China’s Secret Tunnel into the Heart of America’s Defense Industry

Article Introduction

The first step in assessing supply chain risk is to figure out who exactly is in an entity’s supply chain. Government contractors are tiered, and large companies at the top may not be aware of the identities and risk profiles of all of the subcontractors they rely on to deliver complex systems. As Mike Gordon, deputy chief information security officer at defense contractor Lockheed Martin, said last year, “Because of contract privity and competitive advantage, the tier one doesn’t necessarily know who in the tier four is working on a particular program, and the government does not necessarily know that either.”