Worrying about Supply Chain Security

How often do you look at the "made in" label on the equipment you buy?  A glance across my desk says that my Apple iPhone was made in China, my Casio calculator was made in China, and even the Rexel stapler was made in China!  In fact the only thing I can find on my desk that wasn't made in China is a tube of toothpaste, and that was made in Mexico.

Didn't we get over the "red menace" and "yellow peril" in the 1960s?  Apparently not.  But before we plumb the depths of paranoia and xenophobia which are bubbling beneath the surface of supply chain security, perhaps it's worth thinking in a little more detail about what we really mean.

Security is the conservation of confidentiality, integrity and availability.

Traditional supply chain security concerns have been availability issues - can we get the parts that we need when we need them.  We dealt with this by using multiple suppliers, understanding lead time, and holding stock.  Nothing has changed here.

Once availability was addressed, we moved to integrity issues - are the quality of the stock we receive good enough for our purposes.  We dealt with this by over-ordering and batch testing.  Nothing has changed here.

Finally once everything else was working smoothly, we moved to confidentiality issues - are our suppliers stealing our intellectual property.  We dealt with this by contracts and wishing really hard.  Nothing has changed here either.

There is a reason that everything is made in China, and that is money.  It's much cheaper to produce goods there than here - for any definition of "here" that involves the first world.  That reduction in price came at a cost - the cost of control.

But this hasn't addressed the first question: should we be worried about supply chain security?  Of course we should, we always have, and we've always found mitigating controls to manage the risk.  That isn't any different today.

If you don't like that your equipment is manufactured overseas, then create a local manufacturing industry.

If you worry that your suppliers are stealing your intellectual property, apply rigorous audits, and take the work elsewhere if they break the rules.  Remember they also have a profit motive.

This really is a first world problem.  We created it by outsourcing.  Now we get to live with the consequences of our choices.

Phil Kernick Chief Technology Officer
@philkernick www.cqr.com