The pixel Skip to content

Supply Chain Risk Management for the Defense Industrial Base (DIB)

3D Protected guard shield security concept Security cyber digital Abstract technology background protect system innovation concept  vector illustration

The DIB’s Role in Supply Chain Security

The Department of Defense and its component—the Under Secretary of Defense for Acquisition and Sustainment—is the U.S central body designed to defend and protect U.S. National Security through the military’s supply chain. 


In the last few years, several executive orders and policies focused on U.S. supply chain security and integrity were enacted. Securing Defense for Critical Supply Chains was released as a response to President Biden’s Executive Order 14017, which details guidelines to strengthen the resiliency of America’s supply chains.


The Defense Industrial Base (DIB) refers to government, domestic, and foreign private sector companies operating globally. DIB companies provide  necessary products and services for the sustainment and deployment of military operations, including: defense research and development, manufacturing, weapon systems and sensors. Over 100,000 companies work under contract with the U.S. Department of Defense to provide materials and services to the government for production and sustainment of military equipment, including weapons and technology. 


Because of their unique position with access to sensitive information and facilities,the DIB has the potential to be either a significant national security vulnerability, or the strong and resilient backbone of national defense. Compared to typical commercial organizations, DIB companies have an added challenge because of high rates of targeting by foreign adversaries and bad actors seeking to harm U.S. national security interests.


Unlike many other commercial entities, DIB companies share many supply chain risks with DoD that go beyond traditional supply chain concerns like material shortages and the financial resilience of supplier networks.  In addition to these common SCRM risks, the DoD has developed and maintains a more specialized and comprehensive approach to monitoring and mitigating these supply chain risks to ensure uninterrupted support for the warfighter and strengthen the resilience of the national defense industrial base. Examples of specialized defense risks include additional focus on foreign ownership, state-owned entities, NDAA-prohibited suppliers, critical technology list elements, cybersecurity, and hardware or software compromise.  DoD and DIB entities are particularly concerned about the vulnerabilities inherent in critical technology programs, including data breaches, counterfeit, parts obsolescence, dual-use technologies, and export controls. 


To prevent introducing weaknesses into the U.S. defense supply chain, DIB organizations should consider the following risk areas:

  • Focusing on cost instead of national security: when system-level manufacturers unintentionally reduce supply chain transparency by simply seeking the cheapest producers without probing the integrity of the sources. More visibility is needed into the sub-tiers of critical infrastructure, like the microelectronics supply chain, to identify supply chain threats, risks, and vulnerabilities and ensure that parts are sourced from trusted suppliers
  • Cyber attacks: increasingly, adversaries are targeting suppliers in information and communications technologies  (ICT)/networking supply chains.  To protect national security interests, cybersecurity standards and enforcement mechanisms highlighted in Executive Order 14028 should be maintained.
  • Microelectronics counterfeiting: in the defense industrial base, microelectronic assets are present in nearly every weapon system and information system.Counterfeiting of microelectronic assets and materiel is a significant vulnerability, and ensuring that microelectronic suppliers are trusted is essential..
  • Over reliance on offshoring: Foreign Ownership, Control, or Influence (FOCI) risk associated with the DIB includes a heavy reliance on manufacturers and suppliers based in foreign nations. Diversifying the supply base to include U.S.-based or allied-based companies can increase resilience and reduce risk of compromise through foreign adversaries.


To address such risks, the DIB needs to gain transparency into their sub-tier supplier ecosystem down to the parts or raw materials level to understand source provenance, security, and risk. One incident to learn from is the F-35 production stoppage caused by ITAR violations from sub-tier suppliers.


touching global network and data customer connection

Broadening the Organizational Mindset Regarding Risk

DIB organizations need to broaden their mindset to solve supply chain risks in cybersecurity and information technology. For threat risk management, it's necessary to move away from just a checklist-based approach to one that is more threat-based.


Though compliance is a great way to keep an eye on risks, some companies abuse compliance to limit risk definition, evaluation, and actions, when a broader perspective is needed. 

"The more broadly you can define risk, the more likely you are to proactively measure it and get ahead of it, and the less likely it is to be able to disrupt your operations or your business or to introduce some kind of risk to your clients.”

Theresa Campobasso

Exiger Vice President and Global Head of Defense

Organizational Resistance Regarding Risk

Reaching an agreement on an organization's risk appetite is difficult when a variety of stakeholders are involved in a process. For example, it is difficult to get a consensus when holding a discussion between an insider threat professional and a contracts or compliance professional, or enterprise risk management. Each one of them speaks a different language.


To overcome DIB supply chain organizational resistance, focus on the true drivers of the problems for accelerated decision-making and evaluate program functions to reduce risk. This can be done through obtaining core documentation and leveraging transparent, indisputable, and actionable data.

Abstract network connection on dark background

How the DIB Responds to Government-led Changes in Supply Chain Standards

The US government released a memorandum in September 2022, requiring agencies to comply with NIST guidance. The step was to further bolster America’s cybersecurity posture. And, the Department of Homeland Security (DHS) also launched the Cyber Safety Review Board (CSRB) to investigate national cyber incidents.


Additional legislation creating compliance requirements for the DIB supply chain include the Uyghur Forced Labor Prevention Act and NDAA Section 889


While compliance can be a primary driver, forward-thinking DIB companies are embracing higher regulatory standards as an opportunity to enhance their supply chain security. DIB companies can ensure they are supporting the DOD’s acquisition strategy by investing in AI technology to map their supply chains and relationships throughout the lifecycle of their SCRM programs.

Exiger is Your Solution to Assess and Mitigate Risks in Your Supply Chain & Supply Chain Management

Many DIB supply chain issues are hidden in opaque sub-tier supplier networks. Transparency is required not only at the item or parts level, but down to raw materials to obtain better visibility and risk information. 


Incorporating technology to leverage data for transparency and risk security is essential for the DIB to support DoD while safeguarding critical U.S. national security.


Exiger offers a full suite of Supply Chain Management Products for customers to identify and track daily supplier interactions at the micro item level. This allows you to identify, prioritize and validate inherent and imposed macro risks in critical supply chains, and conduct deep dive supplier risk assessments for review by key stakeholders.


Our web-based platform brings this all together in dashboard views that allow you to monitor and action on changes in risk as new data is added in near real-time. Capabilities include:

  • Identification, prioritization, and assessment of vendor and supply chain inherent and macro risks (e.g., Foreign Control and Influence, Cyber, Financial, Reputational)
  • Multi-tier supply chain mapping and visualization
  • Item level supplier interactions and mitigation of micro item-level risks
  • Material and component parts forecasting
  • Early warning of supply chain disruptions

Ready to see Exiger’s solutions in action? Let’s connect for a demonstration.

The risk landscape is constantly changing. Hear about the latest with Exiger.