Building Supply Chain Resilience

"Innovation for Resilience: A New Framework for Security" is a series of articles from the Center for Strategic and International Studies (CSIS). This initiative is a partnership between CSIS's Diversity and Leadership in International Affairs Program, Energy Security and Climate Change Program, International Security Program, and Strategic Technologies Program.


In late 2021, global supply chains were stretched to breaking point. A British parliamentary committee found that an average of one in six adults in Great Britain experienced essential food shortages in late October and 37 percent struggled to get fuel. Two months earlier, a survey found that business stock levels were the lowest they had been since 1983.

Around the same time, the port of Los Angeles was in the middle of a crisis. Ships were lined up for miles, unable to move products through the bottleneck at the port. The port’s executive director said the port had the capability to run 24 hours a day, but a shortage of truck drivers and nighttime warehouse workers prevented a nonstop schedule. He cited the tremendous challenge of getting “this entire orchestra of supply chain players to get on the same calendar.”

The Covid-19 pandemic brought the fragility of global supply chains into stark relief. A complex system of producers and suppliers collapsed under the weight of high demand, just-in-time delivery, workforce shortages, and low supply. Producers over-indexed on efficiency in production and did not build enough buffer to anticipate disrupted global trade. Even the defense industrial base was not able to withstand the shocks. The Ukraine war exacerbated the situation, highlighting single-threaded suppliers and foreign control of key elements.

Shocks will never be completely foreseeable or preventable. Instead, government and industry should focus on resilience, or maximizing quick recovery from disruptions. The White House’s Executive Order on Supply Chain Security (EO 14107) said “more resilient supply chains are secure and diverse—facilitating greater domestic production, a range of supply, built-in redundancies, adequate stockpiles, safe and secure digital networks, and a world-class American manufacturing base and workforce.” In operational terms, a resilient supply chain identifies critical nodes, anticipates likely disruptions to minimize strategic surprise, creates buffers or alternatives for those nodes, and adjusts to recover quickly from a disruption. 

Supply Chain Challenges

A supply chain crisis is not any one problem; instead, it results from a combination of poor visibility that hampers planning, a narrowing of a pipeline that creates focused risk, and then a shock that throws the system off the rails.

Poor Visibility into a Deep Supply Chain

Visibility risk is at the core of supply chain vulnerability. Without complete insight into the spreading web of suppliers, there is always a risk that an unforeseen disruption will derail production. However, modern supply chains have so many layers that constrained time and research resources prevent full visibility. 

Prime suppliers often trust that their subcontractors are monitoring their own supply chain, when sometimes critical components slip through the cracks. Companies may not know when an adversary or competitor acquires a sub-subcontractor, or the chain of custody for a critical widget might be obscured. The Department of Defense (DOD) suffers from this problem much like any other consumer. DOD relies on contracts with prime contractors and expects those primes to manage their own supply chains, but too often that has proven to be a misplaced trust. 

While DOD once conducted its own supply chain security evaluations, that capability has atrophied over time as Congress sought to shift the burden onto contractors to verify their own work. As a result, DOD officials are now grappling with how to evaluate layered risk. One interviewee said that there are excellent software tools that can map the many layers of the supply chain, but none of those tools describe the capacity of production within each production line or identify which systems use the same sub-tier suppliers. In other words, if Prime Contractor A understands their supply chain, and Prime Contractor B understands their supply chain, but A and B are unaware they are both drawing on Subcontractor C, the capacity and resilience of the supply chain is actually more fragile than A and B might assume. 

Rules designed to protect proprietary information also contribute to blind spots in the supply chain, according to our interviews. Each prime should rightfully expect their intellectual property (IP) to be protected, but that protection obscures information relevant for risk assessments and restricts some data from access. For example, to populate supply chain management tools, DOD needs to get approval from each contractor to access proprietary data. Further, DOD cannot use contractors to pull together this data, because that might open the door to industrial espionage, leading to workforce shortages.

Narrow Pipeline Creates Focused Risk

Focused risk happens when a supply chain narrows to a single source or single location that can be disabled by a shock event. For example, a critical facility or transportation route could be in the path of a tsunami, terrorist violence could imperil a key rail line, political instability could displace a workforce, or a public health emergency could lead to an extended lockdown. 

Foreign dependence aggravates focused risk in supply chains, with Taiwan’s near-monopoly on advanced semiconductors being a prime example of concentrated risk. A conflict over Taiwan would cut off global access to about 90 percent of high-end semiconductors. Any conflict in the Pacific would lead to massive disruptions to a range of supplies; China controls 87 percent of the market for permanent magnets, which are used in the manufacturing of electric vehicle motors, electronics, wind turbines, and defense systems. The United States is still dependent on China for rare earth and other minerals, critical to goods from consumer electronics to weapons systems.

Shocks Happen

The diagram below is far from a comprehensive list of shocks, but it illustrates some of the most common causes for supply chain disruptions. 

Getting to True Resilience

A mindset of resilience means assuming disruptions will occur and planning for a rapid recovery to acceptable functionality. 

Entities should approach resilience in three steps: First, improve visibility to minimize blind spots in the supply chain. Second, identify potential shocks and evaluate which ones are most likely and most disruptive. Third, create contingency plans and buffers for the most critical, vulnerable portions of the supply chain. 

Step 1: Improve visibility to minimize surprise.

Maximizing visibility into supply chains should always be the goal. The DOD should step up its staff resources to improve visibility into critical defense supply chains. Further, this staff should build resilience by identifying gaps and working to match those gaps to nontraditional suppliers.

When engaging in evaluation of supply chains, entities should put a premium on constructing a diverse team of analysts. Geographic diversity, socioeconomic diversity, and racial and gender diversity on a team can contribute to fewer blind spots. For example, a person whose family includes truck drivers and Midwesterners might understand transportation during extreme weather better than most. Immigrants and children of immigrants might provide critical insights into seasonal labor concerns and visa challenges. Assembling a team that represents a diverse set of disciplines has repeatedly been shown to result in better outcomes.

Entities should focus on predicting and extending the lifespan of critical components to minimize urgent need. “Digital twins”—or virtual representations of real-world objects that mirror the environment and stresses on the object are increasingly becoming the go-to industrial approach to accurately predict the operational lifespan of products to anticipate the demand cycle.

Step 2: Identify potential shocks.

Entities should identify single points of failure or places where the supply chain narrows to criticality. Evaluating each critical piece for threats, like risk of environmental shock or workforce scarcity, in a rigorous way can then inform scenarios analysis and crisis production plans. Part of that rigor is a diverse team doing the analysis.

The U.S. government has a role to play both anticipating potential security shocks and facilitating information sharing. The Committee on Foreign Investment in the United States needs to keep evolving to identify potential threats early and create a robust support structure for industry. Further, the United States should use existing regulatory authorities and industry groups to encourage critical infrastructure providers to conduct an in-depth, rigorous analysis of potential shocks to their systems and the challenges for recovery.

Creating a diverse workforce and talent pipeline can insulate against labor shifts. The DOD has attempted to create geographic diversity in its pipeline, and industry is working on ways to cultivate both a cleared and uncleared workforce for added diversity. Getting a security clearance can be time consuming and a large hurdle, eliminating some potentially talented candidates who could contribute at the unclassified level. The creation of apprenticeships and embedded trade schools can also facilitate a strong pipeline of certain key skills. Some entities are creating intentional pathways to underserved communities, like the National-Geospatial Intelligence Agency’s initiatives to collaborate with the local community surrounding its new facility in North St. Louis. 

Step 3: Create buffers and contingencies.

The simple act of rigorous evaluation and contingency planning can lay bare a previously unconsidered problem. Taking the next step to create buffers for key nodes in a supply chain can shift an event from a catastrophic shock into a temporary disruption.  

Digital Seed Bank

A database of information, which one participant described as a public-private digital seed bank, could stockpile plans for creating critical components. In a crisis, when current supplies cannot meet sudden and urgent demand, the government can match those plans with companies who might be well suited to shift production lines to meet the dire need. Critically, participating companies would need reassurances about protection of IP or compensation for its use. 

Vendor Diversification

A vendor chain that builds in diversity will more effectively create resilience. Vendors that cover several geographic areas are insulated against environmental or security shocks; vendors that represent a variety of backgrounds and experiences will be better able to identify and anticipate developments. Entities should place a high value on a diverse supply chain as a hedge against shocks. DOD is already working to bring in new entrants to the DOD contracting market to improve diversity and innovation, but more can be done. For example, DOD’s strict requirements and complicated contracting processes can be a barrier to entry for smaller businesses, so elements of the department are working with potential contractors to discover the biggest cost drivers and adjust or eliminate them. Since the economic incentives that pushed production of key parts overseas still exist, DOD is also looking for ways to incentivize onshoring or friend-shoring using existing regulatory authority.

Strategic Stockpiling

While big pieces of equipment are impractical to stockpile, the most critical, or most likely to break, components of those pieces could be stored. For example, rather than store an entire generator, utilities can store the elements of their existing generators that are most prone to failure. Additive manufacturing can be a flexible and cost-effective alternative for some parts, providing a bridge capacity for creating those critical parts until regular supply chain mechanisms have recovered.

Create a Diversified Workforce Pipeline

Government should create a national imperative for bolstering industrial skills, such as encouraging trade apprenticeships; Industry could partner with unions, which have proven proficient at retraining and upskilling. In order to sustain their diversified workforce, companies also need to take steps to promote inclusivity. Social inequality presents an underlying challenge both to creating a robust pipeline into the defense industry and to growing a diverse array of potential suppliers.

Nearshoring and Friend-Shoring

Companies should carefully evaluate which key parts need to be located within friendly territory, for reasons ranging from counterintelligence concerns to human rights violations to a dependable justice system for resolving disputes. Coordinating with allies and partners for secure manufacturing of precursors is critical. The G7 could be a vehicle for this coordination, given its flexibility, decades of experience working through economic challenges, includes key U.S. allies, and high-level coordination mechanisms. As one workshop participant said, “The challenge in operational resilience is fundamentally an international game.”


As the conversation on supply chains builds renewed urgency, EO 14017 has laid a solid foundation for continued steps toward resilience. The 100-day follow-on report to EO 14017 said “America’s approach to resilient supply chains must build on our nation’s greatest strengths—our unrivaled innovation ecosystem, our people, our vast ethnic, racial, and regional diversity, our small and medium-sized businesses, and our strong relationships with allies and partners who share our values.” Innovation drawing on these strengths is the surest path to true resilience.

Emily Harding is the deputy director and senior fellow with the International Security Program at the Center for Strategic and International Studies (CSIS) in Washington, D.C. Harshana Ghoorhoo is a research assistant with the CSIS International Security Program.

This project is made possible by the generous support of the Deloitte Consulting LLP.

Emily Harding
Director, Intelligence, National Security, and Technology Program and Deputy Director, International Security Program
Harshana Ghoorhoo

Harshana Ghoorhoo

Former Research Assistant, International Security Program