Jan 13 2022

Supply Chain Issues Pose Problems for Federal IT Projects

Agencies should be cautious about cybersecurity when searching for replacement products.

Empty shelves are no longer the result of pandemic-related panic buying. Today, they’re an indicator of a more serious and long-lasting problem: The links that create the supply chain are weakening, and normal patterns of acquisition are completely disrupted.

Staffing challenges are compounding supply chain issues. The pandemic accelerated a trend toward retirement for some government workers, and others are choosing to transition out of government. The demand for skilled technology workers across all segments of industry is so great that filling those positions has been tough. More than one-third of government cybersecurity roles remain unfilled.

Ask leaders at any agency how procurement efforts are going and whether they’re getting new technology as quickly as they need it, and the answer likely will be no.

In the meantime, with lead times stretching upwards of six months and no end in sight, agencies are being forced to adapt. They’re hearing from resellers and  manufacturers (OEMs) that orders placed as early as fall 2021 may not arrive until next summer.

Click the banner below to get access to exclusive cybersecurity content by becoming an Insider.

Patches and Service Extensions Can Mitigate Delay-Related Issues

From a scheduling and management standpoint, this is causing chaos. An agency may have its plans lined up — planned outages as equipment is installed, third-party integrators with definite dates to be onsite, training for employees on the new IT — and the vagaries of the supply chain grind those plans to dust.

In some of our long-term projects, we do have a better idea of agencies’ schedules, and we can be more proactive in working with those agencies to allocate technology in a timely manner. However, if the agency’s order isn’t rated — if it’s not given priority over other similar orders for national security or emergency reasons — it is possible that piece of technology will be given to an agency with a rated order. Then, you’re back at square one.

One work-around we’ve developed is to help agencies extend the life of the technology they’ve got while waiting for the new orders to arrive. Knowing that it will take a year to get new inventory, some agencies choose to extend service contracts rather than doing a full refresh. Others rely on patch upgrades, and we assist them through our managed services practices.

Government agencies do have one advantage over the private sector in this current environment, because government technology purchases must be compliant with the Trade Agreements Act, which limits the number of countries that can sell to federal agencies. Products must also be made, or substantially made, in the United States, eliminating some of the overseas shipping challenges faced by businesses that must import goods.

Still, the longer supply chain issues continue, the more impatient tech buyers may get — and they might be more apt to turn to refurbished IT or the gray market for their upgrades and refreshes, potentially endangering their physical infrastructure as well as their cybersecurity.

Caution Is the Watchword with Replacement Items

Refurbished equipment is not dangerous — as long as you’re buying it from the OEM or a trusted reseller that works directly with the OEM. The brand name alone means nothing outside the context of the product’s seller; the device could have been refurbished by folks that aren’t so trustworthy.

Gray market sales are more worrisome. There’s no way to know exactly where the product, device or component came from — just think of some of the items you might have purchased on a large online retail site that looked legitimate, then ended up bearing no resemblance to what you thought you were getting.

In the case of technology, gray market shopping means that you don’t know the country of origin, and you don’t know if the technology or its components have been tampered with. Often, if this technology is installed and problems arise, an agency may have to rebuild the entire process, putting a project even further behind. The gray market may be more of an issue for state and local governments, who aren’t subject to some of the strict procurement rules placed on federal agencies, but it’s still something to watch out for.

No matter what, we do our best to keep projects moving, communicating with the OEMs on what products are coming in and how quickly. However, the situation is so fluid that we might hear on a call that the item won’t be available until next year, and later that day hear something completely different via email. It’s frustrating for us as well as for you, and we’re anxious for better days ahead.

This article is part of FedTech’s CapITal blog series. Please join the discussion on Twitter by using the #FedIT hashtag.

CapITal blog logo

Edwin Tan/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT