Collaboration during team meeting

Reflections on the impact of COVID-19: CISA task force provides six recommendations to enable supply chain resiliency

The Cybersecurity and Infrastructure Security Agency (CISA), in close collaboration with its Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force[1] on Nov. 6, 2020, published a report examining critical shortfalls in the resilience of our nation’s supply chains stemming from the COVID-19 pandemic. The report, titled Building a More Resilient ICT Supply Chain: Lessons Learned during the COVID-19 Pandemic,” analyzes how companies were affected by balancing efficiency (and a reliance on lean inventory models) and resiliency (or the ability to maintain strong visibility and quickly shift sourcing, production and distribution) in their supply chain operations during the pandemic.

The impact of COVID-19

The task force surveyed 50 ICT companies, seeking to measure the impact on supply chain activities with a focus on how the disruption extended across inventory management, supply chain transparency and sourcing concentration. The make-up of the group surveyed included five companies “identified as Broadcasters, 34 as Communications Services Providers (CSP) and 11 as IT Service Providers (ITSP).”  The ICT SCRM Task Force identified three major issues made more difficult due to complications arising from the COVID-19 pandemic:

  1. Supply chain diversity/concentration risk: Companies with a reliance on a single source or geographic concentration in suppliers are more likely to struggle to adapt to a quickly changing environment.
  2. Reliance on lean inventory models: A reliance on just-in-time manufacturing (meant to drive operational efficiency) meant that supply chains lacked the necessary inventories of critical components and/or products to handle the disruption caused by the pandemic.
  3. Supply chain visibility: Companies that do not have visibility beyond their first-tier suppliers (to fourth and fifth parties) are less likely to be agile and maintain continuity during a disruption.   

ICT SCRM Task Force recommendations

In order to improve our nation’s supply chain resilience, the task force made six recommendations:

  1. Proactive risk classification: Companies should be proactive in classifying, analyzing and managing supply chain risks that arise from outside events and developments. From this analysis, they should look to create response strategies that will minimize disruptions within the supply chain.
  2. Map the corporate supply chain: Resilient organizations need to be able to map where and identify who their tier-one, tier-two and tier-three suppliers are. Companies should map out their own supply chain in order to identify the sources of critical inputs and the potential for disruption. This requires working with suppliers to create transparency upstream in the supply chain and to identify potential problems ahead of time.
  3. Broaden supplier network and regional footprint: Companies should look to broaden supplier networks and to diversify supplier options geographically. Companies can create more supply chain resiliency by using two or more suppliers and relying on lower-risk regions to supply raw materials and critical product components.
  4. Potential development of standardized mapping and other illumination tools: Companies should develop standardized approaches to mapping their supply chain in order to adequately identify and address problems with sub-tier suppliers, logistical bottlenecks and other critical issues.
  5. Work to hold buffer amounts of inventory: Companies should explore holding additional buffer inventory to create operational flexibility and combat uncertainty and potential disruptions within the supply chain.
  6. Plan alternatives in logistics and transportation: Companies should prepare for potential disruptions in transportation and logistics. They should have plans in place to react to different scenarios in which the normal supply chain channels are disrupted.


The COVID-19 pandemic, and the ever-changing business environment of 2020, have highlighted vulnerabilities in the supply chains of many companies. This has made supply chain risk management an increasingly important consideration – especially for those organizations delivering products and/or services to the federal agency customers. Federal contractors would be wise to note the insights from this report and the actionable solutions highlighted to enhance supply chain resiliency.

Additionally, the report may lead to changes in policy and regulation as the federal government considers how best to prepare for events that may challenge mission continuity in the future. These potential changes are important to monitor and prepare for in today’s ever-fluid business environment, which rewards firms that take a proactive approach. As always, Baker Tilly stands ready to help federal contractors address their supply chain risk management needs as they arise.

For more information on this and SCRM, or to learn how Baker Tilly specialists can help – please contact us.

[1]The ICT SCRM Task Force – sponsored by CISA’s National Risk Management Center (NRMC) – is the United States’ preeminent public-private supply chain risk management partnership, entrusted with the critical mission of identifying and developing consensus strategies that enhance ICT supply chain security. More information on the task force is available at: Note, the ICT SCRM Task Force is a partnership between the IT Sector Coordinating Council (, and the Communications Sector Coordinating Council (

Leo Alvarez
Jeff K. Clayton
Matt Gilbert
supply chain
Next up

Homeland Security Advisory Council recommends significant enhancements to DHS’ role in monitoring supply chain risk