Government Supplier Risk Management: The Critical Need for Technology-Based Information Sharing

Threats to supply chains are constantly changing, so the solutions used to combat them need to evolve even faster. You need to know your sub-tier supplier ecosystem better than your adversaries–what are risks and what are threats? Threats: where are adversaries already operating within your supply chain vs Risks: where is your supply chain vulnerable to your adversaries? What are they after? Why are they after it? How are they executing in the long or short term to influence it?

For federal agencies, multiple threat vectors are often at work simultaneously–if one is thwarted there’s another waiting to take its place. A risk to one organization’s supply chain could be a full-blown threat to another’s, and problems that appear local may be part of a global, state-sponsored strategy to influence strategic supply chains.

Exiger experts discussed the latest in federal supplier risk management, and why sharing information across a common risk framework through a comprehensive, continually monitored vendor vetting database is crucial to U.S. national security.

Let’s look at three problems associated with government SCRM programs today and how AI technology is the cornerstone to any solution set.

 

Problem #1: The Role of Shared Risk Indicators

Investigating the foreign ownership, control and influence (FOCI) of a vendor is no longer enough. There are so many other questions that need to be answered about each link in the supply chain: are the labor practices safe, are there any personnel risks, are vendors on any sanctions lists, what is their credit score, do any of their locations pose a geopolitical risk… the list goes on and on.

Federal SCRM programs must investigate each vendor with regards to six key risk indicators: 

• Foreign Ownership Control & Influence (FOCI)
• Environmental, Social & Governance Risk (ESG)
• Reputational, Criminal & Regulatory Risk (RCR)
• Financial Health (FH)
• Cyber Risk (CR)
• Operational Risk (OR)

These risks need to be looked at both in context and how they relate to and play off one another.

 

Solution #1: Providing a Holistic View of Risk with Technology

Government agencies need a thorough understanding of these risk indicators in order to get a holistic view of their entire supply chain. Information needs to be pulled quickly and completely, which is where technology comes into play.

A federal risk framework should provide information across the six major risk profiles to demonstrate a complete picture of risk. Exiger’s platform surfaces this data and then assigns a risk score both in aggregate and across each one of the individual indicators, to provide a comprehensive understanding of how the risks stand alone and how they relate to one another across all vendors.

 

Problem #2: Collecting the Right Data on the Pertinent Threat Vectors

Press releases, news coverage, historical relationships, social media, videos, dark web content… the sheer abundance of data is not only exhausting, but also constantly increasing and evolving. Particularly at the federal level, agencies may need to investigate each tier in their supply chain and then drill down to the item, part, or even raw material level. So how do you know what to look for, where to start, and when to stop?

Data is the key element to managing risk. Vendor information needs to be collected, measured, and monitored in significant enough amounts to be meaningful but not overwhelming. The data needs to provide both insight and context quickly and efficiently. Add in that data sources continue to grow exponentially, and it can seem like a never-ending, daunting task.

 

Solution #2:
Using Machine Learning & Natural Language Processing for Meaningful, Monitored Data

Over time, data growth has significantly outpaced the human ability to sort through it. There simply isn’t enough time to track down and investigate every potential risk; eventually corners are cut and vulnerabilities are left exposed. However, the volume of data provides both a challenge and an opportunity.

Technology makes the solution scalable. Machine learning and natural language processing reduce the noise and make sense of the risk. The use of these AI applications allows for massive amounts of data to be collected, analyzed, sorted and risk ranked in a fraction of the time (and cost) that it would take a team of human analysts. Those analysts are now free to spend their time doing what they do best; analyzing the information and deciding the best way to combat the threats.

Exiger uses machine learning to monitor and react in real time to tens of millions of data sources and with the addition of Supply Dynamics, supply chains can be illuminated down to the item, part, or raw material.

 

Problem #3: The Need for a Common Operational Picture (COP)

The risk factors have been identified and the right data has been collected based upon them. Now what? The information needs to be prioritized and evaluated to determine which risks require immediate action and which to monitor. A common operational picture is needed to understand everywhere adversaries are engaged across the whole of the federal government. Removing a threat from one agency’s supply chain is great, but what if another department is using that same vendor deeper down in their supply chain? The risks not only need to be surfaced, but they also need to be shared.

 

Solution #3: Sharing Information Across a Common Risk Framework

SCRM professionals need an up-to-date, 360-degree picture of risk–one that tells the story needed to make quick, data-driven decisions. Technology not only helps to write that story, but it also allows it to be shared.

Imagine if the risk information learned by one federal department could be shared with other government organizations while still ensuring classified information and IP remain protected. The benefits would be massive. Technology can create this common risk framework in which information is not only sorted and risk ranked across the six essential risk indicators but can be shared from agency to agency. This results in a common operational picture that facilitates collaborative planning and risk reduction across the whole of the U.S. government. Exiger’s insight platform creates a shared risk framework that is continually monitored and fully configurable, allowing different departments to customize the level of search and weight the risk scores based on their particular needs.

 

The Critical Role of Technology in Federal Supplier Risk Management

When the right data is collected, ranked across key risk indicators, and is made shareable, it creates a common operational picture throughout the federal government. This facilitates collaborative planning, stops threats at both the local and systemic level, and makes it easier for departments to find already-vetted vendors to add to their supply chain. It’s an essential component of federal supplier risk management and crucial to national security. Technology makes it possible.

 

---