The Hidden Risk in Your Supplier Base

The global supply chain poses significant challenges for the Department of War. Production is distributed, with different phases of extraction, processing, manufacturing, assembly, packaging, and sales often located on different continents — even for supplies that are nominally made in the USA. Legally and financially, things are even more tangled, with complex ownership structures and convoluted networks of investment and influence that can make it very hard to know exactly who has a hand in a product.

And obscurity isn’t the only problem. China holds a virtual monopoly on heavy rare earth minerals critical for everything from EV motors, to catalytic converters, to missile guidance and radar. China’s dominance of semiconductor production, while not as absolute, is nearly as significant to the military. Chinese semiconductors are in 41% of US military infrastructure and weapons, and 91% of American naval weapons incorporate the rare earth minerals China dominates.

This situation puts the defense industry in a difficult position. While most US military equipment is manufactured domestically, key components rely on foreign entities for both materials and manufacturing — entities which could sanction or cut off supplies in the future. Additionally, foreign ownership and influence creates security risks, such as backdoors, IP and intelligence theft, and sabotage. Here’s how to address the foreign dependency risk in your supplier base.

State of DoW Supply Chain Management

The Department of War oversees a vast supply network of over 200,000 suppliers — and that’s just the primes and sub-primes. On top of that, there are 187,000 FTEs of contractors, with their own equipment, access, and corporate ownership structures which could pose their own problems.

Governing all of this would be a massive challenge even if the DoW had a fully mature approach to procurement and supply chain management. It does not. According to a 2025 report by the US Government Accountability Office:

The primary procurement database for the federal government, however, provides little visibility into where these goods are manufactured or whether materials and parts suppliers are domestic or foreign. DOW is pursuing several supply chain visibility efforts designed to help improve its ability to identify risks of what it refers to as “foreign dependency.” DOW has made progress gathering supplier information for major subsystems and components. However, these efforts are uncoordinated and limited in scope and provide little insight into the vast majority of suppliers, including those that provide raw materials and parts.

The Federal Procurement Data System (FPDS) contains two types of information on where goods come from. The first is the Place of Manufacture field. This field registers whether the product is manufactured inside or outside the US, but doesn’t show where goods manufactured outside come from.

The second field, Country of Product or Service Origin, provides more information, showing where the “preponderance of the content of the products… is derived.” However, it does not include information on suppliers for components or subsystems. So if a weapons system is 95% manufactured in the US, but has five percent of its components from China, this field will only show that the US is the country of origin. While the FPDS is better than nothing, it’s clearly insufficient.

DoW Attempts to Mitigate the Problem

The DoW’s main SCRM plan

The Department of War is working to improve visibility, but it’s still early days. Under recommendations from the GAO and the Defense Business Board, the DoW has committed to a dual-track approach. They’ve created the Supply Chain Risk Management Integration Cell (SCRM-IC) to study the problem, and implement supply chain visibility best practices. But at the moment, they’re early in the process; their first benchmark is simply to set priorities, timeframes, and roles.

At the same time, they’re working to “identify the potential benefits and challenges of obtaining country-of-origin information from contractors” by incentivizing suppliers to use their own supply chain illumination best practices. But like the first approach, this initiative is still in the planning stages, with reports on both efforts expected by June, 2026.

DoW visibility pilots

The Department of War has piloted two programs to gain more visibility. The first, the Supply Chain Risk Evaluation Environment (SCREEn) has gained visibility into 30,000 of the 40,000 parts of the F-35 Joint Strike Fighter, but only has country-of-origin data on less than 10% of the component and raw material suppliers behind those parts. It was able to highlight a couple of foreign dependencies, including Chinese-made magnets in the F-35, but it depended on self-disclosure for this information.

A second program, the Defense Industrial Base Modeling and Analysis Project (DIBMAP), has focused on gaining three tiers of data, initially for 110 weapons systems. The program opportunistically gathered additional information where available, and now has at least some data beyond tier-1 for 732 weapons systems. However, officials have reported that “the supplier information collected so far does not provide enough visibility for DOW to identify or proactively address foreign dependency risks deeper in the supply chain,” and the program has been paused.

Mitigating Risks in Your Defense Supplier Base

Although the DoW has made meaningful progress in mitigating hidden foreign supply chain dependencies, there is still a long way to go. Both SCREEn and DIBMAP are pilot programs that only provide a snapshot of a small section of the military’s vast supplier network.

The more general programs under the SCRM-IC are still in early planning stages, and it could be several years before deployment, so it’s unclear what the government’s final approach will look like, or what role supplier-provided sourcing data will play in it. For the time being, it’s incumbent on suppliers to do their own due diligence to mitigate the risk of hidden foreign dependence, using SCRM best practices.

Governance

Centralized data governance should be the lynchpin of your SCRM strategy. You need a central policy and a supplier intelligence platform to govern suppliers throughout your organization. Set standards for suppliers, and a data-driven process for conducting risk-based assessments. Your approach should consider all dimensions of risk, including compliance, FOCI, financial health, cybersecurity, and operations data. Map critical supply chains with digital Bills of Materials and Software Bills of Materials to ensure you’re monitoring your sourcing strategy as thoroughly and accurately as possible.

Complement that with deep and regular supplier engagement. This will allow you to enhance trust, collect data, and plan strategies to mitigate supply chain risks and enhance resilience.

Monitor risk and performance

Conduct ongoing monitoring, using both internal and external metrics. That means tracking supplier performance metrics, and identifying new risks with your supplier intelligence platform and vendor relationships. Quickly triage and address risks as they emerge by supplier criticality and risk severity, eliminating unacceptable risks, and working with vendors to mitigate moderate ones.

Talent

With advanced technology and sophisticated policies you can use your talent more effectively. Once you free your team from time-consuming data aggregation tasks, you can train them in your risk analysis methodology and use them to mitigate defense supplier risks and build vendor relationships. Use a multi-disciplinary team to analyze risk from legal, cybersecurity, financial, and other risk categories. That will enable you to tackle risk more effectively, and set longer-term goals for improving your vendor risk profile over time.

Be a Leader in Supplier Risk Mitigation

The bigger an organization, the longer it takes to change, and the DoW is massive. While America’s military works to improve its SCRM, it falls to each supplier to do their part to mitigate foreign dependency risk. Craft’s cutting-edge supplier intelligence is already making a difference, both inside the DoW, and in many of the nation’s top defense industry primes.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.