WT Business Beat

By Nick Wakeman

Blog archive
Nick Wakeman

Should supply chain security be part of the procurement process?

Mitre Corp. has done a study for the Defense Department and recommends ways to improve the security of the supply chain by making that part of the contract evaluation process.

In other words, supply chain security would join factors such as price, past performance and technical solution as major criteria for picking winners and losers.

As I read through Mitre’s "Deliver Uncompromised" report, one thought went through my mind, the government gets what it pays for.

I don’t mean that has a criticism. In fact, I think Mitre and DOD are onto something and it is a long time coming.

More than 15 years ago, a Hewlett-Packard executive told me that security issues can be easily solved but customers have to be willing to pay for them.

Mitre’s recommendations are right on track with that thinking.

“Risk-based security should be viewed as a profit center for the capture of new business rather than a ‘loss’ or an expense,” Mitre writes in its report.

In other words, DOD and the rest of the government have to be willing to pay for securing the supply chain. They have to recognize and value that the dangers of not protecting the supply chain outweigh the extra cost it will take to do so.

But Mitre also recognizes it isn’t just talking about paying contractors more.

“DOD must make better use of its existing resources to identify, protect, detect, respond to, and recover from network and supply chain threats,” the report says.

To do this, DOD needs to make organizational changes, increase coordination with the intelligence community, and cooperate more with the Homeland Security Department and other civilian agencies. It needs better relationships with contractors, new standards and best practices, new acquisitions strategies, and it has to motivate contractors to see active risk mitigation as a “win.”

And not to sound too cynical – motivation means money.

Mitre lays out 15 “courses of action for DOD:

  1. Elevate Security as a Primary Metric in DoD Acquisition and Sustainment
  2. Form a Whole-of-Government National Supply Chain Intelligence Center
  3. Execute a Campaign for Education, Awareness, & Ownership of Risk
  4. Identify and Empower a Chain of Command for Supply Chain with Accountability for Security and Integrity to DEPSECDEF
  5. Centralize SCRM-TAC with the Industrial Security/CI mission owner under DSS and Extend DSS Authority
  6. Increase DoD Leadership Recognition and Awareness of Asymmetric Warfare via Blended Operations
  7. Establish Independently Implemented Automated Assessment and Continuous Monitoring of DIB Software
  8. Advocate for Litigation Reform and Liability Protection
  9. Ensure Supplier Security and Use Contract Terms
  10. Extend the 2015 National Defense Authorization Act Section 841 Authorities for “Never Contract with the Enemy”
  11. Institute Innovative Protection of DoD System Design and Operational Information
  12. Institute Industry-Standard Information Technology Practices in all Software Developments
  13. Require Vulnerability Monitoring, Coordinating, and Sharing across the Supply Chain of Command
  14. Advocate for Tax Incentives and Private Insurance Initiatives.
  15. For Resilience, Employ Failsafe Mechanisms to Backstop Mission Assurance

The Washington Post reported DOD is reviewing the Mitre report before taking any action.

DOD has been looking at the issue since at least 2010 so I wouldn’t expect widespread adoption quickly, but let me know if you hear of any pilots or demos. I can’t help but feel the market is headed in the direction, so be prepared.

Posted by Nick Wakeman on Aug 13, 2018 at 2:11 PM

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • POWER TRAINING: How to engage your customers

    Don't miss our Aug. 2 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business. Read More


    In our latest Project 38 Podcast, editor Nick Wakeman interviews Tom Romeo, the leader of Maximus Federal about how it has zoomed up the 2019 Top 100. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.