Publications Details

Macro Supply Chain Lifecycle Decision Analytics

Helinski, Ryan H.; Kao, Gio K.; Hamlet, Jason H.; Letchford, Joshua L.; Campbell, Philip L.; Anthony, Benjamin A.

This report summarizes a two-year LDRD project that investigated the problem of representing complex supply chains, identifying the worst risks and evaluating mitigation options. Our team developed a framework that includes a representation for business processes, risk assessment questions, risk indicators and methods for analyzing and summarizing the data. In our approach, the Process Matrix represents an overall supply chain for an end product in a high-level, tabular form. It connects the various touch-points of a business process including people, external vendors, tools, storage locations and transportation services while capturing the flow of both physical and intellectual artifacts. We believe these direct connections are exactly the things that a process owner can typically control. These material flows (both physical and intellectual) are also represented in a graph. This enables us to use graph-oriented analysis such as fault tree analysis and attack graph generation. Our approach is top-down, which helps users to get a more holistic understanding for a given amount of resources. Understanding the provenance of materials is difficult and it is easy to exhaust the analysts' resources. Rather than a tool to do vendor analysis or product comparison, our framework enables an enterprise-level analysis. The risk assessment questionnaires have a varying levels of detail and cover various aspects of the supply chain such as process steps, artifacts, suppliers, etc. and connections between these aspects such as artifact-storage, artifact-supplier, etc. Each question is further associated with one of seven risk indicators which can be used to summarize the risk. These risk indicators can also be weighted to reflect a user's concerns. We have successfully applied our framework to several use cases in various stages of its development and provided valuable insights to our partners, but it can also be applied to other complex systems outside of the supply chain security problem.