For much of human history, supply chains were simple. Ingredients were grown locally, materials were abundant nearby, and finished products were consumed or used by families and their neighbors.
No more.
Today, governments and large businesses regularly depend on global, interconnected ecosystems of manufacturers, distributors, and logistics companies to source raw materials, component parts, and finished goods. Businesses depend on the stability and resiliency of these supply chains. So do the military and other government agencies. But supply chain complexities too often shield suppliers from scrutiny, obfuscating supply chain risks.
This is a potentially catastrophic problem. Governments contracting with the wrong suppliers risk giving adversarial nations access to national defense systems, telecommunications systems, and power grids — rendering these systems vulnerable to espionage, sabotage, or shutdown. Businesses may suffer from increased costs, decreased quality, and the inability to get their goods or services to market on time. Both public and private entities risk contracting with providers whose business practices run afoul of proscribed legal and ethical standards.
Supply chain risk arises from several factors:
- Pandemics and other natural disasters can slow operations and lead to a shortage of materials or resources. If a stay-at-home order prevents workers from mining minerals, those minerals cannot be shipped to the organizations that need them. Similarly, hurricanes, tornados, and other natural disasters can demolish manufacturing sites, halting production.
- Political instability — including war, regional trade disputes, strikes, and political uprisings — interrupts the free flow of goods both within affected countries and internationally.
- Cyberattacks target digital inventory tracking, order management, and distribution systems on which modern supply chains depend. These attacks, along with outages and other technological disruptions, also present an opportunity for the theft of intellectual property.
- Supplier finances and policies can disrupt trade. Is a much-needed supplier teetering on the edge of bankruptcy? Is it able to provide its goods in the quantity needed by the purchasing organization? Is it able to meet spikes in demand? Does it comply with prevailing environmental, social, and governance (ESG) standards?
Do you know?
To combat supply chain disruptions, organizations need thorough vendor vetting as part of their approach to supply chain risk management. But first, some definitions.
Learn the basics
What is supply chain risk management?
The U.S. Office of the Assistant Secretary of Defense for Sustainment defines supply chain risk management (SCRM) as “the process of proactively identifying supply chain vulnerabilities, threats, and potential disruptions,” and “implementing mitigation strategies to ensure the security, integrity, and uninterrupted flow of materials, products, and services.”[1]
Supply chain risk management solutions are vital to both governments and businesses. Typically, a complete SCRM solution consists of:
- Identification: Detecting potential threats to the supply chain.
- Assessment and prioritization: Evaluating the likelihood of a risk being realized, then prioritizing risks in order of potential impact.
- Scenario planning: Developing “what if” scenarios to test an organization’s resilience to disruption. This process includes the development of contingency plans.
- Supplier analysis, also known as vendor vetting: Evaluating suppliers’ financial health, regulatory compliance, affiliations, and ability to deliver.
- Continuous monitoring: Deploying systems that provide near real-time alerts of emerging situations that could affect the supply chain.
- Resiliency planning: Developing contingency plans to help governments and businesses quickly respond to supply chain disruptions and ensure continuity of operations.
Supply chain risk management processes are important for resiliency in the face of commonplace disruptions. Somewhere in the world, a hurricane will close a port. Somewhere else, workers will strike for improved pay, affecting a company’s ability to fulfill orders. But SCRM grows even more vital in areas known for contested logistics.
Understanding contested logistics
“Contested logistics” is a term used to refer to the challenge of sustaining governmental/military or commercial operations in environments where the movement of resources is deliberately and actively opposed by an adversarial force.
Consider this. Up to 12% of the world’s trade passes through the Red Sea, much of it through the Suez Canal.[2] Since late 2023, the Houthi, an armed Yemeni political group, have used drones, missiles, and explosive-laden remote-control boats to attack commercial ships in that waterway.[3] As a result, many shipping and container-transport companies have had to reroute their vessels around Africa, adding weeks to delivery times and increasing costs.
Houthi attacks are not isolated incidents. Russian incursions against supply chains keep Ukraine from receiving vitally needed goods. Intelligence communities worry that the infrastructure elements of China’s Belt & Road initiative could serve as staging points for attacks against supply routes.
These risks worry private businesses. Certainly, consumers want certain goods at certain times. If retailers are unable to import electronics, footwear, home goods and automotive parts, their businesses may falter. If they can’t get their supplies of plastic pumpkins until mid-November, Halloween sales suffer. Similarly, large construction companies regularly import rebar and other building components — typically from Turkey and South Korea. Without rebar, building slows.
But contested logistics take on increased urgency when they threaten the products on which national economies and national security depend. These include semiconductors, rare earth minerals, and energy products.
Taiwan is the world’s largest producer of semiconductors. These semiconductors are used by the United States and other countries in a broad array of governmental and military systems: command, control, communications, computing, satellite, aircraft, and naval systems among them. They also power nuclear failsafe circuits. Semiconductors also have near-ubiquitous use in a vast array of consumer and commercial products. These include consumer electronics, automobile engines, data centers, smart grids, and medical devices.
World governments are similarly dependent on the importation of rare earth minerals from China and other countries in the Pacific. Governments use neodymium to create the type of industrial magnets used for everything from wind turbines to guided missiles. They use dysprosium for electric motors, military equipment, and satellites. And they need europium to construct control panels, cathode ray tubes, and other devices.
Finally, many nations’ power supply depends at least partly on the importation of energy products: notably, the crude oil that’s refined into gasoline, diesel fuel, and jet fuel.
Disruptions in the semiconductor, rare earth mineral and energy supply chains could devastate national economies and significantly weaken national security. A strong SCRM program is necessary to spotting potential disruptions and developing contingency plans.
Vendor vetting: A vital SCRM component
As noted above, creation of a holistic SCRM solution is a multi-disciplinary effort, requiring everything from risk identification to the development of supply chain contingency plans.
Vendor vetting, also called vendor threat mitigation, is a vital part of this process. Vendor vetting is the act of investigating potential vendors before entering a business relationship, and periodically thereafter. The best vendor vetting solutions use AI-powered data analysis and a global network of data sources to help users assess risks. These sources include public records filings, business registration records, social media, and adverse media. Analyses provide insight on a vendor’s ability to deliver goods and services in a legal and timely manner.
Many businesses and government agencies already undertake some type of vendor vetting. But they’re caught in a conundrum. Consider the government arena. As noted above, if agencies put the wrong vendor in their supply chains, they risk giving adversarial nations access to national defense systems, telecommunications systems, power grids, and more. However, if agencies take too long to vet companies, they delay essential procurement. This delay can cause operational inefficiencies and weaken mission readiness.
When vetting vendors, businesses and governments need speedy, accurate insight. But they are too often hampered by imprecise legacy systems that leave organizations unable to confidently contract with the businesses they need, when they need them. These systems typically offer only limited visibility into ownership and control. They often rely on self-reported data. They may read only English-language sources of information. Unable to reliably separate insight from a sea of data, they too often return vast amounts of inconsequential information that business or agency personnel spend too much time analyzing.
Governments and businesses need supply chain risk management technology sophisticated enough to spot those individuals and corporations that present a true risk, while eliminating the need for manual review of vast amounts of false “insight.”
Why Babel Street?
Babel Street’s risk intelligence for vendor vetting solution provides comprehensive, real-time insights that enhance business decision making and safeguard national security. We offer governments and commercial organizations proactive risk identification, low-effort entity resolution, and near-seamless access to comprehensive publicly and commercially available information. We help clients automate discovery, improve the speed and quality of vendor analyses, and consolidate risk intelligence. The Babel Street solution can be embedded into the vendor threat mitigation processes currently used in defense, government, and commercial organizations.
Our solution combines the Babel Street Ecosystem with a proprietary risk assessment framework.
Babel Street Insights provides clients with an integrated pipeline of advanced AI-powered analytics, along with unparalleled access to unique data sources. Insights integrates comprehensive threat information with proprietary business data — including corporate intelligence, firmographics, and government restrictions lists. As part of our solution, organizations can combine these capabilities with Babel Street Data’s business risk collections. These collections provide deeper insight into foreign government procurement data, financial data, and business registries — further aiding in the assessment of questionable suppliers and contested industries. Additionally, Babel Street Insights excels in integrating third-party data, enabling our solution to incorporate feeds from your own cyber risk and financial risk providers. Persistent search capabilities alert users when new information arises for a search term.
Babel Street Secure Access is an optional offering. It is a managed attribution environment that provides anonymized global ingress and egress to hard-to-reach data sources.
Discovery of business aliases is critical for vendor vetting. Suppliers — particularly those allied with adversarial nations — too often obscure their ownership to bypass sanctions and gain unauthorized access to government supply chains or restricted markets. Babel Street Match combats these obfuscations by combining Insights’ extensive data-collection capabilities with advanced multilingual name matching. This combination enables the detection of aliases across languages and contexts.
Babel Street Match identifies company name variations and additional identifiers often overlooked in English-centric databases, with an emphasis on Mandarin, Russian, and Farsi names. It then uncovers potential aliases and scores each alias in terms of its likelihood of matching the company being examined.
Babel Street’s proprietary, AI-powered risk framework builds on the Ecosystem to yield a nuanced and multi-dimensional assessment of vendor risk. This model leverages vast data collections to further illuminate supply chain threats in the context of the specific needs and vulnerabilities of the client agency or business. The framework examines risk in a variety of categories. For example, it can alert agencies if an organization searched has ever been involved in cyber espionage, if it operates in a location controlled by an adversarial government, or if it vends to an adversarial government.
By searching and continuously monitoring diverse data sources worldwide, Babel Street’s vendor vetting offering helps governments and businesses to proactively identify vendor risks — a vital component of any SCRM solution.
Endnotes
[1] Office of the Assistant Secretary of Defense for Sustainment, “Supply Chain Risk Management Framework Project Report – Phase I,” Feb 2023, https://www.acq.osd.mil/asds/log/docs/DoD_SCRM_Framework_Report_Phase_I.pdf
[2] García-Vazquez, Gilberto, “Suez Canal: Engineering Marvel And Crisis Chokepoint, Observation of Economic Complexity,” accessed May 2025, https://oec.world/en/blog/suez-canal
[3] project44, “Houthi Attacks Disrupt Global Supply Chains,” September 2024, https://www.project44.com/supply-chain-insights/houthi-attacks-on-container-vessels-prompt-carriers-to-avoid-bab-al-mandeb-strait/
