Security, Visibility, and Resiliency:
The Keys to Mitigating Supply Chain Risk
Theodore S. Glickman and Susan C. White
School of Business
The George Washington University
Washington, DC 20052
Submitted to The Journal of Supply Chain Management, May 2004
Security, Visibility, and Resiliency:
The Keys to Mitigating Supply Chain Risk
Terrorism and war are much more prominent in the minds of supply chain planners today than
they were just five years ago. In the 1990s, firms moved to outsource processes and/or
capabilities that were not considered key competencies. Certainly technology enabled this
transformation as falling information processing costs and increasing global connectivity allowed
firms to collaborate across national boundaries more easily. This shift in the business paradigm
led to increased reliance on efficient supply chain networks – both with respect to the flow of
products and the corollary flow of information. The tragic events of September 11th, 2001,
highlighted the risks associated with the dependence on supply chain networks to move products
continuously. In this paper, the keys to mitigate these risks are presented, and the
interrelationships among them are explored. In order to compete effectively, firms today need to
ensure security, visibility, and resiliency throughout their supply chain networks.
During the last fifteen to twenty years, firms have been focusing more and more on their core
competencies and outsourcing other processes and/or capabilities. (See [1-6] for example.)
Baiman, Fischer, and Rajan  note that:
“… the U.S. automotive industry has steadily increased the number of parts outsourced,
while decreasing the number of suppliers. Further, the automotive industry is now
experimenting with outsourcing the production and installation of major components by
turning over parts of their factories to their suppliers.” (p. 173)
Most analysts believe that this trend toward more and more outsourcing will continue.  In
concert with the movement toward outsourcing, firms have also moved toward a leaner and/or
more agile framework in which inventory levels are reduced. For example, the Defense
Logistics Agency, which is responsible for buying and shipping more than 4 million items to
U.S. forces in the states and abroad, saw on-hand inventory reduced from $3.96 billion in 1993
to $2.24 billion in 2000. Simultaneously, sales went from $4.1 billion in 1994 to $6.2 billion in
2001. The time needed to fill orders fell from six days in 1999 to four days in 2001. 
This trend toward outsourcing coupled with the ongoing drive for reduced inventories and more
responsive supply chains has led to greater interdependence among various members of the
supply chain. The consequences of such dependencies include the reality that disruptions or
disturbances in inbound or outbound flows may have serious adverse effects on the firm’s
ongoing operations. These events may come in the form of natural disasters, labor disputes,
unanticipated economic shifts, terrorist strikes, wars, and other unexpected occurrences.1
Svensson  finds that there is a significant correlation between outsourcing various processes
and the occurrence of disturbances or disruptions in a firm’s inbound logistics flow.
The outbreak of severe acute respiratory syndrome (SARS) which struck Asia and then parts of
Canada in 2003 highlighted the potential dangers associated with focusing on efficiency alone in
supply chains. Firms with sole-source suppliers in China when SARS struck were exposed to
serious disruptions in their supply chains. In fact, Motorola and Texas Instruments both lowered
their second-quarter 2003 sales and earnings-per-share projections due, at least in part, to supply
chain shocks from the SARS outbreak. Since a firm may have very little control over
disturbances and/or disruptions in their supply chain, it should focus its efforts on managing its
supply chain so that it can deal with the stresses effectively. 
Disruptions and/or disturbances in a supply chain are inevitable. An examination of the risk
associated with a supply chain should not dwell on whether or not an adverse event will occur;
rather, the emphasis should be on developing and managing a supply chain that is able to
respond effectively to the shock when it occurs. The next section provides a brief overview of
where things stand in the field of supply chain management. Subsequent sections offer keys to
mitigating risks in supply chains and their practical implications. This paper concludes with
comments on future needs.
To some degree, weather-related natural disasters and unresolved labor disputes may be expected; even so, they
can have far-ranging impacts on all members of a supply chain.
2. The Current State of Supply Chain Management
Figure 1 depicts a typical supply chain from the perspective of a single firm. Note that the firm’s
suppliers may be consumers upstream and may also be suppliers to the firm’s competitors.
Furthermore, the firm’s consumers may be suppliers downstream and may also be consumers of
goods and services provided by the firm’s competitors.
Lee and Billington  highlight fourteen pitfalls in supply chain management and offer insight
into six key strategies to improve supply chain performance. The pitfalls which they saw over a
decade ago include inaccurate delivery status data, inefficient information systems, poor
coordination among divisions within a firm, organizational barriers, and a focus on internal
operations only. This would imply that the firm in Figure 1 looks only within its own realm and
even then may have poor coordination and incomplete information across the firm. Lee and
Billington encourage supply chain managers to integrate databases and control and planning
support systems throughout the supply chain and to expand the firm’s view beyond its own
A decade later, researchers report that practitioners and academicians alike had failed to make
the seamless, efficient supply chain a reality.  They note that:
“In a time when we still cannot get departments within companies to work
together, why do we believe that we can achieve integration and cooperation
among trading partners? In a time when firms are still driven by the short-term
financial expectations of their shareholders, why do we expect management to
suddenly develop patience and consider SCM’s long-term benefits?” (p. 35)
These authors echo some of the pitfalls described by Lee and Billington and offer their own
strategies for overcoming the barriers. These strategies include investing in information
Poirier and Quinn  also examine the current state of supply chain management programs.
They find that leading firms have established dominant positions in the marketplace, “based in
large part on their ability to work collaboratively with carefully selected trading partners.” (p. 40)
They refer to the five levels of supply chain evolution:
I. Internal focus on functional and process improvement - the basic focus in Level I
is in two major areas: sourcing and logistics.
II. Internal focus on expanding the improvement begun in Level I company-wide -
in this level, the firm begins to examine processes which can be outsourced and
to develop stronger relationships with suppliers.
III. External focus begins; the firm forms a business network with a few carefully
selected business allies who work together to discover mutually beneficial ways
to do business.
Figure 1: A Typical Supply Chain from the Firm's Perspective
IV. External focus expands - the firm begins working in earnest with selected
upstream and downstream partners; information is shared electronically so that
supply chain members can identify opportunities more easily.
V. Theoretical full interconnectivity - supply chain partners are fully networked and
use technology to enable them to gain dominant market positions.
In their assessment of the status of supply chain management, Poirier and Quinn report that very
few firms feel they have advanced beyond Level III in this framework. Those that have moved
to Level IV or V are dominant in their field; the most commonly cited examples were WalMart
and Dell. In addition, automotive firms generally received high marks for their supply chain
performance; the firms mentioned include Toyota, Honda, John Deere, and Harley-Davidson.
As advances continue to be made in supply chain integration and performance, managers are
now faced with the additional challenge of doing more to protect against elevated threats to the
smooth functioning of their supply chain operations. It remains clear that the risks associated
with interdependent supply chains are real and are only exacerbated by new threats of terrorism
and war. It would behoove firms, then, to manage their supply chains so that they are more able
to handle the stresses, disturbances, and disruptions that are sure to come. The next section
focuses on the three keys to mitigating supply chain risk: security, visibility, and resiliency.
3. The Keys to Mitigating Supply Chain Risk
Risk management in a supply chain is the art of reducing the likelihood of disruptions when and
where possible and increasing the number of options to respond to disturbances when they do
happen.  In this light, there are three fundamental keys to mitigating supply chain risk:
security, visibility, and resiliency. Security is a preventative tool--security seeks to minimize the
likelihood of disruptions. Visibility is an intervention tool--visibility throughout the supply
chain allows managers the opportunity to respond quickly to disruptions based on accurate, real-
time assessment. Finally, resiliency ensures continuity--resiliency is the ability to return the
supply chain to an operational level shortly after disruptions have occurred. These issues are
closely interrelated and all rely on a core driver: the unimpeded flow of information. This flow
of information facilitates both security and visibility and enhances resiliency. In Table 1, each of
these keys is examined with regard to seven basic concerns: product, transport, information,
collaboration, connectivity, execution, and flexibility.  Following the table, the three keys
are discussed in further detail.
Proactive steps to ensure security throughout the supply chain should be at the forefront of risk
mitigation. This definition of supply chain security includes many facets from supplier selection
to transport mode management to connectivity and collaboration. Within the realm of transport
mode, new federal initiatives are driving security programs in the U.S. While some have argued
that changes in the U.S. Customs Service directly conflict with lean or just-in-time inventory
practices, others point out that the new requirements could be good for global supply chains.
Certainly the security issues that are being addressed now are not new; rather, they have always
been sources of potential disruptions in the supply chain and are being addressed now. One
expert notes that “the biggest lesson we learned about security is that there’s a difference
between being good and being lucky.”  Opportunities exist to strengthen supply chain
security at every stage from product development through delivery to the final customer.
With respect to product considerations, it is important that sourcing decisions be included in the
product design stage. This will include an examination of transport issues given various
suppliers; the transport decision must consider the supply chain partners’ locations and import
and/or export issues. With respect to security, access to accurate information and the ability to
share it both with supply chain partners and appropriate government agencies must be included
in the design of the information system.
Table 1: Security, Visibility and Resiliency Considerations in Supply Chain Management
Security Visibility Resiliency
Supplier selection Real-time inter- Modular product
Product based on security connectivity enhances designs enhance
Concerns concerns may affect visibility but may limit resiliency and allow
product design supplier selection for multiple suppliers
Mode selection must The need to maintain Allow for multiple
Transport account for security visibility throughout modes as back-ups in
Concerns concerns and may the entire supply net- case of blockages or
involve customs issues work may limit scale failures
Need ability to share Tracking the flow and Accurate, timely data
Information requisite data with status of goods across is vital to resiliency in
Concerns governmental agencies the entire supply order to react, adapt,
in a timely fashion network is required and respond
Partner security is Visibility within Partners should be
Collaboration required due to mutual partners’ domain as resilient, too, because
Concerns interrelationships and well as one’s own of impacts on one’s
dependencies must be established own resiliency
Secure networks must Accurate, timely infor- Connections need to
Connectivity be provided to mation including have redundancies
Concerns safeguard data flows exception reports must built in to ensure
and communications always be available continued operations
The design and use of Real-time accuracy Simulations and test
Execution security protocols has with respect to exercises should be
Concerns to facilitate the free location and volume is used to confirm and
flow of goods and data essential improve resiliency
Security protocols and To maintain visibility, By its very nature,
Flexibility enforcement should be it is necessary to adapt resiliency requires the
Concerns changeable in to obstacles efficiently ability to change
response to events and effectively smoothly and rapidly
When disruptions occur, whether due to breakdowns in security or to events beyond the control
of the supply chain partners, visibility throughout the supply chain is the key to effective, timely
efforts to intervene and minimize the adverse effects of the disruptions. [22-25] In fact,
Montgomery, Holcomb, and Manrodt  argue that visibility is not only a tactical issue in
supply chains, but that it also has enormous strategic implications for the entire organization.
Specifically, they state that:
“Visibility enables all supply chain members to easily see and manage the flow of
products, services and information in real time or near real time, from end-to-end,
as needed. True visibility is present when supply chain members can do this in
concert, and they can do it across their existing technology platforms.” (p. 3)
Figure 1: Security, Visibility, and Resiliency in Supply Chains
They offer the example of a global pharmaceutical company that was contacted by a government
agency shortly after the events of September 11, 2001, requesting the diversion to New York of a
very large supply of antibiotics they produced. The firm, because they had instituted visibility in
their supply chains, was able to determine the feasibility of the request in less than half an hour.
Visibility throughout the supply chain relies heavily on good information systems, connectivity
throughout the supply chain, and collaboration among all supply chain partners. Visibility
cannot end at a nation’s borders; rather, products, supplies, components, and all associated
information must be shared globally. Transport modes should be chosen in concert with all
supply chain partners to ensure accurate information flow during transport. With timely
information, supply chain members can respond quickly to disruptions as they occur.
Once intervention has addressed the immediate concerns of the supply chain disruption, the
entire supply chain must respond in a resilient fashion. According to Rice and Caniato ,
resiliency in a supply chain is the ability of the supply chain to react to a disruption and restore
normal operations. Certainly, visibility is vital to resiliency; it is virtually impossible to make
good decisions without accurate knowledge. However, resiliency goes beyond visibility. After
the initial response to the disruption, there must be plans ready to execute to ensure continued
viability. Moreover, the genesis of this resiliency must be planted long before the disruption
Resiliency should be kept in mind during the product design phase since the response might
require using different suppliers for a time. Additionally, the transport decision should include a
consideration for contingencies following disruptions. As information systems and connectivity
platforms evolve with the supply chain, managers should ensure that backup systems are in place
and ready to use should the need arise. Such planning requires collaboration among all members
of the supply chain. Flexibility – in operations, in product design, in volume, in capacity, in
routing – will make resiliency easier to achieve.
4. Practical Implications
Security, visibility, and resiliency are the keys to mitigating supply chain risk. While technology
can aid in developing each of these competencies throughout the supply chain, technology alone
is not the solution. In fact, Barami  posits that too much reliance on technology alone to
ensure security, aid visibility, and promote resiliency could leave the supply chain vulnerable to
asymmetric and non-linear threats.
Russell and Saldanha  offer five tenets of security-aware logistics and supply chain
operations. Even though their focus is on security, these tenets also ring true for visibility and
resiliency; they write that “firms should …
1. … partner with local, state, and federal organizations that impact the movement
2. … know overseas trading partners and take responsibility for securing cross-
border supply chains.
3. … have a mode-shifting capability to accommodate interruptions.
4. … develop a suite of communication channels and media.
5. … adopt the concepts of agility, reservists, and pre-positioning.
Firms who adopt these tenets and who move toward Levels IV and V in the supply chain
evolution  will be best positioned to secure their supply chains, to make products and
relevant information visible throughout the supply chain, and to respond to disruptions
effectively and efficiently.
Moberg, Speh, and Freese  note that the full potential of integrated supply chain management
has yet to be realized. In an effort to address this shortcoming, they have identified major
barriers to effective integration and offered action plans to overcome them. Three of their action
plans are crucial to ensure security, visibility, and resiliency in supply chains: establishing
interorganizational teams, investing in information technology, and engaging in more practical
and applied supply chain research. As we have discussed, security, visibility, and resiliency are
the three keys to mitigating risk in supply chains. In order to implement them, integrated supply
chain management must become a reality.
1. Drejer, A. and S. Sorensen, Succeeding with sourcing of competencies in technology-
intensive industries. Benchmarking, 2002. 9(4): p. 388.
2. Ghausi, N., Trends in outsourced manufacturing--reducing risk and maintaining
flexibility when moving to an outsourced model. Assembly Automation, 2002. 22(1): p.
3. Leavy, B., Supply strategy - what to outsource and where. Irish Marketing Review, 2001.
14(2): p. 46.
4. Novak, S. and S.D. Eppinger, Sourcing by design: Product complexity and the supply
chain. Management Science, 2001. 47(1): p. 189.
5. Prahalad, C.K. and G. Hamel, The Core Competence of the Corporation. Harvard
Business Review, 1990(May - June 1990): p. 16 - 28.
6. Yano, C.A., IIE Transactions special issue on planning and coordination of supply
chains with outsourcing. IIE Transactions, 2002. 34(8): p. IV.
7. Baiman, S., P.E. Fischer, and M.V. Rajan, Performance measurement and design in
supply chains. Management Science, 2001. 47(1): p. 173.
8. Demers, D. and P. Sathyanarayanan, Charting the SUPPLY CHAIN DNA. Supply Chain
Management Review, 2003. 7(6): p. 48.
9. Weinstock, M., Risky business. Government Executive, 2002. 34(16): p. 40.
10. Svensson, G., The impact of outsourcing on inbound logistics flows. International Journal
of Logistics Management, 2001. 12(1): p. 21.
11. McClenahen, J.S., Get ready for the next SARS. Industry Week, 2003. 252(8): p. 12.
12. Lee, H.L. and C. Billington, Managing Supply Chain Inventory: Pitfalls and
Opportunities. Sloan Management Review, 1992. 33(3): p. 65.
13. Moberg, C.R., T.W. Speh, and T.L. Freese, SCM: Making the vision a reality. Supply
Chain Management Review, 2003. 7(5): p. 34.
14. Poirier, C.C. and F.J. Quinn, A survey of Supply Chain progress. Supply Chain
Management Review, 2003. 7(5): p. 40.
15. Billington, C., HP cuts risk with portfolio approach. Purchasing, 2002. 131(3): p. 43.
16. Montgomery, A., M.C. Holcomb, and K.B. Manrodt, Visibility: Tactical Solutions,
Strategic Implications, in Cap Gemini, Ernst & Young, Georgia Southern University, and
the University of Tennessee. 2002. p. 21.
17. Piszczalski, M., Homeland Security vs. Global Supply Chains. Automotive Design &
Production, 2002. 114(12): p. 16-17.
18. Bowman, R.J., Cargo Security, Good Business Practices May Go Hand in Hand. Global
Logistics & Supply Chain Strategy, 2003(February 2003).
19. Whitten, D.L., Supply chain managers balance risk vs. cost in security and contingency
plans. Transport Topics, 2003(3529): p. 3.
20. Cook, T.A., A New Security Mandate. Supply Chain Management Review, 2003: p. 11 -
21. Quinn, F.J., Security matters. Supply Chain Management Review, 2003. 7(4): p. 38.
22. D'Antoni, H., Behind the numbers: Real-time information aids supply chains.
InformationWeek, 2003(936): p. 71.
23. Konicki, S., He's fixed on keeping the supply chain strong. InformationWeek, 2001(869):
24. Konicki, S., Supply-chain adjustments key after attacks. InformationWeek, 2001(866): p.
25. Sheffi, Y., Supply Chain Management under the Threat of International Terrorism. The
International Journal of Logistics Management, 2001. 12(2): p. 1 - 11.
26. Rice, J.B. and F. Caniato, Building a Secure and Resilient Supply Network. Supply Chain
Management Review, 2003: p. 22-30.
27. Barami, B., Technology Fixes for the New Global Risks: Do they Address Asymmetric
and Non-linear Threats? Logistics Spectrum, 2003. 37(1): p. 14.
28. Russell, D.M. and J.P. Saldanha, Five tenets of security-aware logistics and supply chain
operation. Transportation Journal, 2003. 42(4): p. 44.