Supply Chain Security Strategy EmblemDLA’s Supply Chain Security Strategy is the roadmap for how the agency will address supply chain security challenges across the enterprise. This cross-cutting effort is fundamental to our operations and underpins DLA’s ability to support the warfighter. Interruption of DLA supply chain operations compromises our nation’s ability to deliver combat power and execute critical missions. It’s that serious!

As the nation’s combat logistics support agency responsible for end-to-end management of nine supply chains supporting the warfighter, DLA has an inherent imperative to ensure we have the proper detection, protection, redundancy and resilience built into our systems, processes, infrastructure and people to ensure continued support to the warfighter.

Today’s world presents a multitude of challenges to DLA’s supply chain operations. Threats from natural disasters, geopolitical developments, nefarious activities, diminishing manufacturers, and the ever-present threat from the cyber-domain demand that DLA continues the journey to strengthen operational resiliency. As the threat environment evolves, so too must DLA’s ability to detect, protect, and continue operations in a contested or degraded environment through redundant and resilient supply chain operations.

This document carves a path forward for the agency to follow in pursuit of strengthening operational resiliency across the enterprise. The strategy within it anchors to the fundamental elements of Supply Chain Risk Management and mission assurance. I need every DLA member to understand this strategy and to support it wherever you may fit in because supply chain disruption is not an option for the warfighter. With each of us synchronized on supply chain security, together we can thwart disruption by strengthening operational resiliency.

- Former DLA Director Army Lt. Gen. Darrell K. Williams

Strategic Context

While speaking at the HQ CIA Supply Chain Summit in April 2019, the Joint Staff Director for Logistics observed that the character of logistics has changed dramatically over the years, but the nature of logistics remains the same. Getting the right things where they need to be at the right time and in serviceable condition has always been the primary objective. However, in the current technology-enabled environment, “the way” logisticians accomplish that is very different compared to the past. Today’s supply chains are expansive, non-linear, and highly relationship-dependent.

DLA’s global supply chain is staggeringly expansive and consists of acquisitions, storage, distribution, and disposal primary mission-sets. It extends to 46 states and 28 countries and encompasses a myriad of complex and interconnected systems, processes, facilities, infrastructure, suppliers, transportation nodes, endusers, and employees. Twenty-three sub-elements enable these primary components of DLA’s global supply chain. They include business processes, business systems, distribution centers, vendor-networks, industrial support, financial health, employee readiness, cybersecurity, DLA’s six major subordinate commands and nine supporting supply chains. Each of these supply chain components and sub-elements are susceptible to adversarial exploitation and disruption from a host of potential threats.

Cyber-attacks are a continuous threat to DLA’s global supply chain due to the interconnectedness of our information technology-dependent operations. There are more electronic devices than people in DLA, and cyber-attackers are growing in their sophistication.

Each year there are millions of attempts to access sensitive information on the DoD network. However, the threat spectrum extends far beyond cyber-attacks. Natural and man-made disasters and accidents can disrupt a vendor’s ability to supply DLA critical parts for the warfighter for an extended period of time. Geopolitical developments have the potential to constrain DLA’s access to allied partners, vendors, and critical resources. The proliferation of sensitive information by the unintentional mishandling of export controlled technical data can lead to an adversary’s ability to intercept US military technology. Bad-actors engaging in nefarious activities can steal the identity of legitimate suppliers, introduce counterfeit parts into DLA’s global supply chain, and disrupt the agency’s financial position. Sole-source and diminishing manufacturers can ground fleets of aircraft if they choose to discontinue operations while foreign dependencies and lack of visibility into sub-tier suppliers can lead to additional counterfeiting, cyber-attack, and espionage.
 

DLA’s mission is to sustain warfighter readiness and lethality by delivering proactive global logistics in peace and war. Maintaining an effective supply chain security posture through Supply Chain Risk Management is fundamental to the agency’s ability to meet its mission. It is within the threat spectrum captured above that DLA must innovate to strengthen operational resiliency in support of the warfighter.

DLA must continuously identify, assess, report and mitigate threats, vulnerabilities, and disruptions to its global supply chain. DLA’s end state is to establish an enterprise architecture that comprehensively addresses supply chain security challenges. An architecture that evolves as new threats emerge, one that endures the test of time and provides uninterrupted support to the warfighter.

A representation of DLA's materiel life cycle as a chain

DLA's Supply Chain Security Architecture


What does a “secure” global supply chain look like?


DLA’s overall supply chain security strategy is designed to establish an architecture that comprehensively addresses supply chain security from an enterprise perspective. The architecture consists of five broad components described here.

A chart showing the flow of DLA's Supply Chain Security Architecture areas


Threat/Vulnerability Identification and Risk Prioritization


The first architectural component is foundational to the agency’s supply chain security strategy. Its purpose is to establish a repeatable process to identify and report threats and vulnerabilities across DLA’s expansive global supply chain and to prioritize associated risk.

To strengthen operational resiliency, DLA must first understand where the “soft-underbellies of logistics” are within the agency. This first architectural component does that. The process must be comprehensive, repeatable and continuous, given the emergent and ever-changing nature of threats.


Offensive Risk-Mitigation Solutions


The second architectural component is dependent upon the first. Once threats are identified, DLA must have the ability to develop innovative offensive mitigating solutions that attack and minimize those threats.

Examples of offensive solutions include market-intelligence, cyber-operations and DNA-marking of microelectronics.


Defensive Risk-Mitigation Solutions


Similarly, once vulnerabilities are identified, DLA must have the ability to develop innovative defensive solutions that protect vulnerabilities and mitigate risk.

Examples of defensive solutions include Business Decision Analytics, Vendor Network Mapping and Export Controlled Technical Data Supplier Validation Processes.


Resilient Supply Chain Operations


The fourth architectural component is the guarantor of uninterrupted support to the warfighter. Its purpose is to infuse resiliency into DLA’s systems, processes, infrastructure and people. In the event that an adversary or natural disaster threatens DLA’s global supply chains, resilient supply chain operations ensure the mission continues.

Examples of resiliency include redundant capabilities, continuity of operation plans and systems hardening.


Prevention Through Detection, Protection and Defense


The purpose of the fifth architectural component is to operationalize supply chain security within the agency and to ensure that it endures the test of time. DLA must continuously prevent disruption by integrating supply chain security into the Agency Synchronization and Operations Center business rules in order to effectively detect, report, protect and defend against emergent threats.

The agency must also fully integrate SCRM into DLA’s Mission Assurance portfolio and ultimately into the Enterprise Risk Management framework to ensure that supply chain security is addressed from an enterprise perspective.

Supply Chain Security Strategic Focus Areas

Strategic Focus Areas

To create an architecture that comprehensively addresses supply chain security from an enterprise perspective, DLA will concentrate on the following four strategic focus areas:

  • Institutionalize supply chain security across the DLA enterprise
  • Maintain integrity and access to key data
  • Partner with valid, reputable vendors who produce quality supplies and services
  • Strengthen the resiliency of systems, processes, infrastructure and people

The strategic focus areas represent “strategy bins” that house supply chain security-related initiatives, which are mapped to objectives within DLA’s 2018-2026 Strategic Plan. Those objectives are depicted in the chart below as indicated by the purple circle labeled with an “S.” Click the chart to see a full-size version.

The supply chain security initiatives are the essence of DLA’s overall supply chain security strategy. They put the strategy into motion by actuating the four strategic focus areas for the purpose of achieving an architecture that comprehensively addresses DLA’s supply chain security challenges.

A chart showing the various Strategic Plan objectives and which lines of effort they support
View a full-size version of the Strategy Map

Institutionalize Supply Chain Security Across the DLA Enterprise

The first strategic focus area underwrites DLA’s ability to execute its mission-essential functions during peace and war, regardless of the nature of disruption. The bedrock initiative within this strategic focus area is integrating supply chain security into the agency’s Mission Assurance portfolio and Enterprise Risk Management framework. Key and essential to this is developing a standardized, repeatable process to assess enterprise-wide supply chain vulnerabilities. Establishing such a process is foundational to DLA’s ability to identify and report vulnerabilities and to prioritize, manage and mitigate supply chain risk. This initiative also unequivocally assigns the Office of Primary Responsibility for Supply Chain Security to DLA Logistics Operations. Explicit ownership of this cross-cutting effort enables an integrated approach to securing DLA’s global supply chain.

This strategic focus area also includes an initiative to finalize the development of the agency’s Resilient Supply Chain Operations Scorecard which will provide a “live” operational view of DLA’s supply chain security environment. The Scorecard includes DLA’s primary supply chain components and 23 sub-elements and portrays them from an agency, major subordinate command and regional command perspective. This live-fed resource will be integrated into DLA’s Enterprise Dashboard which will allow the Agency Synchronization and Operations Center to proactively prevent supply chain disruption through detection, protection and defense of DLA’s global supply chain. The initiative takes a phased approach to implementation by first (Phase I) developing the initial concept and business rules for its use. Phase II then incorporates existing feeds within the Enterprise Dashboard for an initial live-view and Phase III maps the remaining feeds and fully integrates the completed Scorecard into the Enterprise Dashboard.

Maintain Integrity and Access to Key Data

The second strategic focus area includes two primary initiatives that protect data and network systems. The first one is designed to protect the agency’s data and systems for internal use by operationalizing DLA’s cybersecurity strategy. Data and system breaches can cause significant disruption to supply chain operations. This initiative operationalizes DLA’s deployment of layered cybersecurity activities to protect, defend and infuse resiliency into information technology systems. Maintaining a secure and resilient cyberspace operating environment and ensuring prioritized remediation of top cyber risks are essential components of this initiative. It also sets in motion an effort to explore strategic partnerships between DLA and US Transportation and Cyber Commands to provide integrated, secure supply chain solutions to DoD. 

The second initiative strengthens Operations Security practices by controlling the exportation of DLA’s data to external partners through various measures. Much of DLA’s data is sensitive in nature and subject to exploitation if in the wrong hands. This initiative strengthens technical data controls across the enterprise by instituting an enhanced validation procedure for suppliers requiring access to export controlled technical data and develops the capability to block foreign Internet Protocol addresses from accessing export controlled data stored in DLA’s data repository. This initiative also assigns the highest level of restriction to the data repository for exportable data that includes a TDP and minimizes the amount of time a TDP is made available in the repository.

A third initiative within this strategic focus area optimizes the use of cybersecurity as a discriminator in source selections and awards to ensure DLA conducts business with vendors who take appropriate action to protect DoD sensitive data and information. The agency will also continue its collaborative partnerships with academia and industry to share supply chain security best practices and innovations with an emphasis on cybersecurity and data protection.

Partner with Valid, Reputable Vendors Who Produce Quality Supplies and Services

The purpose of the third strategic focus area is to ensure that the vendors DLA partners with produce high-quality materiel for the warfighter. The accompanying initiatives are heavily focused on preventing counterfeit and non-conforming parts from entering into DLA’s global supply chain. With well-established processes in place to ensure DLA partners with valid and reputable vendors, fraudulent exploitation still exists given the sheer volume of purchases, business transactions and the automation required to support them. Further complicating this is the complexity of sub-vendor relationships that support DLA’s primary vendor base.

To protect against counterfeit parts and fraudulent vendor activity, DLA engages in a number of mitigating activities. First, the agency will continue to “DNA mark” trusted-source microcircuits through DLA’s Product Test Center for Electronics in order to positively identify integrated circuit cards throughout their life cycle. The agency will also refine and implement vendor network mapping tools and Business Decision Analytics platforms to help identify subvendor relationships and enhance DLA’s ability to report suspect counterfeit activity to the Defense Criminal Investigation Service.

DLA will also continue its collaborative efforts to enhance the agency’s capabilities to protect against counterfeit parts and supplier fraud through existing cross-functional working groups. DLA is also in the process of developing enhancements to DLA’s Internet Bid Board System to strengthen the agency’s capabilities to mitigate counterfeit and fraud risk when procuring parts from an independent distributor as opposed to a trusted supplier within DLA’s existing vendor base. DLA also established a market intelligence initiative designed to give the agency a better understanding of the atmospherics within its vendor network. Fundamental to this initiative is the development of a business process focused on collecting, analyzing and disseminating actionable intelligence for specific markets of interest to help shape acquisition strategies.

Strengthen Resiliency of Systems, Processes, Infrastructure and People

The fourth strategic focus area ensures DLA’s support to the warfighter continues even in the midst of disruptive activity. The supporting initiatives were developed to strengthen operational resiliency by building resiliency into the agency’s systems, processes, infrastructure and people. Facilities must be secure and reliable, and employees must be able to detect and prevent disruptions and spring into action to provide continued operations when disruptions occur. DLA will also strengthen resiliency in its infrastructure by reducing cyber risks to installations and critical facility control systems through the development of an inventory, assessment and mitigation program for mission critical control systems.

DLA will also strengthen operational resiliency by exploiting current and emerging technologies that optimize supply chain risk identification, analysis and reporting through internal and external stakeholder collaboration. The agency will also establish comprehensive counterintelligence support plans for critical elements of the global supply chain. These tailored support plans will identify and mitigate counterintelligence vulnerabilities within specific supply chains, deter threats posed by foreign intelligence entities and preempt foreign intelligence targeting of DLA’s supply chains for the purpose of strengthening operational resiliency.

Continuity of operations is a key aspect of this strategic focus area and to the agency’s overall Supply Chain Security Strategy because it ensures uninterrupted support to the warfighter during disruptive events. DLA ensures continuity of operations through devolution/relocation plans and backup processes for key systems and infrastructure through a range of resilient and redundant capabilities. DLA will continue to develop and refine its plans to guarantee continuity of operations and evaluate them through continuous tests and exercises to ensure plans are effective in providing uninterrupted support to the warfighter.

Leveraging Enterprise Enablers

The 2018-2026 DLA Strategic Plan Enterprise Enablers are essential ingredients in the recipe for successful Supply Chain Security Strategy. Innovation, data management, technology and cybersecurity underpin the initiatives within the four Supply Chain Security strategic focus areas. They leverage key attributes of each to amplify and synthesize the multitude of cross-functional tasks associated with implementing the individual initiatives.

Securing DLA’s expansive global supply chain, within the context of a broad threat spectrum, calls on the agency to unlock new solutions to non-linear challenges through bold, innovative ideas. It also demands effective data management techniques to fully integrate the Resilient Supply Chain Operations Scorecard into the Enterprise Dashboard in order to provide a comprehensive, digitized view of the supply chain security landscape. It also requires the agency to leverage readily accessible and emerging technologies to drive competitive advantage and effective supply chain solutions for the warfighter. Technological solutions that are trusted, safe and cyber secure.
 

A visualization of four areas: Innovation, Data Management, Technology, and Cybersecurity