Chapter 6. PROTECTING ADVANCED TECHNOLOGY
With the end of the Cold War and facing new challenges to US economic competitiveness,
policymakers are focusing on the threat from foreign government and nongovernment entities
to US advanced technologies, defense-related industries, proprietary data, intellectual
property rights, and trade secrets. The increased value of US technical information
necessitates balancing national policy objectives and the importance of sharing
information with the need to protect our leading edge technologies.
Highest priority is given to limiting the proliferation of weapons of mass destruction
and advanced conventional weapons. Counterproliferation and nonproliferation policies
range from diplomacy and export control regimes to the development of new weapon systems
and tactics to counter advanced foreign systems on the battlefield. Negotiating and
implementing a new international export-control framework is a complex task, and bringing
consistency and coherence to US export-control policy requires the resolution of sharply
conflicting interests. Both require an overall strategic direction that is beyond the
Commission's mandate. The Commission has focused on a smaller segment of the
counterproliferation policy spectrum, specifically the policies and procedures regarding
foreign ownership or control of industrial firms performing classified contracts, military
exchanges with foreign governments, and national disclosure of classified information to
permit export and coproduction of classified weapon systems.
The risk in each of these situations is that foreign entities will exploit the
relationship in ways that do not serve our overall national goals of preserving our
technological advantages and curtailing proliferation. These goals generally include
keeping certain nations from obtaining the technical capabilities to develop and produce
advanced weapon systems and from acquiring the ability to counter advanced US weapon
systems. In cases where US national interests require the sharing of some of our
capabilities with foreign governments, security safeguards must ensure that foreign
disclosures do not go beyond their authorized scope. Safeguards must also be tailored to
new proliferation threats and applied effectively to the authorization of foreign
investment in classified defense industry and the granting of access by foreign
representatives to our classified facilities and information.
The Commission notes an additional area that is beyond the scope of this report but
merits further attention. This issue is the need to update counterproliferation guidelines
for prepublication review of reports of scientific and technical research funded by the
government. Such matters involve the delicate balance between our paramount national
commitment to an open scientific community and the imperative to control the spread of
weapons of mass destruction by limiting access to unclassified but high-risk data.
Improved protection of classified technology, as proposed by the Commission, is only one
part of the comprehensive counterproliferation program that our nation requires.
Foreign Ownership, Control, and Influence
A basic tenet of our industrial security policy is that business firms engaged in
classified government work should be controlled by persons who can be trusted to safeguard
classified information. DoD policy, for example, requires that any company bidding on
classified contracts must hold a facility security clearance issued by the government. The
DoD also requires that the firm should not be subject to undue control or influence by
foreign investors. When a foreign investor buys or otherwise acquires influence over a US
company, the retention or initial issuance of a facility clearance is dependent upon a
favorable Foreign Ownership, Control, and Influence (FOCI) determination. During the Cold
War, regulatory policies governing FOCI determinations ranged from total risk avoidance to
risk acceptance. For example, FOCI policy prohibited Soviet and other Communist countries
from having a financial interest in, or otherwise influencing, US companies. However, with
respect to non-Communist countries, especially our allies, special procedures were
developed to mitigate FOCI in order to permit foreign investment without compromising
classified information.
Until 1992, there was a growing effort to accommodate the desires of foreign investors
so as to encourage the infusion of capital and the development of joint projects to
exploit technologies and markets to the benefit of both US companies and their foreign
investors. A controversy arose in 1992 when a foreign firm that was majority owned and
controlled by a foreign government sought to acquire a leading US defense company
performing work in support of highly classified programs. Questions were raised about the
sufficiency of traditional FOCI security arrangements (generally legal instruments to
insulate US managers and workers from foreign owners or limit the scope of classified
contracting)21 to protect classified leading edge technology from foreign exploitation.
The case triggered a DoD and Congressional review of FOCI policy and reflected a
growing concern over foreign economic espionage aimed at advanced US technology. As a
result, the DoD drafted a proposed new FOCI policy, but the proposal proved controversial
and was shelved, waiting in part for the recommendations of this Commission. Congress also
enacted legislation in 1992 barring foreign government-controlled companies from acquiring
US companies engaged in classified contracts unless the transaction is approved in
accordance with the Exxon-Florio Amendment (Footnote 22).
The Commission supports foreign investment in the US defense industry base but believes
that FOCI policy should ensure that foreign firms cannot undermine US security and export
controls to gain unauthorized access to critical technology. Essential to a sound policy
is current intelligence, counterintelligence, and law enforcement information on attempts
by foreign governments and commercial interests to obtain such access. This requires a
closer relationship between the industrial security programs and the Intelligence
Community.
The Commission found that policymakers do not always have the information necessary to
make sound and timely FOCI decisions. Comprehensive counterintelligence or intelligence
information as to ultimate ownership, much less control or influence, is not centrally
collected, analyzed, and made available to FOCI decision makers. The absence of a
centralized FOCI decision data base also limits the flow of information and slows FOCI
determinations. Legal review of contract documents enunciating security provisions to
isolate FOCI is performed by the CIA, the DoE, and the DoD. However, within the DoD, FOCI
contract documents are not consistently submitted for review by experts in the DoD's
Office of General Counsel.
The Commission also found that there is no coherent national policy on FOCI. When
foreign investment is sought in US industries that work with the Defense and Intelligence
Communities, FOCI decisions are independently made by the DoD, the DoE, and the CIA. Each
has its own procedures for developing and evaluating available threat information,
devising an acceptable security arrangement, and monitoring compliance. For example, DoD
FOCI determinations are made on a company by company basis whereas the CIA's determination
is on a procurement by procurement basis. Moreover, an agreement such as the DoD's Special
Security Agreement (SSA), is not acceptable to the CIA and the DoE because the SSA allows
the foreign investor to exercise considerable management control over the US company. The
CIA believes this approach does not totally negate FOCI-related security problems. Thus, a
major US firm with multiple contracts sponsored by the DoD, the DoE, and the CIA may be
subject to more than one FOCI arrangement.
The lack of a common FOCI policy contributes to a lack of reciprocity among government
agencies and may also place certain companies at a competitive disadvantage. For example,
the CIA judged one company a significant FOCI risk, but this did not stop the NSA from
letting an unclassified but sensitive contract with that same firm. Although a common FOCI
policy is being considered by the DoD, the DoE, the CIA and industry, there is no
coordinating mechanism to ensure that the policy will be implemented, uniformly applied,
and enforced.
The Commission recognizes that foreign investment can play an important role in
maintaining the vitality of the defense industrial base. The existing FOCI policies and
the political climate since the 1992 controversy have discouraged foreign investment.
However, as a matter of policy, DoD has a number of programs to encourage cooperative
international R&D and procurement with our allies to spread the burden of increasing
costs and decreasing defense budgets. The Commission encourages these efforts and believes
that FOCI policy should not undermine them.
The Commission also believes that "buy American" provisions, which preclude
foreign firms from competing for US government contracts, must be used only when US
national security interests would truly be threatened by foreign participation. "Buy
American" restrictions should never be used for protectionist purposes. Finally, the
Commission notes that international defense trade is increasing and that measures taken by
the United States can invite retaliatory action by other nations that would harm US
economic and security interests.
The Commission believes that the security executive committee should, as a key
priority, develop a policy and a mechanism to balance these competing interests. The
policy should be based on a risk management approach that permits departments and agencies
to tailor the measures that are needed in an individual transaction. Rigid structures that
inhibit foreign investment should be avoided.
The Commission recommends that a coordinated FOCI policy be developed by the
security executive committee.
Foreign Exchange Agreements-The Status Quo
Our foreign economic competitors focus a considerable amount of their collection
efforts on United States leading edge technology and defense-related industry. Information
is obtained both overtly and covertly. Foreign liaison and cooperative exchange programs,
such as the Defense Development Exchange Program (DDEP) and the Personnel Exchange Program
(PEP),23 allow the United States to exchange information concerning military, technical,
or scientific data; weapons; weapon systems; or operational concepts with its allies.
However, the Commission has come to believe that the United States is losing more than it
is gaining through participation in many foreign exchange agreements. These programs,
designed to better marshal the technological capabilities of the United States and its
allies, as well as to reduce costs, have also served as vehicles for covert exploitation
of our most sensitive technologies.
Foreign governments frequently stretch the boundaries of intergovernmental program
relationships with aggressive, persistent, and coordinated efforts to gain access to
nonreleasable technological data that they can use to further economic competition with
the United States. This can be accomplished through international data exchange programs,
which have grown tremendously over the past 30 years as more and more industrial countries
seek advanced US technologies. There are approximately 750 DoD-wide agreements, with over
310 data exchange agreements in one military service alone.
Foreign liaison officers working within key DoD organizations can gain knowledge and
invaluable insight into US leading-edge technology programs under development. Within one
military service, approximately 118 foreign military personnel from 19 countries work
under the Personnel Exchange Program; 43 foreign scientists or engineers from 6 countries
work within its research and development facilities; and 172 foreign liaison officers
officially representing 22 countries are integrated within various other service elements.
Often, foreign governments use this insider knowledge to target and pursue technical
information early in a major acquisition systems life cycle and then work against civilian
targets, such as DoD contractors and university scientists engaged in defense work.
Foreign liaison officers can also exploit their official status to gain "back
door" access to special access program technologies:
On several occasions, when a foreign liaison officer's request for sensitive
technical information was denied by one military command, the same request would surface
through another foreign liaison officer at another command. In one instance, the second
request occurred within one day of the first denial.
Critics of the Defense Development Exchange Program maintain that the program has
become a one- way street for foreign governments to funnel United States advanced
technology overseas, while providing comparatively little of value to the United States in
return. A US Army Intelligence study (Footnote 24) found that valuable classified and
unclassified underlying technologies in many advanced weapon systems not authorized for
release are being lost to foreign governments through the Defense Development Exchange
Program. These losses may eventually compromise our weapon systems and erode our
technological superiority on the battlefield, or at the very least, provide advanced
technology to US economic competitors.
The Commission recommends that the Secretary of Defense review existing data
exchange programs, using updated threat information, to determine whether the programs
should be continued, canceled, or renegotiated to ensure they are in concert with current
US national security and economic goals.
Threat Analysis-Vital to Protecting Advanced Technology
The Commission recognizes the gravity of having leading-edge technology and weapons in
the hands of foreign adversaries. However, the foreign exchange approval authorities of
the military services generally make their determinations within the acquisition or
international programs community and without participation by security, intelligence and
counterintelligence elements. Moreover, these authorities often do not ascertain the
impact of proposed technology releases on the security of related future weapons or weapon
support systems. Intelligence and counterintelligence support elements can assist in
devising the most effective course of action to deny foreign collection efforts. Threat
information is available through the DCI's Nonproliferation Center, the DIA's National
Military Intelligence Production Center, and the CIA's Directorate of Intelligence. The
Commission's proposed interagency counterintelligence "one-stop shopping" effort
will also provide a focal point for obtaining threat information needed for national level
security policies.
For most organizations below headquarters level, however, the need is for information
on the local threat to technologies under development or to critical facilities, rather
than information pertaining to the broad national threat. Field organizations maintain
that, to be of value, threat assessments must specify the foreign entity involved,
identify what programs or systems it is targeting, and identify the specific areas of the
country in which adversaries are operating. As a first step in meeting the local need, the
DoD should modernize its counterintelligence collection and reporting system to speed the
flow and improve the quality of both raw and finished counterintelligence products into a
pull-down data base network. Counterintelligence elements should then work in daily
partnership with field elements to explain the issues associated with protecting
particular systems, provide practical local solutions, and serve as a valuable feedback
mechanism in the total security process.
The Commission believes the military services' counterintelligence elements must work
closely with the FBI with these concerns in mind, so as to ensure a seamless, integrated
capability and a consolidated FBI, DoD, and defense industry network against economic
espionage.
The Commission recommends that the Secretary of Defense direct that comprehensive,
coordinated threat analysis, intelligence, and counterintelligence support be provided to
facilitate risk management for DoD critical technologies, systems, information, and
facilities.
The National Disclosure Policy
The National Disclosure Policy (NDP),25 established under a Presidential directive,
provides the framework for approval or denial of disclosure of classified military
information to foreign governments and international organizations. It also governs the
export of classified military articles and unclassified military articles with embedded
classified components. The Secretaries of the military departments have been delegated
authority to render decisions with respect to disclosure of their information to the
governments of most countries with which the United States has mutual defense
arrangements. In the case of other countries an exception to policy is usually required.
Exceptions to policy may be approved when it is determined that the proposed export or
disclosure will result in benefits to the US Government that outweigh the damage that
might accrue to US foreign policy, national defense, or military operational interests if
the system or its underlying technology should be compromised.
The Commission notes that the National Disclosure Policy Committee (NDPC), chaired by
the DoD, coordinates foreign release policy and government-to-government agreements.
Exceptions to the National Disclosure Policy receive senior-level review within the DoD as
coordinated by the NDPC. However, most routine release decisions are made by field
elements under authority delegated by the Secretaries of the military departments. This
decentralized execution leads to different interpretations as to what is releasable within
the broad outlines of the NDP and consequently, different actual release decisions.
Moreover, the Commission found that specific senior-level review decisions have not always
been communicated to the midlevel acquisition or international program officials within
the military services, who over the years have made the day-to-day disclosure decisions
under specific data exchange agreements. A lack of understanding of the foreign disclosure
process by less-senior individuals, combined with the absence of current threat
assessments and an automated DoD data exchange process, prevents effective and consistent
execution by elements involved throughout the DoD and the military services.
The Commission recommends that the Secretary of Defense:
a) Centralize responsibility for coordinating and overseeing all foreign exchange
programs and issues at a senior level.
b) Improve and modernize the National Disclosure Policy process to ensure that
senior-level disclosure decisions are readily available through a centralized, dynamic,
interactive computer-driven mechanism.
Recording Foreign Disclosure Decisions
The Commission commends the DoD for creating the Foreign Disclosure and Technical
Information System (FORDTIS) data base to house decisions of foreign release
determinations and exceptions to foreign disclosure policy, technology transfers, and
official foreign visits. The Commission supports the DoD's ongoing expansion of FORDTIS to
military warfighting elements, such as US combatant commanders, to aid in determining
specific classified and unclassified technologies or weapon systems that are releasable to
foreign coalition partners. However, the Commission believes that the critical foreign
exchange information contained in the FORDTIS data base should be updated and made
available to more DoD consumers to aid them in analyzing, programming, and planning
activities. Counterintelligence elements, in particular, should use the FORDTIS data base
in determining the current status of releases of US technologies and systems.
The Commission recommends that the Secretary of Defense:
a) Expand access to the Foreign Disclosure and Technical Information System (FORDTIS)
data base to command and other DoD consumers to support defense planning, programming,
resourcing, analysis, and information-sharing activities.
b) Ensure counterintelligence elements cross-check critical systems or technologies
against the Foreign Disclosure and Technical Information System (FORDTIS) data base to
determine:
- the extent to which baseline technologies on each system have been released to foreign
nations, and;
- the vulnerabilities posed to current or future weapons or weapons support systems if
exchanges continue under the applicable Defense Development Exchange Program agreements.
To proceed to Chapter Seven click here.
|