling indigenous protestors and manipulating politicians requiring the covert delivery of financial resources and communications technologies to human networks operating abroad.

We anticipate that new paradigms for public-private partnerships will be required to effectively counter and compete against the advancing capabilities of our adversaries and will be critical to the success of U.S. USNO in the 21st century. Public-private partnerships have historically been core elements of USNO, such as in the case of Air America, and are today playing increasingly important roles in defense of U.S. supply networks. These partnerships reflect the reality that the United States has best-in-class knowledge and proficiency but that existing capabilities are disparate, unorganized, and scattered across a myriad of government and private sector entities. We do not believe that either a new government agency or “lead-agency” organizational model will be sufficient, as it is anticipated that both would struggle with these cross-functional initiatives. A public-private partnership approach managed by select elements of the intelligence, special operations, and treasury communities and empowered to certify and contract services might prove a better model, facilitating the combination of the U.S. government's mission knowledge, operational resources, and implementation authorities with low friction access to private sector supply networks, knowledge, capabilities, and technologies.

Building cross-functional, multi-domain strategies, tactics, and organizational models designed to dynamically map, monitor, and then either manipulate or attack these complex, adaptive supply networks could be one of the next great challenges of international security. The United States lacks appropriate operational frameworks, strategies and tactics, as well as the accompanying advanced tools to, at speed and scale, gain the necessary forensic understanding for these operations.

Daniel Egel is a senior economist at the nonprofit, nonpartisan RAND Corporation. Ken Gleiman is the president of the Army Strategist Association and a visiting scholar at SAIS in D.C. The views expressed in this article are those of the authors and do not represent the official policy or positions of the Department of Defense or U.S. government.

This commentary originally appeared on RealClearDefense on April 17, 2021. Commentary gives RAND researchers a platform to convey insights based on their professional expertise and often on their peer-reviewed research and analysis.