Criminal organizations have previously disrupted and manipulated legitimate global supply chains for financial gain and other reasons, and they will continue to do so. Such disruption and manipulation may take the form of blocking one or more elements of a supply chain for ransom, cause damage to the target, create delay or uncertainty, or motivate a redirection to alternative suppliers. They may also take the form of injecting counterfeit material into the supply chain and/or removing genuine materials. During a global crisis, the effects of supply chain disruptions or manipulations are magnified as already fragile systems and populations are under stress. Additionally, in today’s dynamic operating environment, multiple supply chains will prove critical to controlling/managing the creation and distribution of goods/services as was seen for COVID-19 vaccines and treatments. Two DHS University Centers of Excellence, the CINA Center led by George Mason University and the CCICADA Center led by Rutgers University, have been engaged in a project to develop methods and tools to detect past, active, or planned criminal disruption of a supply chain, as well as to react quickly to the ones already launched, with specific emphasis on supply chain vulnerabilities during disasters.
As part of this project, the team studied the supply chain for medical devices. These items range from thermometers, surgical supplies, gloves, syringes, PPE kits, and pulse oximeters to implanted medical devices, cardiac pacemakers, ventilators, and in-vitro diagnostics. Unfortunately, disruptions to medical-device supply chains, including cybersecurity attacks, have increased rapidly, with some sophisticated attacks compromising the availability and operation of life-critical devices. After consulting with subject-matter industry experts and iterating over successively more intricate representations, the team produced a detailed graphic description of a sample medical-device supply chain. The supply chain map is a generic design developed to represent a medical device company and its interaction with upstream suppliers and downstream end-customers.
A review of the open literature identified 70 relevant past and potential medical-device-related supply chain disruptions cases. We placed each of these cases into one of 14 categories in a classification scheme for disruptions developed as part of the project. These disruptions, represented by their categories, are overlayed on the supply chain map.
In addition, based on prior disruptions and general exploit types, we have prepared a list of potential indicators and warnings for supply chain disruptions and manipulations. Indicators and Warnings are provided in two categories: active, which indicates an ongoing or past disruption, and before, which suggests a pending disruption. These indicators and warnings will be further refined and developed during the course of the project.
Here, we detail the description and flows of a Focal-firm Supply-chain Integrated Model (FSIM) map developed from the viewpoint a focal company in the medical-device industry. This map and its construction, as well as the development and population of a database of historical disruptions to medical-device supply chains, has led us to numerous insights into potential disruptions, potential mitigations, and indicators and warnings of past, active, or planned attacks on such supply chains. In turn, these insights have led to policy recommendations of potential use to the government and the private sector. In the rest of this report, we describe the key components of the FSIM map.
The FSIM map shown in Figure 1 was developed for a USA medical device company, to be referred to as the MedTech Company, which serves as the focal company. This company manufactures two types of products – Electronic Equipment (EE), and Delivery Systems (DS). EE units consist of medical devices with electronic components, software, semiconductors, etc. DS units are typically single-use devices that convey the medical product to a patient (e.g., catheters). The term ‘Pool’ represents an aggregation of multiple suppliers or node processes. Such aggregation allows one to concentrate on the focal firm and gloss over the intricacies of other parts of the supply chain, not germane to the focal-firm viewpoint. For example, the Hospital/ Equipment Pool in Figure 1 represents all hospitals serviced by this focal firm. Encapsulating entities, external to the focal company, into pools simplifies the model map considerably while still adequately capturing its function and vulnerabilities to disruptive agents. The grey icons represent internal processes at nodes (facilities) of the focal firm. For example, the grey-colored DS Production & Sterilization node models the production process of DS units within the focal firm’s facilities. Green icons represent trusted external suppliers, while red icons represent untrusted external suppliers. In a similar vein, blue arrows represent physical-flow transport routes of goods between facilities, while red arrows represent transport routes of untrusted flows (possibly including counterfeit items). Black arrows represent zero-delay information flows (e.g., issuing an order). A yellow triangle icon represents safety stocks (e.g., at the EE Packaging & Inspection node), maintained as a make-to-Stock (MTS) inventory; that is, whenever the inventory level hits or down-crosses a threshold, called reorder point, an order is issued to bring the inventory back to a target level). A beige triangle icon represents other inventory storage (e.g., at the DS Product Testing node). A blue triangle icon represents a pool of patients that use EE and DS units at a hospital. Finally, disruptions at various map locations are represented by icons of exploding bombs in those locations, with adjacent disruption-code labels in the range ‘X-1’ to ‘X-14’, where X-n designates a disruption of class n from the classification scheme for medical-device disruptions developed for this project. For example, label ‘X-1’ designates a disruption of a class called ‘Manufacturing Flaws or Adulteration’ and X-14 designates a disruption of a class called ‘Supply Shortages’.
The flows in the FSIM map of Figure 1 are initiated by patient demand for EE and DS units, starting with the Patient Source node on the top right corner of the map. The flows unfold as follows:
- Patients arrive from Patient Source to be serviced at the Hospital/ Equipment Pool and request a full kit per patient, consisting of one unit of EE and one of DS (black arrow from Patient Source to Hospital/ Equipment Pool). The EE unit is reusable across patients, but has a finite lifetime, while a DS unit is disposed of after each patient completes treatment. If a full kit is available, the requested equipment is moved from the inventories at Hospital/Equipment Pool to Seized Equipment, and the incoming patient moves to Serviced Patient Pool to start treatment immediately; otherwise, the patient waits at Waiting Patients Pool for a replacement to become available. While being serviced, the patient is placed in Serviced Patient Pool. When service is complete, the patient exits the system at Patient Sink, returns the EE unit to the hospital and discards the DS unit at EE and DS Sink.
- If an EE unit in use breaks down, the patient moves to Patients Waiting for Replacement Pool until a replacement becomes available, at which point it is moved back to Serviced Patient Pool. The EE unit is moved from Seized Equipment to Maintenance and Repair Pool, and on repair completion, it is moved to Hospital/ Equipment Pool. If the EE unit that broke down is beyond repair, it exits the system at EE and DS Sink.
- The EE and DS are managed as MTS inventories at Hospital/ Equipment Pool by orders to the MedTech Company (black arrows from Hospital/ Equipment Pool to either MedTech Company, or Distributor Pool, or EE Distribution Center, or DS Distribution Center. The last three are MTS inventories and order from MedTech Company.
- To fulfil orders, the MedTech Company sends EE orders to EE CMO Production Pool, DS orders to DS Raw Material Supplier Pool, and packaging material orders to EE Packaging Material Supplier Pool, and DS Packaging Material Supplier Pool.
- The manufacturing of EE units and DS units is carried out in two independent supply chains that operate in parallel. In Figure 1, EE flows start at top-left of the map, and DS flows start at bottom -left of the map. Both supply chains involve raw material and device production followed by testing, packaging, and warehousing, but with some differences.
- The EE supply chain outsources all production to trusted CMOs (EE CMO Production Pool) but testing and packaging are carried out in the focal company. However, the CMO has an untrusted raw-material supplier (EE Raw Material Supplier Pool). Finished EE units are shipped to the internal warehouse EE Distribution Center, which forwards some of its incoming EE units to the external warehouse Distributor Pool.
- The DS supply chain splits production between the focal company (DS Production & Sterilization Pool) and trusted CMOs (DS CMO Production & Sterilization Pool) but testing and packaging are carried out in the focal company. Finished DS units are shipped to the internal warehouse DS Distribution Center, which forwards some of its incoming EE units to the external warehouse Distributor Pool.
In addition, the FSIM methodology also overlays a disruption classification scheme on the FSIM map, on which various disruption categories are encoded. This methodology calls for modeling each putative disruption by:
- Pinpointing the disruption’s onset location
- Estimating the disruption’s impact on system performance as well as the time to detect it
- Assessing the types and quantities of resources and time needed to resolve or mitigate the disruption.
The FSIM methodology allows medical-device supply chain modelers to incorporate multiple overlapping disruptions into an FSIM model, thereby offering opportunities for gleaning insights into complex medical device supply chain behavior.