Article
Reflections on the impact of COVID-19: CISA task force provides six recommendations to enable supply chain resiliency
Dec. 30, 2020 · Authored by Leo Alvarez, Jeff K. Clayton, Matt Gilbert
The Cybersecurity and Infrastructure Security Agency (CISA), in close collaboration with its Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force[1] on Nov. 6, 2020, published a report examining critical shortfalls in the resilience of our nation’s supply chains stemming from the COVID-19 pandemic. The report, titled “Building a More Resilient ICT Supply Chain: Lessons Learned during the COVID-19 Pandemic,” analyzes how companies were affected by balancing efficiency (and a reliance on lean inventory models) and resiliency (or the ability to maintain strong visibility and quickly shift sourcing, production and distribution) in their supply chain operations during the pandemic.
The impact of COVID-19
The task force surveyed 50 ICT companies, seeking to measure the impact on supply chain activities with a focus on how the disruption extended across inventory management, supply chain transparency and sourcing concentration. The make-up of the group surveyed included five companies “identified as Broadcasters, 34 as Communications Services Providers (CSP) and 11 as IT Service Providers (ITSP).” The ICT SCRM Task Force identified three major issues made more difficult due to complications arising from the COVID-19 pandemic:
- Supply chain diversity/concentration risk: Companies with a reliance on a single source or geographic concentration in suppliers are more likely to struggle to adapt to a quickly changing environment.
- Reliance on lean inventory models: A reliance on just-in-time manufacturing (meant to drive operational efficiency) meant that supply chains lacked the necessary inventories of critical components and/or products to handle the disruption caused by the pandemic.
- Supply chain visibility: Companies that do not have visibility beyond their first-tier suppliers (to fourth and fifth parties) are less likely to be agile and maintain continuity during a disruption.
