Keynote speaker Frances Townsend, former Assistant to the President for Homeland Security and Counterterrorism, saw plenty of operational and economic disruptions in her years in government. While the government's response wasn't always effective, there is much the private sector could learn from the way the U.S. government and the military manage risk, said Townsend.

During the opening address for the conference, Townsend suggested that as supply chain managers conduct a risk analysis, they should ask themselves: What do we really need? And what do we need to know? Answering those questions will identify those vulnerabilities that they should focus on. More difficult to handle are situations they can't affect. "[In such cases,] you can at least position yourself to reduce your vulnerability," she said.

Townsend, now a private sector consultant, strongly recommended adopting an integrated approach to risk management that stretches across an enterprise and also includes external partners. Any plan should follow three main steps that are typical of the U.S. military's response to crisis planning, she said. First, prioritize risk based on the potential consequences and understand what you don't know: "What are the critical unknowns that would affect the way I do business?" Second, try "red teaming," bringing in outside observers who can test your assumptions and see the gaps in your processes; and third, test your plan, as the military does with its exercises. Testing alone is not enough, though. It's critical to fix whatever problems you find and then test again to make sure that those repairs actually solved the problem.