The Defense Logistics Agency (DLA) manages the global supply chain for the United States Armed Forces (Army, Navy, Air Force, Marine Corps, and Coast Guard), including 86% of the military’s spare parts and almost all the armed forces’ fuel and food. The DLA’s global supply chain operates across the United States and in 28 different countries, and provides more than USD 38 billion in goods and services annually, making it one of the most expansive and complex supply chains of any organization in the world.
Thousands of companies work with the DLA and contract out to thousands of suppliers, vendors and third-party service providers. The supply chain risks that the DLA contends with cannot be overestimated; counterfeit and low-quality goods, fraud and forced labor, and cyberespionage and technology theft, to name a few.
In July, the DLA announced a new Supply Chain Security Strategy that uses the latest in technological innovations and supply chain management know-how to address the many risks inherent in one of the world’s largest supply chain webs. This excerpt from the Strategy homepage drives home the task that the DLA has taken up:
DLA’s global supply chain … encompasses a myriad of complex and interconnected systems, processes, facilities, infrastructure, suppliers, transportation nodes, endusers, and employees. Twenty-three sub-elements enable these primary components of DLA’s global supply chain. They include business processes, business systems, distribution centers, vendor-networks, industrial support, financial health, employee readiness, cybersecurity, DLA’s six major subordinate commands and nine supporting supply chains. Each of these supply chain components and sub-elements are susceptible to adversarial exploitation and disruption from a host of potential threats.
Shoring up supply chain security across the board
The efforts by the DLA to put together an all-encompassing strategy to address supply chain security is part of a trend to shore up the government’s supply chain procurement process. The John S. McCain National Defense Authorization Act for Fiscal Year 2019 (NDAA) (Pub. L. No. 115-232 [2017-2018]), for example, contains numerous provisions regarding security, including prohibitions on purchasing equipment and sharing technology with Chinese telecommunications firms; cybersecurity provisions; and large-scale changes to the Committee on Foreign Investment in the United States and the overall export framework through the Export Control Reform Act of 2018 (H.R.5040 — 115th Congress).
Additionally, an explosive 2018 report by The MITRE Corporation, Deliver Uncompromised: A Strategy for Supply Chain Security and Resilience in Response to the Changing Character of War, argued that risk assessments and policies regarding risk mitigation within the government exist in silos, making it difficult to implement proactive measures and respond quickly and effectively to breaches: “Few if any holistically consider the entire blended operations space from a counter-intelligence perspective and act on it. Risk quantification and mitigation, as a mission, receive insufficient resources and prioritization. Too little attention is directed toward protection of operational security or software assurance. There is no consensus on roles, responsibilities, authorities, and accountability.”
The report, as well as another by the U.S. National Counterintelligence and Security Center, 2018 Foreign Economic Espionage in Cyberspace, spurred efforts by the Pentagon to develop cross-departmental collaboration on risk assessment, have Congress pass legislation that shields firms from being sued if they share vital information with each other in order to combat cyber threats, and consider the establishment of a National Supply Chain Intelligence Center.
Turning a massive ship
Government procurement is very complex. Thousands of regulations, bound up in the Federal Acquisitions Register and the Defense Federal Acquisition Regulation Supplement, cover every aspect of the process, including “requirements determination, bidding procedures, selection, contract execution, billing, socio-economic requirements, auditing, close-out, and evaluation of contracts involving federal funds.”
An article in SCCE’s The Complete Compliance and Ethics Manual 2019, “Government Contractor Integrity and Responsibility – Risks and Opportunities in the Federal Marketplace” by Eric R. Feldman, senior vice president and managing director of corporate ethics and compliance programs for Affiliated Monitors, Inc., and Rodney A. Grandon, managing director of monitoring services for Affiliated Monitors, Inc., lays out the very basics of government procurement. But even this summary of the process lists out nine major regulations that every compliance officer dealing with government contracting must be aware of, such as the Truth in Negotiations Act (10 U.S.C. § 2306a) and the Buy American Act (41 U.S.C. §§ 8301–8305 ).
A related article in The Complete Compliance and Ethics Manual, “Government Contracting and the Federal Acquisition Regulation System” by J. Andrew Howard, JD, Partner with Alston & Bird LLP, goes into greater detail regarding the Federal Acquisition Regulation System and what contractors should know, including explanations of the various types of acquisition methods authorized under it.
The Buy American Act received a shot in the arm this past January when U.S. President Donald Trump issued an executive order, “Strengthening Buy-American Preferences for Infrastructure Projects,” that placed a greater emphasis on federal agencies to enforce “Buy American” regulations.
According to an article by David Yang, partner at Oles Morrison Rinker & Baker LLP:
[The order has] significant, potential implications for the contractor community because prior to the Executive Order the Buy American Act only applied in cases of federal procurements directly issued by the government. With the new Executive Order, however, the Buy American Act now potentially applies to any project that receives financial assistance from the federal government even if the project is not a procurement that was solicited by the federal government.
With all of this weighty regulation covering government procurement, how feasible is it that the DLA can implement a supply chain security strategy that will have an immediate impact on how contractors and vendors conduct business?
The answer to that question isn’t as important as understanding that the ship itself is most definitely shifting course: U.S. government procurement, perhaps the most expansive marketplace in the world, is undergoing a security check that will ripple through the supply chain down to the smallest vendor. It may take a decade for all of the processes to settle into place, but it behooves government vendors in the meantime to take note of the shift to avoid becoming an example for others.
Takeaways
-
The U.S. government procurement process is initiating a security check across the board that is rippling down through the supply chain.
-
Supply chain security strategies target espionage, fraud, kickbacks, conflicts of interest, nation-state actors, sanctions and more. Supply chain compliance managers with organizations in the complex government supply chain should align themselves now.