New Visibility Challenges in the Modern Supply Chain and How to Solve Them

Steve Orrin
Steve Orrin

The answers to supply chain visibility questions used to be fairly straightforward about where a product was made and who built it. Today, modern logistics teams must cover those bases and further determine which suppliers sit several tiers upstream and how disruptions in one part of an increasingly complex and digital product ecosystem could affect operations elsewhere. This is especially true in the public sector, where agencies often rely on multiple external vendors. 

Why Visibility is Getting Harder to Achieve

Sourcing logistics have always depended on a web of materials, components, suppliers, transportation routes, and production processes. But a global, technology-centric supply chain ecosystem introduces new complexities. A manufacturer may have a clear view of its direct suppliers while knowing far less about the companies that are supplying them, the technology elements, or the routes, regions, and resources on which those upstream partners depend.

Semiconductors illustrate just how difficult this has become. A chip may be designed in one country, fabricated in another, packaged and tested elsewhere, and then incorporated into a larger system by another supplier entirely. That system may also include firmware, software, sensors, controllers, memory, and specialised accelerators, each with its own supply chain. 

Furthermore, software brings new uncertainties in the age of AI code generation. To save time and money, suppliers may rely on vibe coding and related practices that can produce code that may be functional but has not undergone the rigorous security testing, validation, and engineering controls needed to ensure it is safe for production. These combined factors add complexity and risk.

Logistics Comparison: Traditional Bikes vs. e-Bikes

Consider the supply chain for a traditional bicycle. A manufacturer needs visibility into the frame, tyres, chain, brakes, and other components. It must understand who supplies them, whether materials meet performance requirements, and whether the right parts will be available in time to satisfy demand.

This can already be complex. Rubber, metals, fabricated parts, and finished components may come from different suppliers and regions. But the basic requirements are relatively stable. If a drive chain or gear shift meets the appropriate strength standard when acquired, its risk profile is unlikely to change dramatically over the next six months.

Now consider an e-bike. The manufacturer still needs everything required for the traditional bicycle, but the product also introduces semiconductors, electronic controls, firmware, software, batteries, and potentially cloud-connected services. The company is no longer simply building a bicycle. It is combining a physical product with a computer and a connected digital system.

All that changes the risk equation. The frame and chain remain important, but software considered safe at the time of sale could be affected by a vulnerability discovered months later. Firmware may require an update. A semiconductor dependency may introduce a new sourcing constraint. In these ways, an eBike continues to evolve after it leaves the factory in a way a traditional bike will not.

Enhance Visibility Through Better Use of Documentation

The good news is that existing supply chain documentation often contains much of the information organisations need to improve visibility into modern connected ecosystems, provided they can better integrate the various bills of materials that have historically resided in separate systems and organisational silos. The goal is to turn documentation from a record of what was purchased into a source of operational intelligence. 

Traditional bills of materials provide the information needed about the physical components used to build a product. Software bills of materials, or SBOMs, identify software components and dependencies. Firmware bills of materials, or FBOMs, provide similar insight into embedded code, while hardware bills of materials, or HBOMs, can offer visibility into electronic and semiconductor components. By embedding and cross-referencing these documents in actual production workflows, teams can extract relevant information, connect it to procurement and logistics processes, and use it to inform ongoing risk decisions.

Returning to our e-bike example, the manufacturer may need a conventional bill of materials to track frames, chains, tyres, and brakes. The electronic systems add hardware and semiconductor dependencies, so firmware and software documentation can reveal the code operating those systems. Each artefact answers different questions, but together they provide a more complete picture of the product.

Pro Tips for Leveraging Documentation in Modern Supply Chains

Greater visibility comes from turning documentation into a living source of supply chain intelligence that supports decisions as products, suppliers, and risks evolve. Here are four strategies to help you get more insight and value from your documentation:  

  • Extract Relevant Data and Embed It Into Processes – Most organisations already use enterprise resource planning, asset management, logistics management, and supply chain risk platforms. Documentation should feed these systems through relevant extraction of supply chain data and artefacts; these can then be standardised and incorporated into the tools that drive procurement, production, deployment, and resource planning. 
  • Look Beyond the Basic Documentation – Better documentation begins before acquisition. Organisations should determine what information they actually need and make those requirements part of procurement and contractual processes. Depending on the product, that could include trade and regulatory strictures, important upstream dependencies, quality certifications, testing results, or the regions where critical materials are sourced.
  • Keep Documentation Updated as New Threats Emerge – Physical product lines have long had mechanisms to respond to part defects and conduct recalls. Digital systems operate similarly, but at a much faster pace; new software vulnerabilities can emerge continually, changing a product’s risk profile multiple times over long after it was acquired or sold. Organisations, therefore, need technology platforms that can provide autonomous updates of risk reports, compliance updates, and other new vulnerability information into documentation already active in their systems.
  • Demand Specificity From Third Parties – A supplier that cannot identify basic first- and second-tier dependencies, component origins, testing standards, or details about the software included in a product creates an obvious visibility problem. Organisations should insist on enough specificity to identify meaningful dependencies, including the constituent components within software and hardware and, increasingly, the sources and logic behind AI-generated code.

Taken together, these practices turn documentation from a static record into an active lens for greater supply chain visibility and management. The objective is not to collect more information for its own sake, but to ensure the right data is available, up to date, and connected to the decisions that shape sourcing, operations, and resilience.

As physical products become more digital, connected, and dependent on complex technology ecosystems, traditional supply chain visibility is no longer enough. Organisations need to connect and operationalise the information already available across their documentation, embed it into workflows to keep it current, and demand greater specificity from suppliers to identify hidden dependencies and make better decisions about sourcing, risk, and resilience.

Author Bio

Steve Orrin is Intel Government Technologies’ CTO and a Senior Principal Engineer at Intel Corporation. He has held technology leadership positions at Intel, where he led cybersecurity programs, custom hardware and software architecture, solutions, products, and strategy. Steve is a cybersecurity expert and sought-after advisor to public- and private-sector leaders on enterprise security, risk mitigation, and the security of complex systems. He is also a leading authority on Public Sector/Federal mission and enterprise systems and solutions, regularly engaging with senior technical and mission leadership within the United States government. He is the Intel representative on security standards and guidance and has contributed to several NIST standards and guidance publications. Steve is the supply chain threat and risk management advisor to DOD and Intelligence Community senior leadership and was selected by the US government to serve as a Special Government Employee on the congressionally mandated task force to assess Microelectronics Quantifiable Assurance (MQA)/Microelectronics Security.

The header image was created by AI based on the content of this blog post

Pin It on Pinterest

Share This