Ensuring the Effective Protection of Technologies Critical to U.S. National Security
Technological superiority is critical to U.S. military strategy. As such, the Department of Defense (DOD) spends billions of dollars each year to develop and acquire sophisticated technologies to provide an advantage for the warfighter during combat or other missions. Many of these technologies are also sold or transferred to promote U.S. economic, foreign policy, and national security interests. These technologies can also be acquired through foreign investment in the U.S. companies that develop or manufacture them. In addition, they are targets for unauthorized transfer, such as theft, espionage, reverse engineering, and illegal export.
To identify and protect technologies critical to U.S. interests, the U.S. government has a number of programs. These include export controls—those developed to regulate exports and ensure that items and information are transferred to foreign parties in a manner consistent with U.S. interests—as well as a number of non-export control programs, including the Foreign Military Sales program, anti-tamper policies, and reviews of transactions that could result in control of a U.S. business by a foreign person. These programs are administered by multiple federal agencies with various interests, including DOD and the Departments of Commerce, Homeland Security, Justice, State, and the Treasury. We designated this area as high risk in 2007 because these programs, established decades ago, were ill-equipped to address the evolving 21st century challenge of balancing national security concerns and economic interests. While these agencies are making progress in addressing challenges identified by our work, we believe that additional leadership coordination of existing programs, among other things, is needed to identify strategic reforms that will help to ensure the advancement of U.S. interests.
Agencies responsible for critical technologies programs have made notable progress. Specifically, leadership commitment to addressing challenges has been evident in several areas of the critical technologies portfolio. For example, in August 2009, the president directed a broad-based interagency review of the U.S. export control efforts. However, greater collaboration among the critical technologies programs could ensure that a consistent approach is taken by the lead and stakeholder agencies in meeting program goals. The capacity for addressing challenges and implementing reforms has improved at some programs. For example, according to a senior DOD official, the National Industrial Security Program—a DOD program established to ensure that federal contractors cleared for classified information, including information associated with critical technologies, are taking steps to safeguard that information—reports it has increased its staffing to reduce the backlog of reviews of new companies handling classified information. In contrast, according to Commerce officials, Commerce is experiencing delays in its capacity to migrate to a single information technology system for export licensing due to requirements concerning crossover from classified to unclassified domains and the interface between Commerce’s licensing and enforcement databases.
Action plans to guide improvements are in place at some programs. Specifically for the export control-related programs, in April 2010, the president proposed a plan for implementing export control reform through a phased approach, with the goals of creating a single control list, single licensing agency, unified information technology system, and primary enforcement coordination center. Outside the area of export control reform, however, DOD has not taken steps to formally replace the Militarily Critical Technologies List—a technical reference for which DOD is primarily responsible to help identify critical technologies and assess the risks associated with their protection—or developed a formal plan specifying the best approach to meeting user needs. Monitoring of efforts to meet key challenges also has improved at some programs. For example, the DOD and State offices responsible for the Foreign Military Sales program have implemented some, but not all, of our past recommendations on performance measures, tracking, and monitoring program outcomes. Programs across the critical technologies portfolio have demonstrated progress through increased collaboration. For example, staff at Commerce, DOD, and State have worked closely together in implementing export control reform. This increased collaboration is a concrete step toward a better coordinated, more effective portfolio of programs for protecting critical technologies. In summary, our body of work in this area has identified significant progress in the programs designed to protect technologies critical to U.S. national security interests, but challenges remain.
Since we first designated the effective protection of critical technologies as a high-risk area, the administration has implemented broad export control reform efforts, and federal agencies have taken individual steps to improve their non-export control programs. Consequently, we have since grouped the programs into export control programs and non-export control programs to improve clarity and assist in measuring progress.
Critical Technologies—Export Controls
Our past work highlighted the need for export control reform. Some of the issues identified through these reports include poor interagency coordination, inefficiencies in the license application process, and a lack of systematic assessments. Leadership commitment and development of an action plan have been met through the administration’s export control reform efforts that began in 2010—consisting of a three-phase framework of agency actions to implement reforms to export control lists, licensing, enforcement, and information technology—which have the potential to improve the efficiency and effectiveness of the export control process. For example, the licensing agencies have reviewed 15 of the 21 U.S. Munitions List categories to determine whether they should remain under State control or move to Commerce control. The goal is to move certain less sensitive items from State’s jurisdiction to Commerce's, while leaving high-risk and high-priority items on State’s list. In addition, 15 federal agencies have come together through the establishment of the Export Enforcement Coordination Center, which, according to statistics the Center Director provided to us, has resulted in a heightened awareness through exchange of investigation-related information. While these are positive steps, we also have identified areas in which further action is needed:
- The Export Enforcement Coordination Center has made good progress in addressing our prior findings that export enforcement agencies had poor interagency coordination by setting forth an action plan and instituting the capacity for 'deconfliction'—a procedure for coordinating enforcement efforts at multiple agencies—and dispute resolution among export control agencies represented at this Center. In particular, the deconfliction process provides a forum for export control enforcement agencies to share information on and monitor potential enforcement actions with the goal of limiting duplicative or counterproductive activities. However, several additional procedures are in varying stages of completion. For example, we found that no formal process exists for the investigative export control enforcement and intelligence communities to quantify and identify statistical trends and patterns relating to information on illicit transshipments. The Center has not yet finalized the procedures to help facilitate this data-sharing to improve monitoring of illicit transshipment activity.
- We found that export control agencies operate with disparate, sometimes antiquated information technology systems. As part of export control reform, DOD’s USXPORTS system has undergone enhancements to have the capacity to be the single export licensing database. Treasury is expected to enter an agreement with DOD to use this system for approving export licenses to embargoed countries. Also, DOD has signed separate agreements with State and Commerce to adopt its USXPORTS system to improve communication and coordination in the export licensing process. However, problems in implementing system requirements needed by Commerce have limited its progress toward using USXPORTS as the single information technology system.
- We recommended in 2012 that State and Commerce, in consultation with the Departments of Homeland Security and Justice, and other agencies as appropriate, improve the license determination process. This process confirms whether an item is subject to export controls and requires a license, and thereby helps officials determine whether an export control violation has occurred. State officials told us that a memorandum of understanding was being drafted to formalize changes that could address this concern, but it has not yet been finalized.
- We recommended in 2012 that DOD and State eliminate gaps and inconsistencies in implementing their respective efforts to monitor the end-use of items exported to foreign entities.
Critical Technologies—Non-Export Controls
For the non-export control segment, DOD has made progress in developing action plans and in leadership commitment for some of the critical technology programs. In previous reports, we have concluded that this portfolio of programs is fragmented and poorly coordinated. Since then, DOD has initiated a plan and instituted the capacity for oversight and collaboration on those programs related to security cooperation and disclosure. For example, since 2008, for security cooperation programs, such as Foreign Military Sales, a group of senior DOD officials reviewed proposed transactions—such as security cooperation agreements and sales or transfers of military equipment to other countries—that raise major concerns about risks to critical technologies. This group, the Arms Transfer and Technology Release Senior Steering Group (ATTR SSG), reviews transactions under the Foreign Military Sales program and considers the national disclosure policy and anti-tamper policy when it conducts these reviews. Representatives of other agencies, including two State offices, participate in ATTR SSG as observers. DOD has also taken action to implement procedures to improve the availability of information on security assistance agreements for Foreign Military Sales. However, additional actions are needed in these and in other areas:
- DOD has not yet implemented our recommendations regarding performance measures to improve monitoring for Foreign Military Sales and other security cooperation programs in which military equipment is provided directly to foreign governments.
- DOD officials told us that their freight tracking system does not provide a complete, real-time picture of the current locations of military items in transit to foreign governments.
- DOD’s Militarily Critical Technologies List, originally developed in response to the Export Administration Act of 1979 in order to inform export decisions, is no longer being updated or used by DOD officials who provide input on the criticality of technologies as part of export license determinations, and reviews of foreign acquisition of U.S. companies. According to several program officials with responsibility for protection of critical technologies, they do not use the list and are determining whether to seek relief from the requirement to maintain the list. In the meantime, the officials are relying on subject matter experts or other lists, such as the revised U.S. Munitions List, which they describe as more current and better suited to their need for a clear and comprehensive list of technologies to be protected.
We have made a number of recommendations to agencies aimed at improving coordination among the programs that are intended to protect technologies critical to U.S. national security. We believe that implementing these recommendations could result in significant improvements. However, our body of work shows that challenges remain. To address these challenges, we have previously reported that the executive branch and Congress should consider reevaluating the wider portfolio of critical technologies protection programs, including an assessment of prospects for achieving collaboration across separate but related programs designed to protect critical technologies. The commitment by executive branch leadership to reform in the area of export controls and the development of concrete action plans in that area represent important steps forward, but leadership commitment is less evident in the critical technologies programs that fall outside the scope of export control reform. The need for action remains both at the individual program level and the portfolio level.
Individual agencies need to continue to implement our recommendations to address weaknesses in their respective programs. Doing so could increase these programs’ capacity for implementing reforms and their ability to monitor progress. For example, the export control agencies should finalize the memorandum of understanding that will enable them to process license determinations in a more timely manner. Similarly, DOD should take additional actions to enhance its ability to provide security assistance through, for example, its Foreign Military Sales program by establishing performance measures for all phases of the security assistance process.
At the portfolio level, implementation of export control reforms demonstrates leadership commitment, but the agencies involved in export controls must continue to implement reforms to achieve the goals set out by the administration with the goal of protecting U.S. interests. For non-export control reform, DOD’s technology security and foreign disclosure reforms represent an important step forward in coordinating the activities of selected programs. However, other decisions remain to be made, such as whether to maintain the Militarily Critical Technologies List and what level of interagency coordination is needed to ensure protection of critical technologies.
GAO-15-288: Published: Feb 10, 2015. Publicly Released: Feb 10, 2015.
GAO-14-315: Published: Apr 15, 2014. Publicly Released: May 15, 2014.
GAO-14-161: Published: Feb 26, 2014. Publicly Released: Mar 4, 2014.
GAO-13-157: Published: Jan 23, 2013. Publicly Released: Jan 23, 2013.
GAO-13-119R: Published: Nov 16, 2012. Publicly Released: Dec 17, 2012.
GAO-13-84: Published: Nov 16, 2012. Publicly Released: Nov 16, 2012.
GAO-12-536: Published: Jul 30, 2012. Publicly Released: Sep 12, 2012.
GAO-12-613: Published: Apr 23, 2012. Publicly Released: Apr 23, 2012.
GAO-12-246: Published: Mar 27, 2012. Publicly Released: Mar 27, 2012.
GAO-11-135R: Published: Nov 16, 2010. Publicly Released: Dec 16, 2010.