In the Dark: How the Pentagon’s Limited Supplier Visibility Risks U.S. National Security
If logistics wins or loses wars, what wins or loses logistics? U.S. military doctrine has the answer: “The U.S. military supply chain (to include the defense industrial base) represents a major competitive advantage that underpins deterrence and allows the United States to project power.” Despite being established in doctrine, it took a global pandemic for the Department of Defense to take notice of the fragility of its supply chains and the full impact of China’s global economic expansion. However, acknowledging vulnerability, understanding it, and doing something about it are not mutually inclusive. While awareness in the Department of Defense is rising, the lack of visibility into defense supply chains makes easy targets for adversaries seeking to insert undetected risks into supply chains — silently biding time until they choose to exploit them. It is difficult to fix what you can’t see. It is time for the Department of Defense to take bold steps to gain full visibility into defense supply chains to help mitigate the risk of acquiring U.S. equipment from foreign adversaries and/or shoddy suppliers.
Supply chains underpin the global market. Every product has a network of interconnected companies that must come together at the right time and place to deliver a timely product. The more complex the product, the more nodes the network has. Each node has its own material, logistics, personnel, processes and stakeholder challenges. A disruption in one node will sweep quickly throughout the entire system and upend the supply chain.
The military supply chain is a complex system comprised of a network of suppliers, expanding beyond the known large defense contractors out to thousands of low-tier suppliers. Each tier of the network is critical to the success of the tiers above and below it. Within these networks, there are nexus suppliers critical to the success of the entire system. We argue that it is not too hard and not too expensive to gain full visibility over all of these supply chain nodes. To do so, the Department of Defense should capitalize on proven commercial supply chain software suites, work with Congress to set visibility mandates and reimagine its approach to supply chain management in the 21st century.
The Department of Defense’s Supply Chain Crisis
The Department of Defense has an incentive to map and fully understand its supply chain — and the suppliers that support it. It is currently facing two issues. The first, and most critical, is that the department does not know who provides parts for suppliers below a certain supplier threshold. An example from the private sector is illustrative of the supply chain and its nodes. The Center for Advanced Purchasing Studies mapped the American Honda Motor Company’s supply network. The supply chain included 10,832 suppliers: 245 first tier, 1,643 second tier, 4,605 third tier and 4,330 fourth tier. For Honda, over 97 percent of its suppliers were below tier one. This is the level of supplier visibility the Department of Defense admitted it was unable to attain in a 2022 report to the president.
The second challenge is that the suppliers the Department of Defense depends on may be clustered together in similar geographic regions. This makes them vulnerable to “kill shots,” a metaphor used for military targets that, if attacked, can render an adversary crippled and unable to respond. For example, the Living Supply Chain, a 2017 book on supply chain management written by Robert Handfield and Tom Linton, offers an illustration. Elementum mapped a client’s revenue streams to supplier locations, determining that 86 percent of the company’s revenues were tied to suppliers in one small geographic area. A single major disaster could ultimately impact 86 percent of the company’s revenues. Imagine if a similar geographic risk resides within the U.S. defense supply chain and how the clustering of a vital industry makes the United States vulnerable to attack.
The 2022 National Defense Strategy directs the Department of Defense to “fortify the defense industrial base, logistical systems, and relevant global supply chains” in response to the observed rise in supply chain impacts. For example, COVID-19-related supply chain disruptions caused delays in 48 major defense acquisition programs. Of those, 22 programs continue to experience delays, suggesting that things have not improved even as COVID-19-related concerns have subsided.
The U.S. Air Force’s acquisition chief has said: “Ongoing supply chain issues affecting subcontractors [sic] were largely responsible for the more than year-and-a-half delay” to the KC-46’s remote vision system. And the U.S. Navy’s Columbia-class submarine is already struggling to meet current program demands, highlighting that the “supply chain is the number 1 risk.” Beyond delays, the lack of visibility into all elements of the supply chain prevents the Department of Defense from identifying disruptions early — and planning for them proactively.
The second, and ongoing concern, is about quality control. There is a real risk of inferior or counterfeit components being injected into the Department of Defense’s supply chain. In June 2020, 1st Lt. David Schmitz was killed in an F-16 accident. In a related federal civil lawsuit, it was revealed that the Air Force identified several transistors and microchips that failed. The lawsuit alleges some of these components were counterfeit. Separately, in 2022, the Department of Justice filed criminal charges against an individual for selling approximately $1 billion of Chinese-made counterfeit Cisco components to companies within the United States and an undisclosed list of government agencies, including the Department of Defense.
Supply Chain Risk Management: The Department of Defense’s History of Neglect
Unfortunately, the fragility of the Department of Defense’s supply chain is not a new issue. Over five years ago, a Government Accountability Office report highlighted that the information required to effectively manage supply chain risks within the defense sector was lacking. In response to this report, the Department of Defense “completed a detailed assessment of key sectors … and identified major risks … and included discussion of gaps or vulnerabilities and mitigation strategies.” However, the growing trend of supply chain disruptions suggests the Department of Defense’s mitigation steps were either never fully implemented or that they have failed to mitigate the problems.
The F-35’s supply chain is a good example. The United States is 100 percent import-reliant on 16 minerals deemed “critical” to national security. China accounts for “63 percent of the world’s rare earth mining, 85 percent of rare earth processing, and 92 percent of rare earth magnet production.” Yet, it still took the Department of Defense 12 years to recognize “every one of the more than 825 F-35[s] … delivered contains a component made with a Chinese alloy that is prohibited by both U.S. law and Pentagon regulations.”
To address this lack of visibility, President Biden issued an executive order directing the Department of Defense to “submit a report identifying risks in the supply chain [sic] and policy recommendations to address these risks.” In response, the department admitted it had limited visibility, stating it “[does] not track these vulnerabilities … As supply chains have become more global in scale, prime contractors have lost some visibility into the sub-tiers of their supply chains, especially below third-tier levels.” The Department of Defense is currently reviewing these impacts. If history repeats, the department might see measurable progress in about 10 years.
Supply Chain Risk Management: A Tale of Two Industries
Supply chain risk management is not unique to the defense sector and the need for speed, agility and resilience is just as critical to profit margins as it is to national security. While private industry has evolved, the Department of Defense continues to view it through a very logistics-focused lens. Decades ago, industry began consolidating responsibility for the end-to-end value stream, establishing senior managerial positions for procurement and supply officers. In contrast, the Department of Defense continues to silo its functions of procurement, logistics, and operations. Each functional area assesses its lens of supply chain risk (e.g., cyber, acquisition, logistics, etc.), but no one organization is considering the inherent collective risks to the entire defense industrial base.
Private industry has also embraced the importance of proactive supply chain risk management and integrated it as a critical part of operations. Handfield and Linton offer that global supply chains are living systems “subject to biological rules.” And rule number one is that firms survive by adapting to changes in the ecosystem by “embracing real-time data, velocity, transparency, and rapid response.” Certain firms utilize commercial software solutions using big data, AI and machine learning to map supply chains. Others have implemented flow-down requirements mandating the use of commercial software solutions that rely on data directly from suppliers to create verified supply chain maps. In both cases, many then employ additional software to conduct real-time monitoring of the mapped network using publicly available information. Everstream, Resilinc, Craft, BlueVoyant, Deloitte CentralSight and many more offer software solutions in this space. Becton Dickenson, one of the world’s largest medical technology firms, utilized Everstream to map a product line in three days with over 90 percent accuracy. Previous internal attempts took Becton Dickenson four years to accomplish. Using Resilinc’s software to build a validated supplier map, IBM received real-time supplier updates during the COVID-19 pandemic. This allowed IBM to proactively mitigate issues, resulting in zero missed product deliveries due to pandemic-related disruptions.
Despite the leaps made in the commercial sector, the defense sector has barely taken its first steps toward gaining real visibility into its supply chains. It has been over a year since the Department of Defense said it would apply analytical tools to identify vulnerabilities. To date, nothing of significant value has been fielded. The organic solutions being explored are not only costly but also directly conflict with the department’s own call to action to “act as a fast-follower” with regard to commercial technologies.
Recommendation and Conclusion
U.S. national security relies on the strength and resilience of its defense supply chains, and failing to understand their limits will be catastrophic in conflict with a near-peer adversary. The Russian invasion of Ukraine has already resulted in the United States struggling to meet munition needs for Ukrainian forces for a regionalized conflict. In the Pacific, the United States faces a $19-billion backlog of planned weapon transfers to the Taiwanese military, while delaying 66 new F-16V aircraft deliveries due to supply chain disruptions. In Taiwan Strait conflict wargames, the Center for Strategic and International Studies determined that “the United States would likely run out of some munitions — such as long-range, precision-guided munitions — in less than one week.” The report also stated: “The U.S. defense industrial base is not adequately prepared for the international security environment that now exists.”
This stark performance and assessment of the U.S. industrial base should alarm policymakers in the Department of Defense and Congress. While there is growing awareness of this crisis within the Pentagon, it appears the Department is trending toward historical patterns of organizational change versus accountability. Dr. William LaPlante, the Department of Defense’s top procurement official, issued a memo in March 2023 establishing a Joint Production Accelerator Cell. It will be responsible for “building enduring industrial production capacity, resiliency, and surge capability for key defense weapon systems and supplies.” This initiative calls into question the broader effectiveness of the Department of Defense’s existing Industrial Base Policy office and should be a pause for strategic reflection. Why create a new organization when the Department of Defense has an established office already charged with sustaining “a robust, secure, and resilient industrial base”?
To drive more enduring impacts in fortifying the defense industrial base, the Department of Defense should first understand the scope of the problem it is trying to fix. We recommend the Department of Defense immediately execute an experimentation plan to test widely available commercial supply chain visibility solutions and select a common suite for the department. The Department of Defense should avoid replicating commercial applications, seeing that previous attempts by the department struggled to reach the field or later were scrapped after spending millions of dollars. Custom solutions also fail to leverage proven commercial applications already deployed at scale. Additionally, a common suite ensures the department is able to gain visibility across programs. Allowing each program to address supply chain visibility individually will answer program-specific questions, but it will not answer the broader question of the “kill shots” within the defense industrial base.
The Department of Defense should also work with Congress to implement visibility mandates for industry. This mandate should include a standard of visibility and government data access for all government contractors to give the Department of Defense the authority to hold industry accountable for supply chain risk management. This legislation already exists for rare earth elements for permanent magnets (10 U.S. Code § 857) and sensitive materials from non-allied foreign nations (10 U.S. Code § 4872). To imply the government is not able to gain visibility due to contract or cost constraints neglects to acknowledge the myriad standards the government already levies on industry. National security depends on resilient supply chains and visibility is the first step in fortifying them.
More broadly, the Pentagon should reconsider how it thinks about supply chain management. The majority of the focus on supply chain management and supply chain risk management is through the lens of logistics. This approach completely ignores what is happening in the supply chains as a system is in development or production. Too often, Department of Defense program offices relegate weapon system supply chain monitoring and oversight to logistics or to the contractor, often with little oversight or attention from program leadership until there is a problem. This is a dated approach. Supply chains impact almost every aspect of a system. The risk exposure to the defense ecosystem from horizontal integration and global diversification remains unknown.
Therefore, supply chain accountability must garner proactive attention from the earliest stages of weapon system development. For example, the full network of suppliers should be evaluated by the Department of Defense prior to codifying a weapon system design. The acquisition community must reimagine how “cost, schedule, performance” is defined. Rather than focus on obligation rates and updating baselines to bring programs back on schedule, program leaders must recognize the integrated impacts of the supply chain to all three areas if they are to remain relevant in the 21st century.
It is time for the Department of Defense to act swiftly. The CIA has said they are aware of Chinese intentions: General Secretary Xi Jinping told his army to “be ready by 2027” to invade Taiwan. One thing is certain today: Department of Defense supply chains lack the resiliency for a large-scale protracted conflict and they are not on track to be better positioned in 2027. The Department of Defense’s approach toward strengthening the defense industrial base and securing its supply chains is failing to move at the speed of relevance. As many Department of Defense leaders remain hyper-focused on exquisite technology, they should not forget that “none of this technical overmatch matters if America can’t build enough of it, sustain it, or get it to the fight in the first place.” Defense supply chains are under assault and the United States is losing. It is time for the Department of Defense to stop the studies and take immediate and real action to identify “kill shots” at risk for exploitation. Supply chain visibility across the defense industrial base is foundational for national security, and it requires a united implementation strategy.
Lt. Col. Nicholas Jordan has over 18 years of Air Force program management and acquisition experience. He is a student at the Eisenhower School of National Security and Resource Strategy at the National Defense University in Washington, D.C.
Lt. Col. Jennifer Mapp has over 22 years of Air Force contracting and acquisition experience. She is a national defense fellow at Georgetown University in Washington, D.C.
The views expressed in this article are those of the authors and do not reflect the official policy or position of the United States Air Force, National Defense University, Department of Defense, or U.S. government.
Image: Capt. Travis Mueller