An omniscient portrait of the more than 200,000 DoD suppliers to spot suspicious foreign companies is not on the books, as lower tier suppliers remain hidden–a cloaking helped by the lack of a requirement.
“DoD has not contractually obligated prime contractors to provide country-of-origin data that would help it obtain greater visibility into suppliers at the lower tiers of the supply chain,” according to a new Government Accountability Office (GAO) report, Defense Industrial Base: Actions Needed to Address Risks Posed by Dependence on Foreign Suppliers, GAO-25-107283. “Efforts to collect information on sub-tier suppliers without this type of requirement have not been successful.”
That picture may not get clearer anytime soon, as DoD last Wednesday canceled without explanation the Advancing AI [Artificial Intelligence] Multiple Award Contract (AAMAC) solicitation–a re-compete of DoD’s Advancing Analytics (Advana)-related contracts won by Booz Allen Hamilton [BAH] in 2020 and 2021. Last year, DoD expected to award 50 to 70 contracts worth up to $15 billion over 10 years for AAMAC (Defense Daily, Oct. 7, 2024).
In January, a Defense Business Board “supply chain illumination” study–ordered by former Deputy Secretary of Defense Kathleen Hicks last August–counseled DoD to leverage private tech innovation and to mandate contract clauses that “reflect modern data-sharing practices, secure protocols, and incentives to improve supplier collaboration and resilience.” Yet, new contract clauses mandating transparent supplier lists may not be a cure all in finding iffy foreign suppliers, as suppliers may have concerns about disclosing proprietary information and may fear an upswing in production stoppages.
The New York City-based Altana, a company that uses AI to analyze supply chain data, said that the GAO study was accurate in its appraisal of the lack of DoD insight into its lower-tier suppliers.
Last year, “584,415 U.S. defense prime product value chains had non-U.S. or Canadian inputs present upstream,” according to an Altana analysis. “This number made up 81 percent of the U.S. DIB [defense industrial base] value chains analyzed, demonstrating vast reliance on foreign manufacturing and components.”
Scott Friedman, Altana’s vice president of government affairs, wrote in a July 25 email response to questions that DoD’s reliance on foreign suppliers “leaves the Pentagon at risk of supply chain choke points and critical minerals shortages and creates myriad security risks.”
“We’ve also shown that prime defense contractors are importing products with Chinese and Russian components hidden upstream, including components from Chinese military entities flagged under NDAA Section 1260H,” according to Friedman.
That section of the fiscal 2021 National Defense Authorization Act mandates DoD update yearly a listing of Chinese military-tied companies operating in the U.S. The Pentagon listed 134 such firms in January. Starting next June 30, DoD may not award direct contracts to those companies, and, a year later, U.S. defense contractors’ supply chains must be free of any contact with those companies, or the U.S. companies will lose DoD contracts.
Altana said that its analysis “indicates that in advance of 2027, defense contractors will struggle to comply with NDAA Section 1260H rules barring Chinese military suppliers in their upstream supply chains.”
“At a high level, nearly four in 10 U.S. DIB imports have exposure to suppliers in China or Russia at Tier 3 or beyond,” according to Altana. “Much of this upstream exposure is driven by China’s stranglehold on critical minerals and permanent magnets, which are vital for the production of a range of military applications.”
In his email, Friedman wrote that the Pentagon “lacks full visibility into upstream suppliers due to the immense complexity of modern defense supply chains.”
“These networks are multi-layered and global, meaning direct relationships typically only extend to Tier-1 suppliers,” according to Friedman. “Years of just-in-time manufacturing have led to specialized components being produced by a fragmented, opaque constellation of upstream defense suppliers, some of whom are linked to adversarial military entities. Visibility and traceability into defense value chains is only possible with artificial intelligence, which can link together data on the world’s supply chain and create a shared source of truth on which the Pentagon and the defense industrial base can collaborate with visibility and traceability.”
Toyota spearheaded just-in-time manufacturing–“lean manufacturing”–in Japan after World War II to maximize production in the face of austerity.
For its new report, GAO delved into foreign supplier risks for the F-35 fighter, 155 mm ammunition for the U.S. Army, and lithium batteries used in military radios, ground combat vehicles, and drones, such as the Boeing [BA] MQ-25 Stingray refueling UAV for the U.S. Navy.
In 2020, DoD began a Supply Chain Risk Evaluation Environment (SCREEn) effort for the Lockheed Martin [LMT] F-35. Tyson’s Corner, Va.-based LMI developed SCREEn, which has used an Advana software stack. LMI was formerly the Logistics Management Institute, established in 1961 by President John F. Kennedy at the urging of Defense Secretary Robert McNamara to improve Pentagon logistics oversight.
In the future, the Pentagon plans to use SCREEn for supply chain analysis of the Bell [TXT]/Boeing MV-22C Osprey tiltrotor for the U.S. Marine Corps, the RTX [RTX] MIM-104 Patriot air defense system for the U.S. Army, the Lockheed Martin C-5C/M Super Galaxy airlifter for the U.S. Air Force, and the Navy Standard Missile 6 by RTX.
“In 2020, DoD initiated SCREEn to gain greater visibility into the F-35 microelectronics and propulsion supply chains, and to identify risks of intellectual property theft and foreign ownership, control, and influence,” GAO said.
“DoD has since expanded its goal to gain visibility into the suppliers for approximately 40,000 parts on the F-35,” GAO said. “DoD is also expanding the SCREEn effort to include additional weapon system programs. DoD has been using a combination of government and commercial sources of data over the past 5 years to try to identify the F-35 suppliers. SCREEn officials have also enlisted the help of the F-35 Joint Program Office for additional data. Through these efforts, DoD officials said that, as of April 2025, SCREEn has data on the country of origin for first- and second-tier suppliers for 30,000 of the 40,000 F-35 parts. However, the officials estimated that they have collected country-of- origin information on less than 10 percent of all suppliers that provide components and raw materials for those parts.”
“According to SCREEn officials, the F-35 Joint Program Office is pursuing ongoing efforts with
industry to acquire additional parts and supplier data, but stated that there are challenges acquiring sub-tier data due to the lack of contractual requirements,” GAO said.
The Pentagon temporarily paused deliveries of the F-35 in 2022 after the Defense Contract Management Agency told the F-35 program on Aug. 19th of that year about a Chinese-made cobalt and samarium alloy in the aircraft’s turbomachine pumps by Honeywell [HON] (Defense Daily, Sept. 7, 2022).
According to an industry timeline, an F-35 third-tier lube pump supplier for the turbomachine told Honeywell that an F-35 fifth-tier supplier had been using Chinese-made alloy in their magnets. Honeywell then informed Lockheed Martin that the alloy used in the turbomachine magnet came from China.
In 2023 and 2024, “DoD issued two national security waivers to accept the F-35s with the magnets for national security purposes and determined that the magnets posed no safety risk,” GAO said. “Without these self-disclosures from Lockheed Martin, DoD may not have known that the magnets were made in China.”
The report said that the Pentagon then used SCREEn to identify alternative magnet suppliers.
In the new study, GAO also disclosed that the Pentagon had discovered Chinese-made robotic arms on Lockheed Martin’s F-35 assembly line in Fort Worth, Texas during a site visit–production devices made by a German-born company bought by a Chinese firm.
“This discovery triggered a DoD investigation and other mitigation actions,” GAO said. “For example, F-35 Joint Program Office officials said that DoD used SCREEn and a commercial supply chain company to analyze risks posed to the F-35. DoD concluded that there were no safety or quality impacts to the F-35. F-35 Joint Program Office officials said that during its investigation into the robotic arms, DoD also identified some cybersecurity concerns. It mitigated these concerns by instructing Lockheed Martin to implement measures to ensure the vulnerability could not be exploited. To address the potential vulnerability, Lockheed Martin representatives said the robots were disconnected from the internet.”
In 2015, the German magazine Der Spiegel released documents provided by Edward Snowden, a former National Security Agency contractor at Booz Allen, that suggested China had been able to obtain plans on the F-35 from hacking a program subcontractor in 2007–efforts that helped China build its J-31 fighter. Since then, the Pentagon has instituted a Cybersecurity Maturity Model Certification (CMMC) program to help prevent such breaches. The final CMMC rule went into effect at the end of last year and is expected to appear in DoD contracts by the end of this year.
