Management

Addressing Supply Chain Constraints and Security in a Time of Crisis

State and local agencies must take advantage of this moment to enhance supply chain resiliency.

In his role as Senior Business Development Strategist and Public Safety Senior Strategist, Houston Thomas III manages the architect and engineering process for large-scale integration projects involving public safety agencies. He provides subject matter expertise to CDW•G law enforcement customers with respect to digital intelligence and evidence management.

The coronavirus pandemic has disrupted supply chains around the world for a wide range of goods, including electronics and other crucial pieces of IT equipment. What makes these disruptions even more complex is that they have come at a time when there is a surging demand due to large numbers of government and private sector teleworkers.

Although the current situation is undoubtedly causing stress for procurement officials and IT leaders, it gives state and local governments an opportunity to reset their IT supply chain visibility and security policies.

Although government agencies likely have been able to get critically needed equipment through emergency contracts and expedited purchase orders, now is the time to do some longer-term planning, as it is unclear how long the current unsettled nature of supply chains will last.

State and local agencies should think through innovative strategies to get greater visibility and flexibility into their IT supply chains. They should also refocus their attention on supply chain security, since those concerns are not going away any time soon.

Shipments of Laptops and Servers Are Delayed

According to research firm NPD, the shift to telework has led to a surge in electronics sales. As users started to work remotely due to stay-at-home orders, there was a predictable rise in peripherals sales; computer monitor sales almost doubled to 80,000 units during the first two weeks of March, while mouse, keyboard and notebook PC sales jumped 10 percent.

However, there have since been reports of hiccups in the supply chain, and there are now clear shortages of laptops and other IT gear thanks to both increased demand and the fallout from initial closure of factories in China early in the pandemic.

“The lead time to order new IT hardware keeps moving to the right, whether it’s employee laptops, networking gear, servers or otherwise,” IBM CIO Fletcher Previn tells The Wall Street Journal.

Mikako Kitagawa, a director analyst at research firm Gartner, tells the Journal there are delays in getting gear to the U.S. due to restrictions on commercial flights from China. That has pushed out the expected delivery of enterprise laptop orders.

“They’re built, they’re sitting on the docks in China. But getting them here has been a challenge. These are from PC and server companies, across the board. The biggest issue is shipping stuff right now, especially out of Asia,” Jim McGregor, principal analyst at research firm TIRIAS, tells the Journal.

Time to Think About Supply Chain Visibility and Security

While it is clear that supply chain disruptions are affecting the ability of agencies and other organizations to get badly needed IT equipment, the situation is forcing some changes.

In April, UPS Supply Chain Solutions announced warehouse network technology designed to make distribution centers smarter and more efficient.

The company’s Warehouse Execution System will “enable faster order intake and fulfillment to ensure that customers, especially those with fluctuating order patterns, receive their products on time.”

The new system enables UPS to “define specific customer requirements to ensure highest priority orders are worked first without manual intervention, resulting in more than 50% productivity gains for some customers,” according to a press release. WES real-time monitoring of capacity, fulfillment requirements, backlogs and labor status lets UPS identify and resolve potential disruptions before they arise.

Agencies should work with partners such as UPS, their suppliers and software companies to get more real-time visibility into their supply chains. Without that visibility, it will be very difficult for procurement officials and their IT decision-making partners at agencies to plan for incoming shipments and decide when more supplies are needed.

Security is also paramount. Now is a good time to brush up on and further implement recommendations from the National Institute of Standards and Technology on cyber supply chain risk management.

Risks come from a variety of sources, NIST notes, including third-party service providers’ physical or virtual access to information systems, software or intellectual property; poor information security practices at lower-tier suppliers; compromised software or hardware purchased from suppliers; and software security vulnerabilities in supply chain management or supplier systems.

Some of the best practices NIST recommends agencies embrace include ensuring security requirements are included in every request for proposal and contract; having a security team work onsite with any new vendor to address any vulnerabilities or security gaps; and a “one strike and you’re out” policy regarding vendor products that are either counterfeit or do not meet specifications.

Others include tightly controlled component purchases, secure software lifecycle development programs and training for all engineers in the product lifecycle, and a security handshake between software and hardware in which a secure booting process looks for authentication codes and will not boot if the codes are not recognized.

The current supply chain disruptions are troublesome and causing disorder at a time when state and local governments need to be agile in response to the public health crisis. However, that does not mean interruptions should be a cause for inaction.

Agencies need to address supply chain visibility and security so they can get through the current crisis and make their IT supply chains more resilient and secure in the years to come.

This article is part of StateTech's CITizen blog series. Please join the discussion on Twitter by using the #StateLocalIT hashtag.