Content uploaded by Shaughnn Raschid Muller
Author content
All content in this area was uploaded by Shaughnn Raschid Muller on Oct 16, 2023
Content may be subject to copyright.
199
Copyright © 2023, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Chapter 12
DOI: 10.4018/979-8-3693-1634-4.ch012
ABSTRACT
Cyber threats have become a major concern in today’s world. As the United States Department of Defense
(DoD) increasingly relies on the military supply chain systems to support the operations of their military
forces, cyber threats have the potential to cause significant damage. These systems are responsible for the
transportation, storage, and distribution of materials and equipment from the supplier to the end user,
which includes both military personnel and civilian personnel. It is also responsible for the acquisition,
maintenance, and disposal of materials and equipment. The purpose of this chapter is to examine the
critical cyber threats posed to the DoD military supply chain systems and provide recommendations to
address them.
INTRODUCTION
The military supply chain is integral to any military operation (D’Mello & Sharman, 2018). It is respon-
sible for procuring, storing, and delivering supplies and equipment to the right place, at the right time,
and in the right quantities (Bajwa, 2016). The military supply chain is complex, dynamic, and subject
to numerous risks. Cyber threats to the military have become increasingly prominent over the past de-
cade (Feng, 2019). Cyber-attacks can target any military area, from its communications networks and
weapons systems to its personnel and critical infrastructure (US Department of Defense, 2017). Several
Examining Security Awareness
Lapses and Critical Cyber
Threats Against the
Department of Defense Military
Supply Chain Systems
S. Raschid Muller
https://orcid.org/0000-0002-1742-7575
University of Maryland Global Campus, USA
200
Security Lapses and Cyber Threats Against Military Supply Chain Systems
identified Nation states, criminal organizations, and terrorist groups are potential sources of cyber-attacks
against military systems (Chu, 2019). In recent years, Russia and China identify as significant actors in
cyber espionage against the United States (US Department of Defense, 2017). Criminal organizations
are also a significant threat, with their activities ranging from the theft of sensitive data to the disruption
of operations (Dudley, 2019). Several terrorist groups have engaged in cyber-attacks against the US to
disrupt operations, causing panic and confusion (US Department of Defense, 2018).
The consequences of these threats can range from the disruption of operations and the loss of sensi-
tive data to the destruction of critical infrastructure and the loss of life (US Department of Defense,
2017). Cyber-attacks seek access to sensitive information that could be used to gain an advantage on
the battlefield (Chu, 2019). They can also disrupt operations and communications networks, potentially
causing significant delays and disruption to military operations (US Department of Defense, 2017).
In extreme cases, cyber-attacks can cause physical damage and destruction, such as the Stuxnet attack
against Iranian nuclear facilities in 2010 (Langner, 2014).
In order to protect against these threats, the military must remain vigilant in its efforts to identify,
prevent, and respond to cyber threats, which includes developing and implementing effective policies
and procedures to protect against cyber-attacks and monitoring networks and systems for suspicious
activity (US Department of Defense, 2017). The military must also train personnel on cybersecurity
measures, such as secure password management and data storage (US Department of Defense, 2018).
Additionally, the military must be prepared to respond to cyber threats by developing and maintaining
an effective incident response plan (US Department of Defense, 2017). This paper provides an overview
of the military supply chain, including the main elements and processes and the supply chain risks. It
further discusses the role of logistics in military supply chains and the application of lean principles to
the military supply chain. Finally, it examines the importance of supply chain security and resilience to
the success of military operations.
Significance of the Study
The DoD’s military supply chain systems are essential to the United States defense capabilities (Chu,
2019). The threat of disruption or compromise of these systems is a serious concern for the DoD. If these
systems are compromised, critical supply chain operations could be disrupted, significantly disrupting
the DoD’s ability to operate. This could significantly impact national security and the United States’
ability to respond to foreign and domestic threats. Therefore, understanding the critical cyber threats
facing the DoD’s military supply chain systems is essential to the DoD’s ability to protect and defend
the United States.
Methodology
In order to examine the critical cyber threats facing the DoD’s military supply chain systems, a review
of the literature was conducted. The literature review focused on scholarly articles, reports, and other
sources that addressed the topic of critical cyber threats against the DoD’s military supply chain systems.
Key search terms included: cyber threats, cyber-defense, military supply chains, Department of Defense,
hacking, information systems, software assurance, and nation-state actors. The databases and their hosts
(shown in parentheses) included PEW Research, ABI Inform Complete (ProQuest), ResearchGate,
Academia.edu, Business Source Premier (EBSCO), Google Scholar, ACM Digital Library, European
201
Security Lapses and Cyber Threats Against Military Supply Chain Systems
Reference Index for the Humanities and Social Sciences (ERIH), Baidu Scholar, and DOAJ (Directory
of Open Access Journals).
General Problem Statement
Cyber awareness lapses assume leadership is lacking during cyber threats to the DoD supply chain (So-
dhi et al., 2021; Muller, 2020). In 2020, Sunburst malware infected thousands of private networks. The
US government agencies led some spectators to embrace frantic views of the event as the first step in
the full-fledged cyber war. Sunburst intelligence operations will likely continue for a while, but it was
not an act of war (Sodhi et al., 2021). The compromise of many federal and high-value private-sector
networks yielded valuable information. This information provided access to more disruptive attacks,
such as introducing deletion, disinformation, and suspicious alteration of data. While there is no public
evidence of these attacks on targeted networks, all indications suggest this was a successful penetration
of US government information systems (Sodhi et al., 2021).
People rely on software such as cloud computing behind an email service, a new fifth-generation
(5G) telecommunications distribution, and the system that observes a distant oil rig. Software is an
indispensable and widespread component of modern society (Herr et al., 2020). Unlike basic systems,
the software is progressive. It depends on continual revisions from areas and updates to address secu-
rity shortcomings and susceptibilities and to make practical improvements (Herr et al., 2020). Ongoing
upkeep leaves software supply chains time-consuming, problematic, and continuous flexibility causing
substantial risks for worldwide organizations (Herr et al., 2020).
Despite warnings from critical security community members and increased attention to supply-chain
security, the software has primarily taken a backseat to hardware, especially 5G, in policy debates over
supply-chain security (Seals, 2019). One of the top security challenges of mobile networks is software
production within 5G networks. It fundamentally differs from prior wireless networks because they are
mainly software-defined and virtualized (Seals, 2019). Historically known in hardware, network functions
become virtual software capabilities in 5G, all organized via a flexible software control plane. Even the
air interfaces in the radio access network are software-defined in 5G (Seals, 2019).
Specific Problem Statement
The research suggested that cyber threats are growing exponentially against targeted information systems.
Unfortunately, cybersecurity awareness lapses when addressing cyber threats to the DoD supply chain
supported by the same targeted systems. Cybersecurity is an issue consumers, executive management,
and the board of directors take for granted, but INFOSEC analysts do not (Dempsey & Rosenquist, 2015;
Muller & Burrell, 2022). INFOSEC analysts work daily to protect systems from attack and have been
quite effective for many years (Muller & Lind, 2020). However, cyber threats are much more severe
than ever and growing in frequency and severity. Everyone should consider cybersecurity, whether in
an employee’s personal or employer’s professional life (Dempsey & Rosenquist, 2015).
What worked many years ago must be revised to protect companies in the present and future. First,
what has changed are the technology platforms that are more colossal targets than ever, given the breadth
of items controlled (Dempsey & Rosenquist, 2015). Second, the amount and value of the data produced
and stored have grown advantageously for criminals. Third, the world’s interconnectedness makes it
easier for people to steal and disrupt (Dempsey & Rosenquist, 2015). Finally, perpetrators are more so-
202
Security Lapses and Cyber Threats Against Military Supply Chain Systems
phisticated, better organized, better funded, and more challenging to catch and bring to justice (Dempsey
& Rosenquist, 2015). This research aims to report on security awareness lapses that leadership takes
for granted when addressing cyber threats to the DoD supply chain. Additionally, this research aims to
inform the supply chain community of the impacts of cybersecurity’s lack of awareness on its overall
effect on business continuity.
Definitions
Covered defense information. Covered defense information means all information that controls contact,
usage, facsimile, conversion, execution, presentation, release, disclosure, or distribution (CUI Registry,
2017).
Critical cybersecurity threats. Critical cybersecurity threats are any malicious activity or attack that
could compromise confidential data or disrupt a system or network (McKee, 2020).
Critical goods and materials. Critical goods and materials mean goods and raw materials currently
defined under statute or regulation as necessary materials, technologies, or infrastructure (Biden, 2021).
Materiel distribution. Materiel distribution means an amount that results in a distribution to an un-
classified or classified claim equal to or above 5% of such allowed claim (i.e., equipment, apparatus,
and supplies used by an organization or institution; Leary, 2020).
MITRE ATT&CK. MITRE ATT&CK means Adversarial Tactics, Techniques, and Common Knowl-
edge. This framework serves as a knowledge-base model for cyber adversary behavior and reflects several
phases of an adversary’s attack lifecycle (MITRE, 2021).
Supply chain. A supply chain includes a network of individuals, organizations, activities, resources,
and technology used to create and sell products from manufacturing companies to delivery to consum-
ers (Lutkevich, 2022).
Supply chain attack. A supply chain attack happens when someone infiltrates a company’s system
through an outside provider with access to the systems and data (Korolov, 2021).
Supply chain risk management. Supply chain risk management (SCRM) addresses the threats and
weaknesses of commercially acquired information and communications technologies within and used
by government information and weapon systems (MITRE, 2021).
LITERATURE REVIEW
Elements of Military Supply Chains
The main elements of a military supply chain are procurement, storage, and transportation (Feng,
2019). Procurement involves the acquisition of supplies and equipment from external sources. Storage
includes the warehousing of supplies and equipment and the management of inventory (Feng, 2019).
Transportation involves physically moving supplies and equipment from one location to another (Feng,
2019). These elements are interconnected and interdependent. For example, the availability of supplies
is affected by transportation delays, while transportation capacity can be limited by storage capacity
(Mavros, Heijman, & van der Vorst, 2018).
Several processes support the military supply chain. These include demand forecasting, procurement
and contracting, inventory management, logistics support, and risk management (Smith, 2021).
203
Security Lapses and Cyber Threats Against Military Supply Chain Systems
• Demand forecasting involves the estimation of future demand for supplies and equipment.
• Procurement and contracting involve acquiring supplies and equipment from external sources.
• Inventory management involves the tracking and control of inventory levels.
• Logistics support involves managing the physical movement of supplies and equipment.
• Risk management involves identifying, assessing, and mitigating supply chain risks.
The military supply chain is subject to several risks. These include operational risks, such as trans-
portation delays and inventory shortages (Newman, 2018). There are also financial risks, such as cost
overruns and budget constraints (Newman, 2018). Finally, there are compliance risks, such as export
control and environmental regulations. Supply chain risks can significantly impact the success of mili-
tary operations (Newman, 2018). For example, an inventory shortage can delay the delivery of supplies,
while a cost overrun can lead to budget constraints.
Logistics also plays an important role in military supply chains, which involves the planning, execu-
tion, and control of the physical movement of supplies and equipment (Feng, 2019). Logistics support
includes the management of transportation, warehousing, inventory, and packaging (Feng, 2019). It
also involves coordinating the various elements of the supply chain, such as procurement, storage, and
transportation, and is essential for the efficient and effective operation of the military supply chain
(Feng, 2019). Lastly, Kumar & Kumar (2020) stated that lean manufacturing principles also apply to
the military supply chain, which focuses on eliminating waste, optimizing processes, reducing costs,
and improving efficiency.
Cyber Attacks Against the U.S. Supply Chain
Most commercial, social, economic, governmental, and cultural activities occur in cyberspace and are
susceptible to cyber-attacks (Li & Liu, 2021). Li and Liu surveyed and reviewed the proposed method’s
weaknesses and strengths of cyber security advances. Many private companies and government orga-
nizations worldwide are facing the problem of cyber-attacks and the danger of wireless communication
technologies (Li & Liu, 2021). The world depends on electronic technology, and protecting data from
cyber-attacks is challenging. The purpose of cyber-attacks is to harm companies financially (Li & Liu,
2021). However, in some other cases, cyber-attacks can have military or political purposes. Some of
these damages are personal computer viruses, knowledge breaks, data distribution services (DDS), and
other assault vectors. To this end, various organizations use various solutions to prevent damage caused
by cyber-attacks (Li & Liu, 2021).
Global supply chains face many risks, however, few structured and systematic approaches exist to
assess supply chain risks. Manuj and Mentzer (2011) investigated logistics, supply chain management,
operations management, strategy, and international business to develop a global supply chain risk
management (SCRM) model. In addition, cybersecurity is not simply a corporate concern but a supply
chain issue (Manuj & Mentzer, 2011). This third report explored the US Department of Defense (DoD)
supply chain responses to the recent Defense Federal Acquisition Regulations Supplement (DFARS)
requirement. Findings showed that supply chain cybersecurity is critical, but the weakest link is small
to medium-sized firms in the supply chain (Melnyk et al., 2018).
In today’s environment, cybersecurity is imperative where innovation and responsiveness are critical
performance requirements, and digital is becoming increasingly important (Melnyk et al., 2018). More
often than not, cybersecurity is a corporate and information technology (IT) concern. Nevertheless,
204
Security Lapses and Cyber Threats Against Military Supply Chain Systems
Melnyk views the concern as narrow and limited. Another cybersecurity concern is supply chains that
address all facets of a company’s business. Appropriate cybersecurity levels involve the new DFARS
requirement to ensure its safety (Melnyk et al., 2018) with some resistance. Melnyk et al. explored how
members of the DoD supply chain respond to this requirement and cybersecurity. In this third article,
the analysis and recommendations are critical to act upon within the DoD supply chain that operates
with IT and intellectual property (IP; Melnyk et al., 2018).
Ghadge et al. (2012) examined supply chain risk management (SCRM) from universal systems by
considering evolved typologies. Those researchers identified critical strategic changes in the field and
outlined future requirements and research opportunities in SCRM (Ghadge et al., 2012). Earlier research
findings from the systematic literature review (SLR) methodology strengthened the cross-validation
against the results obtained from a related text mining activity (Ghadge et al., 2012). The SLR method-
ology provided a complete, impartial view of the advances of SCRM. As a result, significant research
areas were multi‐viewpoints, explanatory, and thematic data analysis (Ghadge et al., 2012). In addition,
Ghadge et al.’s study indicated a growth of SCRM from the beginning to a longitudinal activity over the
past decade. The holistic approach to SCRM was an essential missing link and closed the gap from earlier
literature surveys. The outcome of the SLR provided vital insights into the present and future ventures
of the SCRM field. The identified research gaps, insights, and future directions might encourage new
research techniques to manage the risks in the worldwide supply chain environment (Ghadge et al., 2012).
The Chief Information Security Officer (CISO) is the official responsible for the organization’s physi-
cal and cyber security position and has a complete view of the company’s operational risks (Fruhlinger,
2021). However, any individual in the company can cause a supply chain attack when the organization’s
system infiltrates an outside provider with access to an organization’s systems and data (Korolov, 2021).
Such intentional or unintentional attacks change the surface of the typical business. As a result, additional
suppliers and service providers influence sensitive data (Korolov, 2021).
Since 2021, the Biden-Harris Administration has navigated an unprecedented period in economic
history (Sullivan & Deese, 2022). The COVID-19 pandemic uncovered specific weaknesses in the US
domestic industrial base and significant supply chains. Those weaknesses resulted from years of under-
investing, subcontracting, and offshoring over long-standing security, maintenance, and resistance.
As a result, President Biden highlighted strengthening critical supply chains and rejuvenating the US
industrial base (Sullivan & Deese, 2022). In February 2021, he signed Executive Order 14017 (EO),
America’s Supply Chains, which introduced an all-of-government review of the supply chains creating
the US industrial base. This initial focus was on four critical products: (1) semiconductor devices and
innovative packaging; (2) high-capacity batteries, including electric-vehicle batteries; (3) critical miner-
als and materials, including rare earth elements; and medications; (4) active pharmaceutical ingredients
(APIs; Sullivan & Deese, 2022).
In June 2021, the Biden-Harris Administration reported a 100-day review of four critical products
(Sullivan & Deese, 2022). The inspections identified ordinary susceptibilities and weaknesses across US
supply chains. For example, many supply chains lacked US manufacturing capability, uneven incentives,
and short-term private markets. In addition, an inadequate adoption occurred of industrial policies by
partners, competitor nations, global sourcing, and limited international coordination (Sullivan & Deese,
2022).
205
Security Lapses and Cyber Threats Against Military Supply Chain Systems
DISCUSSION
Supply Chain Continuity and Disruptions
Supply chain continuity and disruptions are two cyber security events that could get easily overlooked
(Nelson, 2020). Organizations should have a proactive plan for supply chain disruption caused by cyber-
security activities. Supply chains consist of internal and external business process interdependencies with
crucial suppliers. As a result, business continuity planning and disaster recovery strategies considered
the influence of cybersecurity threats and risks throughout the supply chain (Nelson, 2020). Discovery
recovery strategies may mean the need for additional resources devoted to managing and monitoring
supplier continuity risks from cyber security threats. As a result, businesses might be influenced and seen
as tolerable risks for identified cyber security threats (Nelson, 2020). Those threats could drive invest-
ments in people, processes, tools, and systems to achieve business continuity internally and necessitate
additional cybersecurity requirements for supply chain partners (Nelson, 2020).
Addressing Supply Chain Vulnerabilities
The US Department of Defense (2022) released a tactical plan to address supply chain weaknesses in the
defense industrial base (DIB). Executive Order (EO) 14017, America’s Supply Chains, directed Cabinet
agencies to evaluate supply chains in sectors essential for America’s economic and national security (US
Department of Defense, 2022). Underscored are the historical strength and value of America’s supply
chains and fortified assets to build greater supply chain flexibility (US Department of Defense, 2022).
In addition, the department focuses on strategic enablers that strengthen overall mission success and
supply chain resilience, such as workforce, cyber posture, small business, and manufacturing capabilities
(US Department of Defense, 2022).
Gaps in Supply Chains
Sodhi et al.’s (2011) findings characterize the diversity from the perspectives of operations and supply
chain management scholars about three gaps:
1. A definition gap in how researchers define supply chain risk management (SCRM)
2. A process gap about inadequate coverage of response to risk incidents
3. A methodology gap in the inefficient use of empirical methods
Risk management is crucial in effectively operating supply chains in various uncertainties (Ho et al.,
2015). Over the years, many researchers focused on SCRM by contributing to defining, operationaliz-
ing, and mitigating risks. Ho et al. reviewed and synthesized the extant literature on SCRM in the past
decade. SCRM is a burgeoning area emerging from practitioners’ and researchers’ growing appreciation
for supply chain risk (Sodhi et al., 2021).
However, there is a diverse perception of research in supply chain risk because Sodhi et al. (2021)
have approached this area from different domains. The researchers’ study of diversity from the perspec-
tives of operations and supply chain management scholars allowed them to survey two focus groups (i.e.,
members of Supply Chain Thought Leaders and International SCRM groups) with open-ended ques-
206
Security Lapses and Cyber Threats Against Military Supply Chain Systems
tions (Sodhi et al., 2021). Finally, they surveyed operations and supply chain management researchers
during the 2009 Institute for Operations Research and the Management Sciences (INFORMS) meeting
in San Diego, California. Findings characterized the diversity of three gaps: (1) a definition gap in how
researchers defined SCRM, (2) a process gap about inadequate coverage of response to risk incidents,
and (3) a methodology gap of inefficient use of an empirical method (Sodhi et al., 2021). The DoD made
sufficient progress on seven actions and outcomes recommended for improving supply chain management.
Therefore, DoD removed this high-risk area. Congressional attention, DoD leadership commitment, and
collaboration contributed to this successful outcome (see Figure 1).
Figure 1. DoD supply chain management
Note. Sodhi, M. S., Son, B.-G., & Tang, C. S. (2011). Researchers’ perspectives on supply chain risk management. Production
and Operations Management, 21(1), 1-13. https://doi.org/10.1111/j.1937-5956.2011.01251.x
207
Security Lapses and Cyber Threats Against Military Supply Chain Systems
From 2014 to 2017, the DoD identified 18 actions and outcomes needed to implement its supply
chain management and removed them from the High-Risk List. In the 2017 High-Risk Report, the DoD
addressed 11 actions and met capacity and leadership action in materiel distribution. However, the
DoD needed additional actions to implement the remaining seven measures and outcomes related to the
monitoring criteria (see Figure 2).
Asset Visibility
The DoD organizes approximately five million inventory items (i.e., spare parts), with a reported value
of about $93 billion as of September 2017 (US Government Accountability Office, 2022). Therefore, to
support the force’s capabilities and ensure that the DoD does not spend resources not necessarily used
with defense and national priorities. Supply chain management includes three segments—inventory
management, asset visibility, and temporal distribution. The DoD supply chain management has been
on the high-risk list for the past three decades (US Government Accountability Office, 2022).
Supply chain management includes three segments: inventory management, asset visibility, and temporal
distribution (US Government Accountability Office, 2022). Since 1990, DoD Supply Chain Management
has been on the high-risk list beginning with inventory management. Supply chain management was on
the high-risk list due to inept and unproductive management practices that led to surplus inventory. In
2005, additional asset visibility and equipment distribution caused a high-risk list of weaknesses identi-
fied during operations in Iraq and Afghanistan. These backlogs of hundreds of pallets and containers at
distribution points were part of significant weaknesses (US Government Accountability Office, 2022).
In 2017, DoD removed inventory management from this area because it made vibrant improvements by
reducing excess inventory by about $600 million, thus addressing high-risk criteria. These improvements
resulted in demonstrable and sustained improvements (US Government Accountability Office, 2022).
Furthermore, DoD addressed the three remaining actions and outcomes outlined in 2017 to mitigate
long-standing weaknesses in asset visibility. Senior-level officials managed asset visibility improvement
efforts. The Asset Visibility Working Group issued the strategy, identified improvement opportunities,
and monitored initiatives’ implementation in 2014, 2015, and 2017 (see Figure 3).
Figure 2. Segments of GAO’s Department Of Defense’s supply chain management high-risk area
Note. Sodhi, M. S., Son, B.-G., & Tang, C. S. (2011). Researchers’ perspectives on supply chain risk management. Production
and Operations Management, 21(1), 1-13. https://doi.org/10.1111/j.1937-5956.2011.01251.x
208
Security Lapses and Cyber Threats Against Military Supply Chain Systems
Materiel Distribution
For the past five years, the DoD has met the criteria of commitment, capacity, and leadership commit-
ment for materiel distribution (US Government Accountability Office, 2022). Further, DoD has fully
addressed the four remaining actions and outcomes outlined in 2017 to mitigate or resolve long-standing
weaknesses in material distribution (US Government Accountability Office, 2022). Consequently, the
DoD has met the monitoring and demonstrated progress criteria for material distribution to remove this
area from the High-Risk List, as shown in Figure 4 below.
Figure 3. Asset visibility
Note. Sodhi, M. S., Son, B.-G., & Tang, C. S. (2011). Researchers’ perspectives on supply chain risk management. Production
and Operations Management, 21(1), 1-13. https://doi.org/10.1111/j.1937-5956.2011.01251.x
209
Security Lapses and Cyber Threats Against Military Supply Chain Systems
Types of Human Error
While the opportunities for human error are virtually infinite, two types of human error are (1) skill-based
errors and (2) decision-based errors. The difference between these two depends on whether or not the
person has the required knowledge to perform the correct action (Woods, 2019).
Skill-based errors. Everyone makes mistakes on the job, such as the supervisor and employees. The
supervisor makes mistakes. The skill-based human error consists of slips, lapses, or mistakes when per-
forming familiar tasks and activities (Woods, 2019). In these scenarios, the end-user knows the correct
action but needs to follow that action due to a temporary lapse, mistake, or negligence. For example,
Figure 4. Materiel distribution
Note. Sodhi, M. S., Son, B.-G., & Tang, C. S. (2011). Researchers’ perspectives on supply chain risk management. Production
and Operations Management, 21(1), 1-13. https://doi.org/10.1111/j.1937-5956.2011.01251.x
210
Security Lapses and Cyber Threats Against Military Supply Chain Systems
these errors happen because of lack of sleep, not paying attention, distractions, or brief memory lapses
(Woods, 2019).
Decision-based errors. Decision-based errors are when an employee makes a wrong decision (Woods,
2019). Many factors include the user needing more information about the specific circumstance or not
even realizing that they decide through their inaction (Woods, 2019). Employers can reduce human error
with practical security awareness training. Employees can learn how not being secure helps businesses
drive particular behavior with intelligently-automated cyber security awareness training that employees
might enjoy (Woods, 2019).
RECOMMENDATIONS
Based on the literature review, there are several potential strategies for mitigating the critical cyber
threats facing the DoD’s military supply chain systems. The DoD must consider several areas, including
technology and data security protocols, monitoring and surveillance, and improved personnel training
and education across the enterprise. Future recommendations consist of the federal government’s fol-
lowing suggestions:
1. The government recognizes cybersecurity as a national and financial security concern within sup-
ply chains.
2. One of the recommendations is to shorten the process of accomplishing the new DFARS requirement.
3. The government should focus on immediate implementation and emphasize essential programmatic
items in the supply chain.
4. The government should implement cybersecurity in DoD supply chains and develop a certification
program focused on cybersecurity.
5. Significant contractors could develop a compelling business case for cybersecurity.
6. The DoD should help SMEs develop and use acceptable cybersecurity measures.
7. By rewarding proactive implementation, DoD should treat SME suppliers appropriately, whether
early or late adopters.
8. For SME suppliers, focus on improving knowledge and awareness regarding cybersecurity.
9. DoD should understand that cybersecurity is now a cost to the business in today’s cyber/digital
market.
10. DoD should understand that cybersecurity is a corporate responsibility, not including subcontracting.
11. DoD should understand the need for supply chain cybersecurity. However, in response to increas-
ing cyber risks in its supply chain and a new mandatory clause, the Defense Federal Acquisition
Regulations Supplement (DFARS) failed to comply, resulting in the termination of its status as a
DoD supplier.
Anecdotal evidence involving these defense suppliers indicated that the imposition of this require-
ment created numerous concerns. Some concerns were about what was needed for compliance. Other
concerns were the costs and benefits of becoming compliant and the short-term problems. Some firms
feared they were at a cost disadvantage regarding other suppliers who decided not to pursue compliance.
These suppliers did not have to incur the costs faced by the suppliers seeking DFARS compliance.
211
Security Lapses and Cyber Threats Against Military Supply Chain Systems
Finally, there is concern over whether the DoD is serious enough to be willing to reduce its sup-
plier base when there is trepidation regarding whether there are enough capable suppliers to serve DoD
readiness and sustainment needs. Other recommendations were to improve resilience in supply chains
and mitigate future disruptions across five broad categories. 1) Rebuild domestic production and inno-
vation capabilities. 2) Support market developments that invest in workers, sustainability, and quality.
3) Leverage the Federal government’s role as a purchaser and investor in critical goods. 4) Strengthen
international trade rules and trade enforcement mechanisms. 5) Work with allies and partners to decrease
weaknesses in worldwide supply chains.
Implications
The implications are a systematic approach undertaken for the literature review that provided future
researchers and managers with an understanding of the SCRM field. In addition, the literature review
offers essential clues on new research directions for SCRM by identifying gaps in current knowledge.
The identified research insights, gaps, and future trends could encourage new research techniques to
manage the risks in the globalized supply chain environment (Kertysova et al., 2018).
CONCLUSION
In conclusion, the DoD military supply chain systems are highly vulnerable to cyber-attacks due to their
reliance on connected networks, systems, and databases. Cyber-attacks can disrupt the supply chain
systems, leading to a loss of critical data and resources. As such, the DoD must take measures to pro-
tect its supply chain systems from these threats. This chapter has shown that organizations face internal
and external multifaceted cyber risks in an increasingly complex cyber threat environment (Kertysova
et al., 2018). Due to their potential to cause physical damage, operational disruptions, and reputational
damage, cyber incidents are business risks. Malware and phishing constitute the most common threats
companies across the United States encounter. Although the costs of a malware incident are relatively low
compared to other kinds of attacks, its high rate of occurrence makes malware the costliest attack vector
overall (Kertysova et al., 2018). Within the malware category, businesses in the United States should
be particularly wary of emerging trends in ransomware attacks. Companies need to be proactive rather
than reactive when dealing with cyber threats. In addition, it is essential to nurture a multidisciplinary
approach toward cybersecurity that involves all key stakeholders. As this study has shown, public-private
partnerships effectively deal with cyber threats.
REFERENCES
Administration for Strategic Preparedness and Response. (2022). Strengthening the supply chain and indus-
trial base. U.S. Department of Health and Human Services. https://aspr.hhs.gov/MCM/IBx/2022Report/
Pages/Strengthening-the-Supply-Chain-and-Industrial-Base.aspx
212
Security Lapses and Cyber Threats Against Military Supply Chain Systems
Bajwa, A. A., & Azim, M. (2016). Security of military supply chains: An analysis of threats, vulnerabilities
and risk mitigation strategies. International Journal of Physical Distribution & Logistics Management,
46(5), 537–558. doi:10.1108/IJPDLM-05-2015-0119
Bushwick, S. (2022). Nearly $53 billion in Federal funding could revive the U.S. computer chip industry.
Scientific American. https://www.scientificamerican.com/article/nearly-53-billion-in-federal-funding-
could-revive-the-u-s-computer-chip-industry/
Chu, M. (2019, June 4). Five cyber threats the military must address. CIO. https://www.cio.com/
article/3359657/5-cyber-threats-the-military-must-address.html
D’Mello, S., & Sharma, M. (2018). Developments in military supply chains: A review. International
Journal of Physical Distribution & Logistics Management, 48(2), 113–138.
Dempsey, T., & Rosenquist, M. (2015). Navigating the digital age: The definitive cybersecurity guide
for directors and officers. Caxton Business & Legal. https://www.nyse.com/publicdocs/Navigating_
The_Digital_Age.pdf
Department of Energy. (2022). DOE releases first-ever comprehensive strategy to secure America’s
clean energy supply chain. DoE. https://www.energy.gov/articles/doe-releases-first-ever-comprehensive-
strategy-secure-americas-clean-energy-supply-chain
Felice, W. F. (2022). 136 countries agree on a minimum global corporate tax, but Republicans say no.
Tampa Bay Times. https://www.tampabay.com/opinion/2022/07/30/136-countries-agree-on-a-minimum-
global-corporate-tax-but-republicans-say-no-column/
Feng, M. (2019). An overview of military logistics and supply chain management. International Journal
of Logistics Systems and Management, 37(1), 1–16. doi:10.1504/IJLSM.2019.103783
Ghadge, A., Dani, S., & Kalawsky, R. (2012). Supply chain risk management: Present and future scope.
International Journal of Logistics Management, 23(3), 313–339. doi:10.1108/09574091211289200
Herr, T., Loomis, W., Schroeder, E., Scott, S., Handler, S., & Zuo, T. (2020). Broken trust: Lessons from
Sunburst. Atlantic Council. https://www.atlanticcouncil.org/in-depth-research-reports/report/broken-
trust-lessons-from-sunburst/
Ho, W., Zheng, T., Yildiz, H., & Talluri, S. (2015). Supply chain risk management: A literature review.
International Journal of Production Research, 53(16), 5031–5069. doi:10.1080/00207543.2015.1030467
Kertysova, K., Frinking, E., van den Dool, K., Maričić, A., & Bhattacharyya, K. (2018). Cybersecurity:
Ensuring awareness and resilience of the private sector across Europe in the mounting cyber risks.
European Economic and Social Committee. The Hague Centre for Strategic Studies. https://www.eesc.
europa.eu/sites/default/files/files/qe-01-18-515-en-n.pdf
Korolov, M. (2021). Supply chain attacks show why you should be wary of third-party providers. CSO
United States. https://www.csoonline.com/article/3191947/supply-chain-attacks-show-why-you-should-
be-wary-of-third-party-providers.html
Kumar, S., & Kumar, P. (2020). Performance improvement of military supply chain: A review. Journal
of Global Operations and Strategic Sourcing, 13(1), 124–147.
213
Security Lapses and Cyber Threats Against Military Supply Chain Systems
Leary, M. (2020). Design for additive manufacturing. Elsevier. doi:10.1016/B978-0-12-816721-2.00006-3
Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security: Emerging
trends and recent developments. Energy Reports, 7, 8176–8186. doi:10.1016/j.egyr.2021.08.126
Lutkevich, B. (2022). Supply chain. TechTarget. https://www.techtarget.com/whatis/definition/supply-
chain#:~:text=A%20supply%20chain%20is%20the,delivery%20to%20the%20end%20user
Manuj, I., & Mentzer, J. T. (2011). Global supply chain risk management. Journal of Business Logistics,
29(1), 133–155. doi:10.1002/j.2158-1592.2008.tb00072.x
McKee, S. (2020). Critical cybersecurity threats to the supply chain. SC Media. https://www.scmagazine.
com/home/security-news/critical-cybersecurity-threats-to-the-supply-chain/
MITRE. (2021). Supply chain risk management. MITRE. https://www.mitre.org/publications/systems-
engineering-guide/enterprise-engineering/systems-engineering-for-mission-assurance/supply-chain-
risk--management
Muller, S. R. (2020). An Analysis and Discussion of the Defense Information Systems Agency’s Level
of Compliance and Integration of the US Congress’ Title Viii National Defense Authorization Act FY
2015 Subtitle D-Federal Information Technology Acquisition Reform. Annals of Computer Science and
Information Systems, 24.
Muller, S. R., & Burrell, D. N. (2022). Social Cybersecurity and Human Behavior. [IJHIoT]. Interna-
tional Journal of Hyperconnectivity and the Internet of Things, 6(1), 1–13. doi:10.4018/IJHIoT.305228
Muller, S. R., & Lind, M. L. (2020). Factors in Information Assurance Professionals’ Intentions to Adhere
to Information Security Policies. [IJSSSP]. International Journal of Systems and Software Security and
Protection, 11(1), 17–32. doi:10.4018/IJSSSP.2020010102
Nelson, J. (2020). How cybersecurity impacts business continuity planning and disaster recovery. LMG
Security. https://www.lmgsecurity.com/how-cybersecurity-impacts-business-continuity-planning-and-
disaster-recovery/
Office of the U.S. Trade Representative. (2021). U.S.-EU arrangements on global steel and aluminum
excess capacity and carbon intensity. USTR. https://ustr.gov/about-us/policy-offices/press-office/fact-
sheets/2021/october/fact-sheet-us-eu-arrangements-global-steel-and-aluminum-excess-capacity-and-
carbon-intensity
Seals, T. (2019). Software, supply-chain dangers top list of 5G cyber risks. Threat Post. https://threatpost.
com/software-supply-chain-5g-cyber-risks/149135/
Shih, W. C. (2020). Global supply chains in a post-pandemic world. Harvard Business Review. https://
hbr.org/2020/09/global-supply-chains-in-a-post-pandemic-world
Sodhi, M. S., Son, B. G., & Tang, C. S. (2021). Researchers’ perspectives on supply chain risk manage-
ment. Production and Operations Management, 21(1), 1–13. doi:10.1111/j.1937-5956.2011.01251.x
Sullivan, J., & Deese, B. (2022). Executive order on America’s supply chains: A year of action and prog-
ress. White House. https://www.whitehouse.gov/wp-content/uploads/2022/02/Capstone-Report-Biden.pdf
214
Security Lapses and Cyber Threats Against Military Supply Chain Systems
The White House. (2021). Building resilient supply chains revitalizing American manufacturing and
fostering broad-based growth: 100-day reviews under Executive Order 14017. The White House. https://
www.whitehouse.gov/wp-content/uploads/2021/06/100-day-supply-chain-review-report.pdf
U.S. Department of Agriculture. (2022). Biden-Harris administration announces new actions to strengthen
food supply chains, level the playing field for growers, and lower prices for American consumers. The
White House. USDoD. https://www.usda.gov/media/press-releases/2022/05/26/biden-harris-adminis-
tration-announces-new-actions-strengthen-food
U.S. Department of Defense. (2017). Department of Defense Cyber Strategy. USDoD. https://media.
defense.gov/2017/Aug/18/2001839282/-1/-1/1/DOD-CYBER-STRATEGY-2017.PDF
U.S. Department of Defense. (2022). Defense department releases report on strengthening defense-
critical supply chains. USDoD. https://www.defense.gov/News/Releases/Release/Article/2944488/
defense-department-releases-report-on-strengthening-defense-critical-supply-cha/
U.S. Department of the Treasury. (2022). The impact of the American rescue plan after one year. USDT.
https://home.treasury.gov/news/press-releases/jy0645
U.S. Department of Transportation. (2022). USDOT supply chains tracker shows historic levels of
goods coming into U.S., continued challenges with congestion. USDT. https://www.transportation.gov/
briefing-room/usdot-supply-chain-tracker-shows-historic-levels-goods-coming-us-continued-challenges
U.S. Government Accountability Office. (2022). DOD supply chain management. GAO. https://www.
gao.gov/highrisk/dod-supply-chain-management
U.S. House of Representatives. (2022). American Competes act includes major supply chain provisions
spearheaded by Representatives Malinowski, Blunt Rochester, and Kinzinger. US HoR. https://ma-
linowski.house.gov/media/press-releases/america-competes-act-includes-major-supply-chain-provisions-
spearheaded
Woods, D. (2019). The role of human error in successful cyber security breaches. The Usecure team.
https://blog.usecure.io/the-role-of-human-error-in-successful-cyber-security-breaches
