Ensuring the Effective Protection of Technologies Critical to U.S. National Security
Technological superiority is critical to U.S. military strategy. Thus, the Department of Defense (DOD) spends billions of dollars each year to develop and acquire sophisticated technologies to provide an advantage for the warfighter during combat or other missions. Many of these technologies are also sold or transferred to foreign partners to promote U.S. economic, foreign policy, and national security interests. These technologies can also be acquired through foreign investment in the U.S. companies that develop or manufacture them. In addition, they are targets for unauthorized transfer, such as theft, espionage, reverse engineering, and illegal export.
To identify and protect technologies critical to U.S. interests, the U.S. government has a portfolio of programs. These include export controls—those developed to regulate exports and ensure that items and information are transferred in a manner consistent with U.S. interests—as well as a number of non-export control programs, including the Foreign Military Sales (FMS) program, anti-tamper measures, and the National Industrial Security Program, which oversees government contractors handling classified information, including that associated with critical technologies. These programs and activities are administered by multiple federal agencies with various interests, including DOD and the Departments of Commerce, Homeland Security, Justice, State, and the Treasury. We designated this area as high risk in 2007 because these programs, established decades ago, were ill-equipped to address the evolving challenges of balancing national security concerns and economic interests. While these agencies are making progress in addressing challenges identified by our work, we believe that additional leadership and coordination of programs and activities in the non-export control programs, among other things, is needed to identify strategic reforms that will help to advance U.S. interests.
Since this area was added to the High-Risk List in 2007, our body of work in this area has identified progress in the programs designed to protect technologies critical to U.S. national security interests, but government-wide challenges remain, including the need to adopt a more consistent leadership approach, improve coordination among programs, address weaknesses in individual programs, and implement export control reform.
Hence, we continue to consider each of our high-risk criteria in this area to be partially met:
- Leadership commitment to addressing challenges has been evident in some areas of the critical technologies portfolio, particularly with respect to the Export Control Reform initiative. However, as we reported in our 2015 update, greater collaboration among the critical technologies programs not directly related to export controls—including the FMS program, the anti-tamper program, and the National Industrial Security Program—could ensure that lead and stakeholder agencies take a more consistent approach to meeting program goals.
- The capacity for addressing challenges and implementing reforms has improved for some programs. However, many efforts remain limited to individual programs or activities within the overall program portfolio, and there are areas where broader coordination could be beneficial, such as determining an appropriate technical reference to inform key decisions relating to critical technologies.
- Action plans to guide improvements are in place for some programs; however, additional steps have yet to be taken to develop and implement action plans that will address ongoing challenges, such as administering the anti-tamper program.
- Monitoring of efforts to meet key challenges also has improved at some programs. DOD and State have implemented some, but not all, of our past recommendations on developing performance measures and monitoring program outcomes.
The need for action remains both at the individual program level and the portfolio level. We have made a number of recommendations to agencies aimed at improving coordination among the programs that are intended to protect technologies critical to U.S. national security. We believe that implementing these recommendations could result in significant improvements. Our body of work shows that challenges remain.
To address existing challenges, we have previously reported that the executive branch and Congress should consider reevaluating the wider portfolio of programs protecting critical technologies, including assessing the prospects for achieving collaboration across separate but related programs designed to protect critical technologies. Executive branch leadership has been committed to reforming the area of export controls, an important step forward. But leadership commitment is less evident in the critical technologies programs that fall outside the scope of export control reform.
Individual agencies need to continue to implement our recommendations to address weaknesses in their respective programs. Doing so could increase these programs’ capacity for implementing reforms. For example, the export control agencies should work to develop standard operating procedures for the Export Enforcement Coordination Center—a primary forum within the federal government to coordinate export enforcement efforts and identify and resolve conflicts—to facilitate data sharing.
Developing a concrete action plan for achieving collaboration across separate but related programs designed to protect critical technologies remains important. Executive branch leadership has developed a thorough action plan for export control reform. But formal and integrated planning is less evident in the critical technologies programs that fall outside the scope of export control reform.
Individual agencies need to continue to implement our recommendations to address weaknesses in their respective programs. Doing so could increase these programs’ ability to monitor progress. For example, DOD should take additional actions to enhance its ability to provide security assistance through, for example, its FMS program by establishing performance measures for all phases of the security assistance process.
Across the critical technologies portfolio, steps have been taken demonstrating progress, but more remains to be done. For example, efforts to develop procedures for coordination between the export enforcement community and the intelligence community remain incomplete. Similarly, we recommended in January 2013 that the Secretary of Defense should determine the best approach to meeting users’ needs for a technical reference, whether it be the U.S. Munitions List or the Industrial Base Technologies List, other alternatives being used, or some combination thereof, and ensure that resources are coordinated and efficiently devoted to sustain the approach chosen. Since our recommendation, DOD officials said the department has moved toward using the U.S. Munitions List. However, DOD has not changed its policy requiring use of the Militarily Critical Technologies List (MCTL) as it has not yet received relief from that statutory requirement.
At the portfolio level, implementing export control reforms demonstrates leadership commitment, but the agencies involved in export controls must continue to implement reforms to achieve the goals set to protect U.S. interests. For non-export control reform, increased collaboration between DOD’s offices responsible for administering the FMS program and approving exports represents an important step forward in coordinating the activities of selected programs. However, leadership still must decide, among other things, how to address protection of critical technologies at a more strategic level. In particular, in February 2015 we recommended that, to ensure a consistent and more collaborative approach to protecting critical technologies, the Secretaries of Commerce, Defense, Homeland Security, State, and the Treasury as well as the Attorney General of the United States—who have lead and stakeholder responsibilities for the programs within the critical technologies portfolio—should take steps to promote and strengthen collaboration mechanisms among their respective programs while they implement and assess ongoing initiatives. These steps need not be onerous; for example, they could include conducting an annual meeting to discuss their programs, including the technologies they are protecting, their programs’ intent, and any new developments or changes planned for their programs, as well as defining consistent critical technologies terminology and sharing important updates.
Congressional Actions Needed
Export control reform is being implemented in three phases. Phases I and II reconcile various definitions, regulations, and policies for export controls. As of August 2015, Phase I was finished. Phase II is nearing completion. This is all building toward Phase III, which will result in implementation of major changes supported by these reconciliations by consolidating export control efforts in four reform areas: creating a single, consolidated control list; designating a single licensing agency; designating a primary export enforcement coordination agency; and establishing a unified information technology system. We reported in February 2015 that significant collaboration by the participating agencies is essential to the Phase III consolidation efforts. In that same report, we noted that in order for full implementation of this third and final phase to occur, congressional action is needed to designate a single licensing agency and a primary export enforcement coordination agency. For example, since there are currently separate statutory bases for State and Commerce to review and issue export licenses, legislation will be required to consolidate the current system into a single licensing agency.
 GAO, Protecting Defense Technologies: DOD Assessment Needed to Determine Requirement for Critical Technologies List, GAO-13-157 (Washington, D.C.: Jan. 23, 2013).
 GAO, Critical Technologies: Agency Initiatives Address Some Weaknesses, but Additional Interagency Collaboration Is Needed, GAO-15-288 (Washington, D.C.: Feb. 10, 2015).
GAO-15-288: Published: Feb 10, 2015. Publicly Released: Feb 10, 2015.
The agencies responsible for eight programs designed to protect critical technologies have implemented several initiatives since 2007, but face some implementation challenges. Agencies have made progress addressing previously identified weaknesses in response to changes in law, GAO recommendations, or agencies' own internal identification of them. For instance, the area of export controls has seen...
GAO-14-315: Published: Apr 15, 2014. Publicly Released: May 15, 2014.
Weaknesses in the National Aeronautics and Space Administration (NASA) export control policy and implementation of foreign national access procedures at some centers increase the risk of unauthorized access to export-controlled technologies. NASA policies provide Center Directors wide latitude in implementing export controls at their centers. Federal internal control standards call for clearly def...
GAO-14-161: Published: Feb 26, 2014. Publicly Released: Mar 4, 2014.
The United States allocated $671 million for Lebanese security forces from fiscal year 2009 through fiscal year 2013. Of these total allocated funds, $477 million, or 71 percent, had been disbursed or committed by the end of fiscal year 2013. Nearly all of the allocations made in fiscal years 2009 through 2011 had been disbursed or committed. For the largest program, Foreign Military Financing, th...
GAO-13-157: Published: Jan 23, 2013. Publicly Released: Jan 23, 2013.
While the Department of Defense (DOD) took steps to address previously identified weaknesses in updating and maintaining the Militarily Critical Technologies List (MCTL), the list remains outdated and updates have ceased. For example, DOD has solicited users' requirements and feedback on the MCTL, and added a search engine capability to improve navigation of the list and updated each technology se...
GAO-13-119R: Published: Nov 16, 2012. Publicly Released: Dec 17, 2012.
Some compliance activities for the export of controlled items under State and Commerce licenses differ from compliance activities under country-based license exemptions, but enforcement activities are generally the same. Compliance activities provide information for exporters, licensing officials, and enforcement agencies to help assess the validity of export transactions, identify potential viola...
GAO-13-84: Published: Nov 16, 2012. Publicly Released: Nov 16, 2012.
Security cooperation officials report three major types of challenges--training and workforce structure, defining partner country requirements, and obtaining acquisition and delivery status information--in conducting assistance programs. Ongoing Department of Defense (DOD) reforms address challenges that DOD security cooperation officials reported in meeting staff training needs and achieving the...
GAO-12-536: Published: Jul 30, 2012. Publicly Released: Sep 12, 2012.
Since 2005, the number of countries that acquired an unmanned aerial vehicle (UAV) system nearly doubled from about 40 to more than 75. In addition, countries of proliferation concern developed and fielded increasingly more sophisticated systems. Recent trends in new UAV capabilities, including armed and miniature UAVs, increased the number of military applications for this technology. A number of...
GAO-12-613: Published: Apr 23, 2012. Publicly Released: Apr 23, 2012.
U.S. agencies engaged in export controls use various compliance activities to prevent the diversion or misuse of exported items against U.S. interests or allies and reduce illicit transshipment risk. Compliance activities include (1) vetting transactions prior to export, (2) analyzing shipping data and monitoring the end use of items, and (3) educating companies and foreign governments about illic...
GAO-12-246: Published: Mar 27, 2012. Publicly Released: Mar 27, 2012.
Agencies use a risk-based approach, including workload and threat assessment data, to allocate resources, but most do not fully track those used for export control enforcement activities. As their missions are broader than export controls, agencies can use staff resources for other activities based on need, making tracking resources used solely for export control enforcement difficult. Only Commer...
GAO-11-135R: Published: Nov 16, 2010. Publicly Released: Dec 16, 2010.
Each year, billions of dollars in arms and "dual-use" items--items that have both commercial and military applications--are exported to U.S. allies and strategic partners. To further national security, foreign policy, and economic interests, the U.S. government controls the export of these items. Over the past 10 years, we have reported on numerous weaknesses in the export control system, includin...