One of the largest silent – but no less deadly -- forms of supply risk that has emerged in recent years has stemmed from IP-related concerns dealing with Chinese suppliers. These risks run the gamut from outright IP theft to the counterfeiting of parts and finished products – in the most bold cases, during an “extra factory shift” – to exports that might be designed to “phone home” or cause specific operational issues when commanded. In total, the China supply risk equation represents a cornucopia of exposures for everyone from retailers to the DoD.
Without question, however, the stakes are much higher when lives are on the line, as opposed to just consumer brands. For this reason, Spend Matters applauds a bill introduced by Representative Frank Wolf that is designed “to put restrictions on the ability of those agencies to acquire IT systems that include components sourced to companies that are ‘owned, directed or subsidized’ by the Chinese government… the restrictions are designed to address risks posed by state-owned enterprises including Huawei and ZTE, which were alleged by the House Intelligence committee to be active in cyber-espionage, according to an influential report issued last October.”
Moreover, agencies such as NASA are taking additional steps to build multi-tier visibility into the source origin of lower-tier parts and components based on requirements of new legislation. Specifically, “agencies will need to set up databases of cleared products, and vendors will be pushed to document the provenance of components in the products they hope to sell to the government.” Curiously, many of the same technologies that can be used to document multi-tier visibility for Conflict Minerals can also be applied to the similar task of tracing country of origin in the case of concerns over cyber security. Yet one wonders what is the degree of automation that agencies and departments are currently or planning to leverage in these efforts.