Rivalry with China and Russia, as well as external events such as the COVID-19 pandemic, pose serious risks to the integrity and availability of the U.S. Defense Department’s critical supplies. The department is seized with concern about supply chain risk management, or SCRM — as it should be — but its approach is subscale, fragmented, resource-inefficient and too narrowly focused. This must change, and Congress must help.

Despite the fact that SCRM is a hot topic that has received priority attention from presidential administrations, the department lacks a comprehensive SCRM strategy. Unfortunately, beyond a few high-profile supplies — semiconductors, critical minerals and pharmaceuticals — the department has not delved deeply and systematically into its supply chain risks.

The Defense Department’s enthusiasm for SCRM has manifested itself through a series of SCRM special-purpose teams, working groups and ad hoc organizations spread across myriad acquisition, program and counterintelligence offices. This disjointed approach has led to numerous pilot projects, yet most of these efforts are stuck in the “valley of death,” never scaling to achieve network effects.

The department’s disorganization on SCRM stems from the fact that it is a siloed effort. The various acquisition and counterintelligence offices across the Defense Department should pool their resources and share insights and data. They should also work from a common operating picture with a common set of applications and tools, establishing standard workflows and best practices, and prioritizing and collaborating on risk-mitigation efforts. This would give offices across the Defense Department a better picture of the problem and the insights needed to help fix these issues, all with less effort and cost. Yet competing interests, bureaucratic obstacles and a lack of ownership for the overall problem prevent the formation of such an organization.

The implication is that the Defense Department struggles to get beyond the all-consuming efforts of surveillance and investigation, resulting in little to no remediation or mitigation. This helps explain why, despite the attention SCRM is getting, over the past decade the Defense Department’s supply chain exposure to Chinese suppliers has quadrupled.

Congress must step in to get the department on track. Fortunately, the recently released “Report of the Defense Critical Supply Chain Task Force,” expertly led by bipartisan Reps. Elissa Slotkin, D-Mich., and Mike Gallagher, R-Wis., provides a compelling road map for what Congress should do. The task force’s principal recommendation is a statutory requirement for a “Department-wide risk assessment strategy and system for continuous monitoring, assessing and mitigating risk in the defense supply chain.” This would fill two critical gaps that would propel the department forward in securing its supply chains, and it is an important first step.

To fully follow through on the task force’s recommendations, Congress should take three actions. First, Congress should assign responsibility for the department’s SCRM strategy to the undersecretary of defense for acquisition and sustainment, who will be responsible for ensuring SCRM strategy is mutually reinforcing with the department’s policies for acquisition and sustainment. Until this happens, there will remain a vacuum of accountability and, as a result, little or slow progress.

Second, Congress should centralize funding for SCRM efforts through a dedicated appropriation line. This would enable the department to develop an enterprisewide “system for continuous monitoring, assessing and mitigating risk in the defense supply chain,” as recommended by the House Armed Services Committee’s task force. This does not mean that the department needs to spend more overall on SCRM than it currently does, but rather that the department could get more out of its SCRM spending by consolidating its investments and scaling a pilot project to an enterprisewide solution.

Third, Congress should ensure that an enterprisewide SCRM system is deployed across the acquisition life cycle, from requirement development to production and sustainment. This would enable the department to determine which vendors are most critical to its system development (and warrant rigorous vetting) as well as identify the department’s overall exposure across all its programs and capabilities to a company of concern.

Moreover, recognizing that an ounce of prevention can be worth a pound of cure, the department can avoid hard problems — like how to reshore risky, single-source, offshore suppliers — by vetting supply chains and finding alternative suppliers before programs go into full-scale production. Today, this proactive management is nearly nonexistent. Yet, this is increasingly important as the department seeks to attract a wider swath of companies at the forefront of emerging technologies — a laudable goal, but one that also expands its exposure to potential supply chain risks.

The Defense Department can only craft a thoughtful SCRM strategy once it has a champion for SCRM empowered with an enterprisewide SCRM system that functions across the acquisition life cycle. Congress should move swiftly to create these necessary preconditions in the fiscal 2022 cycle.

Tara Murphy Dougherty is the CEO of Govini, where Jim Mitre serves as chief strategy officer.