A new report from the Cybersecurity and Infrastructure Security Agency (CISA) and the Information and Communication Technology Supply Chain Risk Management Task Force finds several factors contributing to IT supply chain problems during the coronavirus pandemic.
Those factors include failure to diversify supply chains, problems understanding the “junior” ranks of supply chains and cascading supply chain failures that can result from them, and a reliance on “lean” inventories for IT products that were not able to withstand supply chain disruptions.
“The pandemic has been a wake-up call and companies, after assessing costs and benefits, may begin making shifts to their supply chains in order to reduce future risk,” the report finds. “This may include moving in and out of certain regions, developing enhanced but practical approaches to risk mitigation, and diversifying supply sources.”
“Given the global supply chain difficulties ICT companies are currently encountering because the virus adversely affects their ability to compress their cycle time, there are active policy discussions as to whether firms should be provided with various incentives to bring manufacturing home, closer to home, or to never leave in the first place,” the report says.
On the supply chain diversification issue, the report finds that industry for several years has been trying to move away from single source/single region suppliers, and reduce reliance on production from China because of trade disputes between the U.S and China. “Now, in some cases, COVID-19 is expediting that trend,” the report says.
On the importance of mapping the “junior” level of IT supply chains – the many second- and third-tier suppliers that feed up to primary suppliers – the report finds that lower-tier supply chains are often opaque, and supply problems at that level often cascade “through the entire supply chain system, making it difficult for a company to figure out where or why the delay is happening.”
And for companies that rely on lean inventory models, the report says, “recent disruptions and the pandemic have illustrated the risks of not holding much inventory of critical components or equipment, and the economic consequences of delayed customer deliveries that can follow as a result.”
The report offers several recommendations to companies, including doing a better job mapping their supply chains, broadening their supplier networks and supplier regional locations, and shifting thinking in optimal amounts of inventory to keep on hand.
The Supply Chain Risk Management Task Force is a partnership between CISA and the Communications Sector Coordinating Council, a group made up of communications industry companies that reviews industry and government actions on critical infrastructure protection priorities and cross-sector issues.