Defense Acquisitions: DOD Needs to Better Support Program Managers' Implementation of Anti-Tamper Protection
GAO-04-302
Published: Mar 31, 2004. Publicly Released: Mar 31, 2004.
Skip to Highlights
Highlights
The U.S. government has invested hundreds of billions of dollars in developing the most sophisticated weapon systems and technologies in the world. Yet, U.S. weapons and technologies are vulnerable to exploitation, which can weaken U.S. military advantage, shorten the expected combat life of a system, and erode the U.S. industrial base's technological competitiveness. In an effort to protect U.S. technologies from exploitation, the Department of Defense (DOD) established in 1999 a policy directing each military service to implement anti-tamper techniques, which include software and hardware protective devices. This report reviews DOD's implementation of the anti-tamper policy as required by the Senate report accompanying the National Defense Authorization Act for Fiscal Year 2004.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Department of Defense | To better oversee identification of critical technologies for all programs subject to the anti-tamper policy, the Secretary of Defense should direct the Under Secretary for Acquisition, Technology, and Logistics, in coordination with the Executive Agent and the focal points, to (1) collect from program managers information they are to develop on critical technology identification and (2) appoint appropriate technical experts to centrally review the technologies identified for consistency across programs and services. |
Closed – Implemented
In July 2008, DOD issued DOD Instruction 5200.39 which establishes policy for the protection of critical program information. The instruction assigns responsibilities to offices within DOD to establish a database and procedures to record and track critical program information for horizontal protection.
|
| Department of Defense | To better support program managers in the identification of critical technologies, the Secretary of Defense should direct the Under Secretary for Acquisition, Technology, and Logistics, in coordination with the Executive Agent and the focal points, to (1) continue to identify available anti-tamper technical resources, (2) issue updated policy identifying roles and responsibilities of the technical support organizations, and (3) work with training organizations to ensure training includes practical information on how to identify critical technologies. |
Closed – Implemented
In July 2008, DOD issued DOD Instruction 5200.39 which establishes policy for the protection of critical program information. The instruction assigns responsibilities to offices within DOD to require appropriate training for personnel regarding the identification and protection of critical program information.
|
| Department of Defense | To help minimize the impact to program cost and schedule objectives, the Secretary of Defense should direct the Under Secretary for Acquisition, Technology, and Logistics to work with program managers to ensure that the cost and techniques needed to implement anti-tamper protection are identified early in a system's life cycle and to reflect that practice in guidance and decisions. |
Closed – Implemented
In July 2008, DOD issued DOD Instruction 5200.39 which establishes policy for the protection of critical program information. The instruction assigns responsibilities to offices within DOD to establish procedures to identify critical program information early in the technology development and acquisition process and initiate protection of critical program information from the point of identification.
|
| Department of Defense | To maximize the return on investment of DOD's anti-tamper technology efforts, the Secretary of Defense should direct the Executive Agent to monitor the value of developing generic anti-tamper techniques and evaluate the effectiveness of the tools, once deployed, in assisting program managers to identify and apply techniques on individual programs. |
Closed – Not Implemented
DOD has not implemented this recommendation. While the department did fund a study on anti-tamper techniques and general effectiveness, it was a one time snapshot rather than a tool to monitor these items on an ongoing basis.
|
| Department of Defense | To ensure successful implementation of the anti-tamper policy, the Secretary of Defense should direct the Under Secretary for Acquisition, Technology, and Logistics to develop a business case that determines whether the current organizational structure and resources are adequate to implement anti-tamper protection and if not, what other actions are needed to mitigate the risk of compromise of critical technologies. |
Closed – Not Implemented
DOD has not developed a business case as recommended. Instead, the department uses the normal DoD budget development process as a means to monitor the funding of anti-tamper initiatives.
|
Full Report
GAO Contacts
Office of Public Affairs
Topics
Internal controlsStrategic planningWeapons systemsWeapons research and developmentPolicy evaluationPolicies and proceduresCritical technologiesCost and scheduleU.S. Air ForceDefense Acquisition