Creating Resilient Supply Chains Requires a ‘Security’ Mindset

It is no longer sufficient to design supply chains that are timely and cost-effective. As we learned over the past two years, resilience is paramount and making supply chains resilient demands a new management paradigm.  Lessons learned from organizations that provide security may offer such a model. One of the most effective models to compare in this context is air travel and how the Transportation Security Administration (TSA) conducts airport security because how it centers on providing security to the human supply chain.

The TSA implements many layers of security measures to keep the air system safe for all travelers and to fulfill its mission, namely, “Protect the nation’s transportation systems to ensure freedom of movement for people and commerce.”  Though the TSA is frequently maligned for requiring people to take off their shoes and confiscating harmless tubes of toothpaste, the most effective security layers they use are either invisible to travelers or occur before travelers get to the airport.  They include vetting each traveler’s information before their flight, canine and law enforcement patrols at airports, and supplying air marshals on flights.  A combination of visible and hidden layers provides valuable tools to keep bad actors from approaching the airport, or ideally, even preventing them from considering an attack in the first place.

These layers are designed to achieve four objectives that ensure security: deter, detect, mitigate, and recover.  Can the same principles of airport security layering be used to improve supply chains?

Securing a supply chain means that disruptions, either internal or external, are managed to preserve the integrity of the supply chain so that it continues to function, ideally at peak performance. So, what would each layer look like when applied to the supply chain?  The four objectives that capture security provide the answers.

Deter:  The best security breach is the one that never occurs.  For supply chains, this means satisfying the needs of suppliers and shippers so that your supply chain remains their top priority.  This may involve financial incentives and similar financial payments, which are expensive.  It also provides an effective way to keep suppliers operating and supply chains intact.

Detect: If a security breach occurs, rapid detection is key.  For supply chains, this means monitoring and using sensors to detect abnormalities and instituting maintenance programs to avoid breakdowns.  This is more than just watching links crack and break.  It is about maintaining every facet of supply chain links so that when operations begin to erode, even before production suffers, action can be taken to restore the link before damage occurs.  Once again, this is expensive, but critical to prevent supply chain disruptions from growing out of control.

Mitigate:  If a security breach occurs, mitigating its damage is critical.  For supply chains, once a link fails, the challenge is minimizing the damage that it inflicts across the entire chain.  A layer that can mitigate damage is higher levels of inventory, which are expensive and which most supply chains seek to avoid.  An equivalent alternative is expanding suppliers at each link, which is also likely to increase costs.

Recover: Once a security breach has occurred and damage has been inflicted, rapid recovery is key.  For supply chains, restoring damaged links demands communication with all stakeholders to regain confidence.  The delicate balance between cooperation across all facets of the supply chain, including competitors, means that profits may suffer.  Much like how the TSA keeps its focus on the passenger experience, supply chains must keep their focus on meeting the demands of customers and the needs of their suppliers at every link.

 The TSA’s job of screening over two million passengers every day to protect the air system is akin to searching for needles in haystacks, with most haystacks not containing any needles.  Supply chain disruptions occur far more frequently, with most absorbed so customers rarely are aware of any problems.

The COVID19 pandemic has changed that, by simultaneously stretching so many supply chain links that output shortages were exposed. Could all these ‘security’ layers have averted such shortages?  Likely not. What layers could have done is provided greater warning of impending shortages.  Much like canaries in a mineshaft, layers would have signaled impending problems even before shortages became apparent.

The problem with these layers is that they contradict how supply chain efficiency is achieved.  Airport security certainly has costs, but the driving goal is keeping the air system safe and minimizing passenger inconvenience.  Supply chains focus on keeping costs down and minimizing customer inconvenience.  This misalignment shines a bright light on why supply chains will always be vulnerable to disruptions.

Moving forward, the number of disruptions that the supply chain experienced during the COVID 19 pandemic may never occur again.  However, the same principles of security layers can be applied to deter, detect, mitigate, and recover from such disruptions.

Supply chain disruptions do not pose a security threat like explosives pose to the air system.  Yet they pose an economic and societal threat that cannot be ignored.  Treating supply chain disruptions like security threats may provide tools to keep supply chains operating and products available.  The challenge is assessing whether the added costs are worth the risk reduction that will be achieved.