Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Monday - Friday, 6-9 a.m.
Hosts Tom Temin and Emily Kopp bring you the latest news affecting the federal community each weekday morning, featuring interviews with top government executives and contractors. Listen live from 6 to 9 a.m. or download archived interviews on our daily show blogs.
Pentagon struggles to secure a supply chain it no longer dominates
Thursday - 9/27/2012, 6:00am EDT
The phrase "Defense Industrial Base" is one too-often thrown around without much consideration for what actually makes up the marketplace for goods and services the military buys each day, said Brett Lambert, DoD's deputy assistant secretary for manufacturing and industrial base policy. To make progress on securing the modern supply chain, the Pentagon needs to rid itself of the outdated notion that there's a monolithic bloc of defense companies that supply products to warfighters.
"This is a trend the department has frankly been willing to recognize more in policy than in practice," he told a Potomac Institute forum on supply chain security. "I'd hazard a guess that 25 years ago, 70 percent of the goods and services the department procured were developed and produced exclusively for the military. Today, that ratio has reversed. Seventy percent of our goods and services are now either produced for commercial consumption or with commercial applications in mind. And it's backed by a largely commercial-based supply chain."
Brett Lambert, deputy assistant secretary of defense for manufacturing and industrial base policy
DoD's supply chain, Lambert said, is far more commercial and global than many people in the Pentagon realize, involving everything from multinational corporations to garage startups.
"This is a very difficult concept for many in our business to get their arms around. Frankly, the department is much more comfortable being the dog, not the tail of a market. This attitude, frankly, is not helpful when we discuss the various ways to track our supply chain," he said. "Simply put, the old standby to most supply chain concerns, which was to just mandate things, simply won't work in the modern global and commercial environment. We have to adjust. And we can't afford to dominate or prop up every important industry we rely on all the way up and down the supply chain. It's not economically feasible and it's not strategically desirable."
Buying commercial can help
That doesn't mean the department can fulfill all of its procurement needs by buying commercial. Lambert said there are niche, Defense-specific capabilities in U.S. firms, often as far as 10 tiers down the supply chain, that are so vital that the Pentagon can't do without them. But buying more commercial goods will free up dollars to support those must-have capabilities, he said.
And Lambert said recognizing the realities of a globalized marketplace has plusses and minuses.
On the one hand, DoD can expect to keep up with the pace of technology, better interoperate with other nations' militaries and save money in the process. On the other hand, there's the risk of integrating parts that might be counterfeit or of murky origin into military equipment and the possibility that existing U.S. intellectual property might make its way to foreign governments.
One of the government's answers to electronic supply chain risk has been to establish the Trusted Foundry program. In that construct, vendors are certified by DoD and the National Security Agency as having a secure manufacturing process that's entirely constrained to the borders of the United States. Lambert said that is one solution, but only in a relative handful of cases.
"The issue we find ourselves in, particularly in government, is we try to find bumper-sticker solutions that are easily understood by the legislators who have to pass them and the contracting officers that have to impose them. That leads you then to building fences around things because it's the easy solution," he said. "Trusted foundries are a very good solution for some things, but it's a very narrow, very specific set of challenges, and it's a very expensive solution we should reserve for very unique products. You could pursue it for a wider range of things, but you'd find yourself several billion dollars and many years later being able to manufacture a perfect 8086 computer chip."
Reputable vendors are key
Lambert said DoD will need to think about securing its supply chain in tiers. Absolutely mission-critical, military-specific products might get produced in secure foundries. Others might rely on commercial best practices for securing the supply chain.
Melissa Hathaway, president, Hathaway Global Strategies
Melissa Hathaway, the president of Hathaway Global Strategies and the former White House cybersecurity advisor, agreed that many of the technologies DoD wants to leverage in the coming years simply can't be produced in a walled-off environment.
"Any one of these new tablets or computers or smartphones has likely talked with more than 40 countries along the way," she said. "Is it really possible to talk about an indigenous build and manufacturing process as we're managing the risk?"
The government, to be sure, needs to think carefully about securing its supply chain, Hathaway said. But it can mitigate much of the risk merely by buying from reputable commercial firms, who also have plenty of money and reputation at stake if they fail to secure their own supply networks.
"We need to think about secure distribution channels, but it's the distribution of multiple components that go into another component that then go to market. When we think about that, we need to give the vendors credit that they actually have vetted their suppliers, because they don't want a counterfeit product getting to market," she said. "So we need to use their trusted channel partners and their value-added resellers or buy off of the General Services Administration's vetted tables. It's very difficult to become a supplier in the first place to one of the high brand names, because they don't want to have their brand integrity or their product challenged."
Lambert said DoD will rely heavily on commercial security standards and adopt industry's best practices to secure its own supply chain wherever it makes sense. He said even though the department relies heavily on commercial technology, a trend that will only increase in the coming years, there are still too many regulatory and compliance barriers for commercial companies to sell directly to DoD.
"Top managers of commercial companies are often put off, particularly in the telecommunications market, by the political and government-induced complexities of working with the government, both as a regulator and a buyer," Lambert said. "But I try to remind them that while Uncle Sam might not be their favorite uncle, he's by far the single richest one they'll ever know."