The pixel Skip to content

From TPRM to SCRM: Exiger on the Evolution in Supplier Compliance in COVID – Spotlight on Federal Government & Supply Chains w/ Carrie Wibben & Vishnu Anantatmula

Home > Perspectives > From TPRM to SCRM: Exiger on the Evolution in Supplier Compliance in COVID – Spotlight on Federal Government & Supply Chains w/ Carrie Wibben & Vishnu Anantatmula

Welcome to a special five-part podcast series, sponsored by Exiger, on topics From Third Party Risk Management to Supply Chain Risk Management: Exiger on the Evolution in Supplier Compliance in COVID. Exiger was founded to fight financial crime, fraud and terrorist financing by introducing technology-enabled solutions to the market’s biggest supply chain, risk, investigation, litigation, and compliance challenges. A global authority on risk and compliance, Exiger serves the world’s largest banks, Fortune 1000 companies and government agencies and regulators. Over the next five episodes, we will put a spotlight on Financial Institutions with Tara Loftus and Samar Pratt; focus on corporations with Aaron Narva and George ‘Ren’ McEachern; consider Federal Government and Supply Chains with Carrie Wibben and Vishnu Anantatmula; review the pillars of good compliance with Brandon Daniels and Carrie Wibben; and end with a review of third-party risk management solutions with Erika Peters and Skyler Chi.

In Part 3, we put a spotlight on Federal Government and Supply Chains. In this exploration I am joined by Carrie Wibben and Vishnu Anantatmula. Wibben is a Senior Vice President, National Security & Intelligence, based in Exiger’s McLean office. As the former Deputy Director of the Defense Counterintelligence and Security Agency (DCSA), Carrie joins Exiger following a distinguished career in homeland defense spanning various government agencies – including the US Department of Defense, the Executive Office of the President, and the Special Security Directorate. Anantatmula is a Senior Account Manager in Exiger Federal Solutions based in the company’s Tysons Corner office. His team is focused on OSD Acquisition and Sustainment, delivering critical time-sensitive assessments to Senior DoD Executives that facilitate informed decisions on large investments in the Pharmaceutical Industry and provide heavily researched solutions for illuminating technology products, programs, and sectors.

Wibben has spent the last two decades in defense and intelligence in the federal government and the last five years focused on counter-intelligence and risks to our critical technologies, critical infrastructure, and associated supply chains. From this perch she has observed that a “slow awakening has occurred over the past several years really about the fact that our adversaries no longer have to engage as kinetically to threaten our way of life. Our adversaries, every single day, engage non-kinetically through blended operations that take place through attacks to our supply chain in the cyber domain and also by exploiting human elements.” She went on to add that the “harsh reality is that every single day China and Russia employ a broad range of intelligence and military capabilities to steal our intellectual property, and this is really an attempt to gain a competitive, economic, and military advantage over us as a nation.”

Some of the specific problem include the following, Wibben said it is “estimated that one in every six North American companies have fallen victim to IP theft and the estimated value of that theft is up to $600 billion dollars.” The net effect is absolutely taking a toll. Our competitive advantage as a nation, our ability to fight and win the wars of the future, our ability to maintain enough military and technological dominance to deter those wars in the future is absolutely slipping from our grasp.” Finally, the “defense industrial base in particular, are on the receiving end every day, every minute of every day, completely disproportionate adversarial attacks on their supply chain and through non-cyber means. And the supply chains remain incredibly vulnerable.”

Anantatmula noted, “the silver lining could be that the DOD and federal agencies are recognizing this increased risk, and they’re expediting a number of supply chain risk management initiatives.” He provided a couple of examples, which could be as simple as vetting critical medical suppliers for personal protective equipment (PPE) equipment, or it could be more operational, financial. But it all starts with an understanding exactly of who the suppliers are. “We have an understanding of where our money is going and how to best safeguard our property. Similarly, the same process has been expanded to determine and mitigate continuing impact of COVID-19 for the industrial base, for the defense industrial base.” This also means down into to the sub-tier networks which may exist. He concluded, “we cannot accept risks or in any way compromise the integrity of the defense industrial base moving forward.”

I was fascinated by Wibben’s observations that as the Federal Government has hardened its approaches to Supply Chain compliance; many companies in the defense-industry are moving in the same direction. In other words, once again we see a move by the government, which may be in enforcement, regulatory pronouncement or here more robust Supply Chain risk management; leading to a commercial response. I concluded by asking Wibben some of the specific steps a company, which is a government contractor might take.

She began with her belief that no company on their own, within the defense industrial base, can successfully have the resources and means to defend against a nation-state sponsored cyber actor. Companies can elevate proper security and supply chain risk management as critical priorities and areas of significant investment. This would include “full mapping of their cyber assets and networks. They should consider investing in sophisticated cyber sensors to monitor for known adversary pre-attack activity. Companies can also invest in supply chain illumination and risk identification tools to enable them to have their own supplier networks down to the sub tier level and then conduct due diligence on those sub-tier suppliers that you’ve identified, to understand where you are most vulnerable, to ensure you can deliver whatever the product, technology, or service is back to the government in an uncompromised state from adversary penetration or intellectual property theft.”

This podcast is a part of the Compliance Podcast Network and also available on the FCPA Compliance Report site, iTunes, and YouTube.

Recorded in September 2020 and originally published by Thomas Fox.

The risk landscape is constantly changing. Hear about the latest with Exiger.