U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

  1. Home
  2. Defense Acquisition Magazine
  3. Defense AT&L - March-April 2017
  4. Supply Chain Risk— What Is It?

Supply Chain Risk— What Is It?

James Davis and John Sullivan


You don’t need to work in logistics to understand supply chain risk. Those of us who must deal with snowy winters are all too familiar with supply chain risk. The mere hint of a serious storm drives folks straight to their local grocery stores where soon the shelves are bare of all essentials such as milk and bread (and yes, beer sales skyrocket as well).

The spike in demand temporarily exceeds the supply chain’s ability to replenish—and, as the saying goes, “the cupboards are bare.” Fortunately, in a snow storm, we may experience only a couple of days of inconvenience before the weather has cleared and there is ample stock back on the shelf.

So, take a moment and think about the implications if this wasn’t a temporary hiccup and instead, our flow of products, milk, bread … or, say, microcircuits, faced a serious disruption somewhere in the supply chain. Perhaps in raw materials, maybe in the manufacturing process or in the transportation to the customer. For the warfighter, such disruptions can be devastating. A look back at World War II shows the classic case of directed warfare on the adversary’s supply chain: Germany’s failed attempt to destroy the Allied maritime force and the Allies in turn targeting Axis rail, manufacturing and oil refineries. To quote the late retired Marine Corps Gen. Robert Barrow, “Amateurs think about tactics, but professionals think about logistics.” Supply Chain plays a key part in an armed force’s strategy, but it is also an often undervalued area.

“Let’s Just Out Spare the Enemy!”

Who on the pointy end of the sword hasn’t ever wanted more supplies … spare parts, fuel, ammo, food, etc. Relying on a supply chain for critical warfighting requirements can be a nerve-wracking situation. But as we all know, it’s just not feasible to have everything we need on station for an extended time. To quote Apple’s Tim Cook, “inventory is evil.” While those of us who have been frustrated by a “stock out” may disagree, there is no denying the cost and footprint that comes with maintaining massive mountains of inventory alongside our warfighter.

By now you might be saying “This article is supposed to be about Supply Chain risk. What’s up with all the talk about inventory?” Well, in the Department of Defense (DoD), we’ve traditionally dealt with supply chain risk by stocking large amounts of inventory—not to the point of a limitless supply on the battlefield, but we have been known to have very robust forward deployed inventory positions. All of that comes with a cost—both in dollars and footprint.

So, I get it: Inventories come with a cost, and holding inventory has risks of its own (opportunity cost, obsolescence, etc.). A balance is needed between my inventory on hand and the resupply of follow-on inventory through the DoD supply chain. It’s critical that to get this balance right and determine where the greatest threats to our supply chain are lurking and then develop the best approach to assume, avoid, transfer or mitigate this risk.

What Is Supply Chain Risk Management?

According to the APICS Supply Chain Council, supply chain risk management (SCRM) is the systematic identification, assessment and quantification of potential supply chain disruptions with the objective of controlling exposure to risk or reducing its negative impact on supply chain performance. This is really a pretty straightforward definition. In essence: identifying what can go wrong (from gathering the raw materials to delivering the final product to the Warfighter) and developing a systematic approach to minimizing the potential disruptions.

What Is the Greatest Risk?

There are many definitions of supply chain. There are equally as many views on supply chain risk and differing perspectives on what poses the greatest threat. Understanding supply chain risk leads to deciding how you manage it. This article focuses on how DoD views supply chain risk compared to industry, what we can learn, and changes we may need to make to manage supply chain risk.

Our supply chain reality has many disparate participants, to include government and commercial product support providers. Our supply chain must deal with random customer demand, imperfect transportation pipelines, weather delays, labor stoppages, political uncertainty and a shrinking, or at best, volatile vendor base.

One of the most recent entries focus areas for supply chain risk is cybersecurity. Although cyber is getting a lot of attention as a “new” threat, it has been around since we started using computers to account and order supplies. System downtime, buggy programming, communication disruptions and lack of expertise were all risks associated with what we now call cyber. In the past, one IBM punch card out of place could have serious supply chain implications. However, this is but one of many possible supply chain risk topics.

To solve this problem, President George W. Bush signed the Comprehensive National Cybersecurity Initiative (CNCI) in 2008. CNCI established three overarching focus areas, each one comprised of four distinct sub-initiatives. One of the sub-initiatives calls for developing a multipronged approach for global SCRM. One of the results of the Bush initiative was the DoD’s establishment of a strategy for Trusted Systems and Networks. The DoD created the Trusted Foundry Program (TFP) in 2003 to respond to the threats of offshoring of microelectronics fabrication and the resulting diminishing influence of the DoD on leading-edge microelectronics research and development. The National Security Agency and the Defense Microelectronics Activity equally fund the TFP.

Industry and Military Views of the Biggest Threats?

The following two examples serve to illustrate the relationship between DoD and commercial supply chain risks.

RAND Corp. conducted recent 2015 studies on the Army and Air Force supply chains. RAND’s focus was on the risk inherent in both Services supply chains. It looked at the supplier risk side for the Army Materiel Command (AMC) and listed examples of risk (Table 1).

It is interesting to note in the AMC study that the only risk possibly linked to cyber is database inaccuracies. Of course, this risk has existed since the application of automation in our supply chains.

To get an industry perspective, Figure 1 is excerpted from a presentation by Supply Chain Insights, LLC. It specifically identifies the top three Supply Chain risk drivers as viewed by industry. It is interesting to note the commonality between the industry risk identification and the RAND AMC study. Why? The commercial supply chain is our supply chain.

 


How Do and Should We Deal With This?

As mentioned above our most recent focus on supply chain risk has been on cyber. RAND’s research report RR549, Identifying and Managing Acquisition and Sustainment Supply Chain Risks, which evaluated Air Force supply chain risk management, states: 

"DoD also has policies to address risks posed by underutilization of existing inventory. But it does not have policies for managing a number of supply chain risks such as those posed by environmental risks, natural disasters, pricing, geopolitical events, and other events that are discussed in the business literature..."

Altogether, we found that supply chain risk management is not consistent across the Air Force and, where it is practiced, it is often not sufficient. Weapon system managers reported a lack of enterprise-wide supply chain risk management procedures and mechanisms. They also differed in the extent to which they considered supply chain risks. Few had mitigation plans for such risks. One reason cited for the lack of a proactive approach to supply chain risk management is the lack of tools for identifying such risks.

Is SCRM Really That Important?

We’ve presented information about supply chain management and risk. We’ve also provided data from reports that indicate what both government and commercial entities believe they face in the way of supply chain risks. These reports and studies offer recommendations about how to handle these risks. However, much of this is general information. What happens when a supply chain risk is realized? What are the implications? Let’s take a look at a “real world” example from the commercial sector. 

Boeing developed the 787 Dreamliner as a revolutionary commercial aircraft. Much of the engineering was completed using computer simulation. The aircraft would be made from an unprecedented amount (about 50 percent of its airframe) of carbon fiber. This approach would create significant developmental and supply chain risks. 

This revolutionary design would require a high tech fastener made from titanium instead of the traditional aluminum. Boeing was also sourcing this new fastener from a supply base that had reduced its workforce, and therefore capacity, by about 40 percent since the terrorist attacks of Sept. 11, 2001, due to airplane order cancellations. When Boeing planned on ramping up production with new technologies, it relied on a fastener supply base years behind in its ability to produce at the required rate and quality. Adding to the risk was Boeing’s aggressive plan to lean out inventory and virtually eliminate any safety stock of fasteners. In other words, the supply chain was left with no room for errors or waste. In the end, there were unforeseen engineering challenges that required about 8,000 fasteners to be replaced in each aircraft … fasteners that were not readily available. The result, when the risk became an issue, was production and delivery delays with the rollout aircraft being held together by temporary fasteners. The old adage “for want of a nail the kingdom was lost” was very applicable. 

What does this mean for the DoD supply chain’s risk management? One clear lesson is the need for proper coordination and communication among all partners. We often rely on a Product Support Integrator (PSI) to bring the Product Support Providers together in delivering support. What level of data and information visibility do we have into the PSI’s supply chain? What is the PSI’s risk management plan? Are their processes so lean that they’ve created single points of failure? What is the supply chain variability? These are lessons the reports and Boeing’s experience teach us. Having a well-developed and vetted SCRM plan is a necessity. Above all, the engineering and logistics communities must be joined at the hip in order to succeed in this fast-paced, leaned-out global marketplace.


Read the full issue of

Defense AT&L

 

 

 


James Davis and John Sullivan are professors of Life Cycle Logistics at Defense Acquisition University and can be contacted at [email protected] and at [email protected].


subscribePrint Button