The Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force released an analysis report on the impact of COVID-19 on global supply chains.  Building A More Resilient ICT Supply Chain: Lessons Learned During The COVID-19 Pandemic examines how ICT supply chains have been logistically impacted by the pandemic and provides practical recommendations to increase supply chain resiliency from future risks.

The COVID-19 global pandemic caused profound disruptions to global supply chains, including those in the Information Technology (IT) and Communication sectors. In an effort to understand and document the disruptions, the Task Force formed the COVID-19 Impact Study Working Group which studied how key supply chain operational areas, such as inventory management, supply chain mapping/transparency, and supply chain diversity, were impacted by the shocks of the pandemic.  

Findings from the group identified three major stress points on ICT supply chains during the pandemic. It exposed how some manufacturing companies were unprepared because of their reliance on lean inventory models. It underscored the difficulties that companies faced in understanding who their junior tier suppliers are and where they are located. It also acknowledged the need for an approach that was already underway over the last six years: diversifying supply chains to a broader array of locations and away from single source/single region suppliers. Recommendations from the study include refining supply-chain risk-management approaches, mapping out detailed supply chains and developing standardized approaches to doing so, encouraging dual-sourcing from multiple or lower-risk regions, holding buffer inventories, and planning alternatives for potential transportation and logistical bottlenecks. 

“ICT products and services underpin almost every aspect of our economy and are essential to the national ability to respond to and recover from COVID-19,” said Bob Kolasky, CISA Assistant Director and ICT SCRM Task Force Co-Chair. “Our Task Force felt like it was important to learn lessons from the initial phase of the pandemic and make those available so that ICT companies could evaluate ways to enhance their supply chain resilience.  Effective risk management depends on supply chain visibility, proactive planning and being willing to make risk-informed investments.  By preparing for contingency scenarios on supply chains, businesses and government can ensure continuity of critical functions.” 

“This report on the impact of COVID-19 on the global ICT supply chain further underscores the unique challenges companies face when transparency into supplier dependencies is not entirely clear,” said Robert Mayer, Senior Vice President of Cybersecurity and Innovation at USTelecom and ICT SCRM Task Force Co-Chair. “The economic benefits of lean inventory models in a ‘business-as-usual’ environment fade significantly when a major pandemic-like disruption occurs. The task force partnership with industry and government is committed to striking the right balance between the cost of greater security and resilience and global competitive economic pressures. We’re proud of our first-of-its-kind public private partnership and making important strides in overall supply chain risk management.”

“The COVID-19 pandemic has highlighted the indispensable role that ICT products, services, and components play in supporting the economy and keeping citizens connected, including facilitating health care services through telemedicine, allowing employees to work remotely, keeping students engaged through remote learning, and enabling critical infrastructure through secure networks, data centers and cloud services,” said John Miller, Senior Vice President of Policy and Senior Counsel at ITI and ICT SCRM Task Force Co-Chair. “The Task Force seized the opportunity to examine how the pandemic impacted the complex global ICT supply chains that underpin these innovations, yielding key insights including to affirm the importance of supply chain diversity to managing these risks, and again reinforcing the value of the Task Force as a nimble and effective public-private partnership.”

Moving forward, the task force will aim to highlight these recommendations, and others made over the past two years with the goal of securing the ICT supply chain. With the interconnectedness between the sectors and the scale of supply chain risks faced by both government and industry, private-public coordination is essential to enhance the ICT supply chain resilience.