Policymakers have increased emphasis on national security risks deriving from globalization of weapon system supply chains. This report addresses the challenges the U.S. Air Force faces in mitigating the effects of these risks and suggests ways to improve how it addresses such risks in source selection and other decisions.
Managing Risk in Globalized Supply Chains
- How can USAF develop a repeatable SCRM process to quickly identify, assess, prioritize, and mitigate supply chain risks that affect weapon system readiness?
- What systemic challenges could prevent USAF from adopting a formal SCRM process?
In recent years, policymakers have increased emphasis on national security risks deriving from globalization of weapon system supply chains to include foreign suppliers. This report recommends specific ways in which the U.S. Air Force (USAF) can evolve its organization, policy, training, and data practices to avoid and mitigate the effects of supply chain risk.
The authors reviewed academic literature on supply chain risk management (SCRM); analyzed federal, Department of Defense (DoD), and USAF policy and regulations related to supply chain management and acquisitions; and interviewed personnel from across USAF and DoD. They found that USAF SCRM is hampered by widely dispersed policies and responsibilities; challenges in identifying, acquiring, integrating, and analyzing SCRM-relevant data; overreliance on contractors to manage their own supply chain risks without sufficient incentives; and insufficient SCRM training for acquisition professionals.
Many coordinated actions have the potential help USAF address these SCRM weaknesses. An analytic organization to conduct centralized analyses that are beyond the scope of program offices may be helpful. Program offices may benefit from routinely collecting bills of materials and lists of associated suppliers and critical items from contractors; obtaining proper data rights; and considering the value of technical data packages to SCRM. A comprehensive plan to manage SCRM-relevant data collected throughout government may help USAF facilitate data integration and analysis. An ongoing, formal, enterprise-level SCRM curriculum to train acquisition professionals on supply chain risks may help USAF personnel consider such risks in source selection and other decisions.
- USAF policies and responsibilities for SCRM are widely dispersed, with limited alignment, coordination, and information-sharing.
- USAF places implicit and explicit trust in its vendors to manage their supply chain risks sufficiently to protect USAF from the effects of disruptions.
- SCRM analysts have a limited understanding of which suppliers are actually in the supply chain of a given program or weapon system beyond the first tier.
- Many sources of SCRM-relevant data exist but are in diverse formats and can be difficult to access, integrate, and analyze.
- The USAF acquisition workforce of 2020 has had limited on-the-job training and exposure to the full range of supply chain risks and how to collect sufficient information to understand them.
- USAF, and DoD more broadly, may benefit from an executive SCRM council to establish policy, set standards, and facilitate information-sharing from across the enterprise. At a minimum, council membership would represent the acquisition, logistics, intelligence, counterintelligence, and operational user communities. A separate analytic organization within USAF could support the council's agenda.
- USAF acquisition policy may consider requiring programs that are strategically significant to consider supply risk as part of source selection.
- To gain insight into the lower-tier providers, some program offices could collect a complete list of raw materials, parts, and subcomponents and the associated suppliers needed to produce an end item (e.g., the bill of materials). To help prioritize SCRM activities, these program offices could also consider the value of requiring contractors to provide lists of items that can critically affect the reliability of contract end items (e.g., a critical items list).
- To reduce the burden on program offices and to facilitate supply chain risk assessment, DoD could develop a comprehensive plan to manage SCRM-relevant data collected throughout government that would include USAF logistics, maintenance, and safety programs. In the absence of a DoD-wide effort, USAF may wish to consider developing a resource for its own community.
- DoD may benefit from developing an ongoing, formal, enterprise-level SCRM curriculum that trains acquisition professionals on identifying and mitigating supply chain risk.
Table of Contents
Organization and Policy for Supply Chain Risk Management
Incentivizing and Enforcing Supply Chain Risk Management
Supply Chain Risk Management Requires a Deep Knowledge of the System
Limited Data Available to Understand Supply Chain
Data on Suppliers Are Disaggregated and Difficult to Ana
Summary and Conclusions
Approximate String Matching of Company Names