Defense Industrial Security:

Weaknesses in U.S. Security Arrangements With Foreign-Owned Defense Contractors

NSIAD-96-64: Published: Feb 20, 1996. Publicly Released: Feb 20, 1996.

Additional Materials:

Contact:

Louis J. Rodrigues
(404) 679-1900
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO reviewed security arrangements used to protect sensitive information from foreign-owned U.S. defense contractors that perform on classified Department of Defense (DOD) contracts.

GAO found that: (1) security arrangements are intended to protect foreign-owned U.S. defense contractors from undue foreign control and to prevent foreign owners' access to classified information; (2) there are 54 foreign-owned U.S. defense contractors operating under security arrangements, such as voting trusts, proxy agreements, and special security agreements; (3) although special security agreement companies are not permitted access to the highest levels of classified information due to the risk of foreign control, DOD authorized such access to 12 of 33 special security agreement companies; (4) each foreign-owned U.S. defense contractor must have a visitation agreement with its parent company to protect against foreign owners' unauthorized access to classified information; (5) individuals contacted by the parent company are required to report on the technical discussions that took place under visitation agreements; (6) U.S. citizens are selected for the boards of directors of foreign-owned U.S. defense firms to protect against undue foreign control and unauthorized access to classified information; and (7) most trustees have limited oversight roles and do not actively check on the implementation of security policies or engage in management issues, and some appear to have conflicts of interest.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: Defense Investigative Service has taken some actions to improve trustee involvement. For example, on December 5, 1995, it held a training workshop for all trustees.

    Recommendation: The Secretary of Defense should develop and implement a plan to improve trustee oversight and involvement in foreign-owned companies and to ensure the independence of foreign-owned U.S. defense contractors and their trustees from improper influence from the foreign owners.

    Agency Affected: Department of Defense

  2. Status: Closed - Not Implemented

    Comments: DOD does not agree that all visit requests should be approved by a trustee. It maintains that delegation is warranted in many instances.

    Recommendation: The Secretary of Defense should ensure that the trustees of foreign-owned U.S. defense contractors strictly adhere to the Industrial Security Regulation visitation agreement provision that requires them to approve requests for visits between the U.S. defense contractor and representatives of its foreign owners. This duty should not be delegated to officers or employees of the foreign-owned firm.

    Agency Affected: Department of Defense

  3. Status: Closed - Implemented

    Comments: According to DOD, trustees are now required to review contact reports to ensure that the scope and purpose of the foreign visit was not exceeded. Trustees are encouraged to randomly select a sample of contacts to interview the participants. In addition, e-mail messages are now being maintained by the companies for review by the trustees.

    Recommendation: The Secretary of Defense should ensure that the trustees of foreign-owned U.S. defense contractors ensure that contractor personnel document and report the substance of the discussions they hold with personnel of the foreign parent firm. The trustees should review these reports and ensure that the information provided is sufficient to determine what information passed between parties during the contact. The trustees should also select at least a sample of contacts and interview the participants of the foreign-owned firm to ensure that the post-contact reports accurately reflect what transpired.

    Agency Affected: Department of Defense

  4. Status: Closed - Implemented

    Comments: Defense Investigative Service now requires that the results of each security self inspection be reported in the company's annual report. However, DOD considered it unnecessary for the trustees to supervise a security inspection at each facility annually.

    Recommendation: The Secretary of Defense should ensure that the trustees of foreign-owned U.S. defense contractors annually supervise an information security inspection of each of the cleared facilities to more directly involve trustees in information security monitoring. The results of these inspections should be included in the annual report to the Defense Investigative Service (DIS).

    Agency Affected: Department of Defense

  5. Status: Closed - Implemented

    Comments: For all new trustee, special security and proxy agreements, DOD is incorporating language saying that trustees will review the performance of the facility service officer and that a dismissal of the facility service officer must be approved by the trustees. However, the new language does not give trustees the authority to set the salary of the facility service officer.

    Recommendation: The Secretary of Defense should ensure that the trustees of foreign-owned U.S. defense contractors are empowered and required to review and approve or disapprove the selection of the facility service officer and all decisions regarding the officer's pay and continued employment, in order to insulate the officer from influence by the foreign-owned firm and its owners. The trustees should also supervise the facility service officer to ensure an acceptable level of job performance, since trustees are charged with monitoring information security at the U.S. defense contractor.

    Agency Affected: Department of Defense

  6. Status: Closed - Not Implemented

    Comments: DOD stated that any change in foreign-sourced loan arrangements, financial obligations, or income be reported on the DD Form 441s. DOD felt that inclusion of such information in the annual report would be a redundant disclosure. However, the 441s reporting requirement has always existed, and has often been ignored. That is why GAO recommended that the foreign-owned companies be required to specifically readdress this issue on an annual basis in the context of the annual report.

    Recommendation: The Secretary of Defense should ensure that the annual report to DIS include a statement on any financial support, loans, loan guarantees, or debt relief from or through the foreign owners or the government of the foreign owners that have occurred during the year, in order to monitor the financial independence of the foreign-owned firm.

    Agency Affected: Department of Defense

  7. Status: Closed - Not Implemented

    Comments: DOD did not agree that an annual certification of trustee independence from the foreign owners is necessary.

    Recommendation: The Secretary of Defense should require the trustees of foreign-owned U.S. defense contractors to certify at the time of their selection, and then annually, that they have no prior or current involvement with the foreign-owned firm or its owners other than their trustee position, to help avoid conflicts of interest. This certification should include a statement that they are not holding and will not hold positions within the foreign-owned company other than their trustee position. It should be expressly stated that these independence standards apply equally to voting trustees, proxy holders, and outside directors of firms under special security agreements.

    Agency Affected: Department of Defense

  8. Status: Closed - Not Implemented

    Comments: DOD points out that trustees are required to sign a certificate acknowledging the terms and conditions of the security agreement and agree to be bound by, and accept their responsibilities under the agreement. However, GAO believes the "Acknowledgement of Obligations" portion of the agreements is too broad and general to clearly identify the trustees' responsibilities in carrying out their security role.

    Recommendation: The Secretary of Defense should require selected trustees of foreign-owned U.S. defense contractors to sign agreements acknowledging their responsibilities and specific duties required to carry out those responsibilities. The agreement should provide that DOD can require the resignation of any trustees failing to perform any of their duties. This agreement should ensure that the trustees and the government clearly understand what is expected of the trustees to perform their security roles.

    Agency Affected: Department of Defense

 

Explore the full database of GAO's Open Recommendations »

May 21, 2015

May 20, 2015

May 18, 2015

May 14, 2015

May 7, 2015

May 6, 2015

Looking for more? Browse all our products here