Inspector general finds holes in defense technology protection

"Export-controlled Technology at Contractor, University and Federally Funded Research and Development Center Facilities"

The Defense Department's control over technology that is developed at federally funded research and development centers and universities lacks the necessary oversight to ensure it does not wind up in the hands of American enemies, according to a Defense inspector general's report released last week.

Under several laws and regulations, the control of software and other technologies that are funded by DOD are tightly regulated. The 2000 Defense Authorization Act requires that the inspectors general of the Commerce, Defense, Energy and State departments, in consultation with the CIA and FBI directors, conduct annual reviews of the transfer of military technologies to "countries and entities of concern."

The report states that DOD's controls aren't adequate to ensure their safety in the relatively uncontrolled environments of research centers and universities.

"DOD does not have adequate processes to identify unclassified export-controlled technology and to prevent unauthorized disclosure to foreign nationals," the report reads.

Of the 11 contractors, six universities and three federally funded research and development centers visited:

* Fifteen relied on the contract to identify whether the technology was export-controlled.

* Three of the 11 contractors and one of the three federally funded research and development centers were unaware of federal export laws and regulations related to export-controlled technology.

"As a result, at least two contractors and one university granted foreign nationals access to unclassified export-controlled technology without proper authorization," the report states.

It states that unauthorized access to unclassified export-controlled technology could allow foreign countries to counter or reproduce this technology, rendering it less effective technologically, specifically in combat.

The report recommends that guidance on such technology be developed and implemented to be commensurate with acquisition and classification guidance. Specifically, guidance should be developed to include responsibilities and requirements for DOD personnel, contractors, universities, and the research and development facilities.

"In addition, because DOD program managers and contracting officers are not required to incorporate specific federal export requirements into the contract, those facilities [that] rely on the contract to identify export-controlled technology may not be aware that export-controlled technology exists," the report reads. "Therefore, the Defense Federal Acquisition Regulation Supplement should be changed to incorporate the requirements of federal export laws and regulations, and to ensure that DOD program managers and contracting officers incorporate the requirements into contractual language."

The undersecretary of Defense for acquisition, technology, and logistics concurred with the recommendation. Specifically, DOD will initiate the process of changing the supplement in accordance with the recommendation. The process will take an estimated 10 months to complete.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.