Skip to content

Illustration by Security Management

Pandemic Lessons Learned: Supply Chain Resilience

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently released Building a More Resilient ICT Supply Chain: Lessons Learned During the COVID-19 Pandemic. The “ICT” refers to Information and Communication Technology, although the report is applicable to any organization with an extensive, global supply chain.

Following are the report's three main findings of ways supply chains were affected.

  1. The need for diversification has always been part of building and sustaining a supply chain—the manifestation of the chain/weakest link metaphor. Using multiple suppliers located in different regions helps keep a weak link from breaking the chain.
  2. Lean manufacturing, in which inventories are kept as low as practical, is great for maximizing profitability, but it is a real hindrance when supply lines suddenly become chaotic.
  3. The pandemic underscored the need for visibility into the extended supply chain. An organization’s executives may think their supply chain is unaffected, only to learn its suppliers’ suppliers are unable to deliver.


“The pandemic has been a wake-up call and companies, after assessing costs and benefits, may begin making shifts to their supply chains in order to reduce future risk,” CISA says in the report. “This may include moving in and out of certain regions, developing enhanced but practical approaches to risk mitigation, and diversifying supply sources. Given the global supply chain difficulties ICT companies are currently encountering because the virus adversely affects their ability to compress their cycle time, there are active policy discussions as to whether firms should be provided with various incentives to bring manufacturing home, closer to home, or to never leave in the first place.”

The report outlines six key recommendations resulting from these supply chain lessons learned during the pandemic:

Protective Risk Classification: Companies may consider deploying a systematic classification of risks, continually analyze developments and events that are happening around the world and undertake the development of a response strategy to improve supply chain resilience strategically.

Map the Corporate Supply Chain: ICT companies may want to develop a detailed map of junior-tier suppliers as a critical step to detect hidden relationships that impede adding resilience. After mapping upstream suppliers, purchasers of ICT products must also be aware of the production locations and financial stability of each participant in the value chain that supplies a critical component or constitutes a potential logistical bottleneck.

Broaden Supplier Network and Regional Footprint: To eliminate and reduce the risk of single source for raw materials or critical product components when possible, companies can increase resiliency and redundancy in their networks by dual sourcing supply from multiple or lower-risk regions.

Potential Development of Standardized Mapping and Other Illumination Tools: The IT and Communications sectors may thus benefit from the development of standardized approaches to supply chain mapping that would place appropriate focus on sub-tier suppliers or logistical bottlenecks that are most critical; would care for legitimate vendor concerns about being pressed to provide proprietary information; and would settle on common formats for providing maps and other information.

Work to Shift the Optimal Amounts of Inventory Held: ICT companies may want to explore holding more buffer inventories and also working with their suppliers to hold inventory at their warehouses, through a vendor-managed inventory system.

Plan Alternative in Logistics and Transportation: To reduce the impacts of transportation and logistics issues, ICT companies can engage in scenario planning for different types of events and map out the alternatives that can allow for the supply chain to be restored as efficiently as possible. To further assist in these efforts, companies can utilize technology platforms that provide realtime, blockchain visibility into available logistics capacity.


For more information on how COVID-19 affected supply chain security challenges, check out the October issue of Security Management