SCRM for the DIB

Supply Chain Risk Management for the Defense Industrial Base

Risk Assessment and Mitigation

Exiger Is Your Solution to Assess and Mitigate Risks in Your Supply Chain & Supply Chain Management

Many DIB supply chain issues are hidden in opaque, sub-tier supplier networks. Transparency is required not only at the item or parts level, but down to raw materials to obtain better visibility and risk information.

Incorporating technology to leverage data for transparency and risk security is essential for the DIB to support DoD while safeguarding critical U.S. national security.

Exiger offers a full suite of Supply Chain Management products for customers to identify and track daily supplier interactions at the micro item level. This allows you to identify, prioritize and validate inherent and imposed macro risks in critical supply chains, and conduct deep-dive supplier risk assessments for review by key stakeholders.

Our web-based platform brings this all together in dashboard views that allow you to monitor and action on changes in risk as new data is added in near real-time.

Supply Chain Security

The DIB's Role in Supply Chain Security

The Department of Defense and its component—the Under Secretary of Defense for Acquisition and Sustainment—is the U.S central body designed to defend and protect U.S. National Security through the military’s supply chain.

In the last few years, several executive orders and policies focused on U.S. supply chain security and integrity were enacted. Securing Defense for Critical Supply Chains was released as a response to President Biden’s Executive Order 14017, which details guidelines to strengthen the resiliency of America’s supply chains.

The Defense Industrial Base (DIB) refers to government, domestic, and foreign private sector companies operating globally. DIB companies provide necessary products and services for the sustainment and deployment of military operations, including: defense research and development, manufacturing, weapon systems and sensors. Over 100,000 companies work under contract with the U.S. Department of Defense to provide materials and services to the government for production and sustainment of military equipment, including weapons and technology.

Because of their unique position with access to sensitive information and facilities, the DIB has the potential to be either a significant national security vulnerability, or the strong and resilient backbone of national defense. Compared to typical commercial organizations, DIB companies have an added challenge because of high rates of targeting by foreign adversaries and bad actors seeking to harm U.S. national security interests.

Unlike many other commercial entities, DIB companies share many supply chain risks with DoD that go beyond traditional supply chain concerns like material shortages and the financial resilience of supplier networks.  In addition to these common SCRM risks, the DoD has developed and maintains a more specialized and comprehensive approach to monitoring and mitigating these supply chain risks to ensure uninterrupted support for the warfighter and strengthen the resilience of the national defense industrial base. Examples of specialized defense risks include additional focus on foreign ownership, state-owned entities, NDAA-prohibited suppliers, critical technology list elements, cybersecurity, and hardware or software compromise.  DoD and DIB entities are particularly concerned about the vulnerabilities inherent in critical technology programs, including data breaches, counterfeit, parts obsolescence, dual-use technologies and export controls.

Supply Chain Security

To prevent introducing weaknesses into the U.S. defense supply chain, DIB organizations should consider the following risk areas:

  • Focusing on cost instead of national security: System-level manufacturers may unintentionally reduce supply chain transparency by simply seeking the cheapest producers without probing the integrity of the sources. More visibility is needed into the sub-tiers of critical infrastructure, like the microelectronics supply chain, to identify supply chain threats, risks, and vulnerabilities and ensure that parts are sourced from trusted suppliers.
  • Cyber attacks: Increasingly, adversaries are targeting suppliers in information and communications technologies  (ICT)/networking supply chains.  To protect national security interests, cybersecurity standards and enforcement mechanisms highlighted in Executive Order 14028 should be maintained.
  • Microelectronics counterfeiting: In the defense industrial base, microelectronic assets are present in nearly every weapon system and information system. Counterfeiting of microelectronic assets and materiel is a significant vulnerability, and ensuring that microelectronic suppliers are trusted is essential.
  • Over reliance on offshoringForeign Ownership, Control, or Influence (FOCI) risk associated with the DIB includes a heavy reliance on manufacturers and suppliers based in foreign nations. Diversifying the supply base to include U.S.-based or allied-based companies can increase resilience and reduce risk of compromise through foreign adversaries.

To address such risks, the DIB needs to gain transparency into their sub-tier supplier ecosystem down to the parts or raw materials level to understand source provenance, security and risk. One incident to learn from is the F-35 production stoppage caused by ITAR violations from sub-tier suppliers.


Broadening the Organizational Mindset Regarding Risk

DIB organizations need to broaden their mindset to solve supply chain risks in cybersecurity and information technology. For threat risk management, it’s necessary to move away from just a checklist-based approach to one that is more threat-based.


Though compliance is a great way to keep an eye on risks, some companies abuse compliance to limit risk definition, evaluation and actions, when a broader perspective is needed.

Exiger's Capabilities Include:

  • Identification, prioritization and assessment of vendor and supply chain inherent and macro risks (e.g., Foreign Control and Influence, Cyber, Financial, Reputational)
  • Multi-tier supply chain mapping and visualization
  • Item-level supplier interactions and mitigation of micro item-level risks
  • Material and component parts forecasting
  • Early warning of supply chain disruptions
“The more broadly you can define risk, the more likely you are to proactively measure it and get ahead of it, and the less likely it is to be able to disrupt your operations or your business or to introduce some kind of risk to your clients.”

Theresa Campobasso

organizational Resistance

Organizational Resistance Regarding Risk

Reaching an agreement on an organization’s risk appetite is difficult when a variety of stakeholders are involved in a process. For example, it is difficult to get a consensus when holding a discussion between an insider threat professional and a contracts or compliance professional, or enterprise risk manager. Each one of them speaks a different language.


To overcome DIB supply chain organizational resistance, focus on the true drivers of the problems for accelerated decision-making and evaluate program functions to reduce risk. This can be done through obtaining core documentation and leveraging transparent, indisputable and actionable data.

How the DIB Responds to Government-Led Changes in Supply Chain Standards

The U.S. government released a memorandum in September 2022, requiring agencies to comply with NIST guidance. The step was to further bolster America’s cybersecurity posture. And, the Department of Homeland Security (DHS) also launched the Cyber Safety Review Board (CSRB) to investigate national cyber incidents.

Additional legislation creating compliance requirements for the DIB supply chain include the Uyghur Forced Labor Prevention Act and NDAA Section 889.

While compliance can be a primary driver, forward-thinking DIB companies are embracing higher regulatory standards as an opportunity to enhance their supply chain security. DIB companies can ensure they are supporting the DOD’s acquisition strategy by investing in AI technology to map their supply chains and relationships throughout the lifecycle of their SCRM programs.

Expert-Backed, Technology-Powered Risk Management

Discover how Exiger’s award-winning, AI-powered technology is changing the way critical infrastructure stakeholders manage risk.

Third Party Risk Management

Scalable solutions for TPRM

Supply Chain Risk Management

A clear and dynamic view of supply chain risk

AI-powered Advisory Solutions

Find the stories hidden in your data

Managed Services

Let Exiger become an extension of your team

our blog

Demo The
Exiger Platform

Save the Day
Be a supply chain superhero