Ensuring the Effective Protection of Technologies Critical to U.S. National Security Interests
The Department of Defense spends billions of dollars each year to develop and acquire sophisticated technologies that provide an advantage for the warfighter during combat or other missions. Many of these technologies are also sold or transferred to promote U.S. economic, foreign policy, and national security interests. These technologies can also be acquired by foreign entities through investment in the U.S. companies that develop or manufacture them. In addition, they are targets for unauthorized transfer, such as theft, espionage, reverse engineering, and illegal export.
To identify and protect technologies critical to U.S. interests, the U.S. government has a number of programs and activities. These include export controls—those developed to regulate exports and ensure that items and information are transferred to foreign parties consistent with U.S. interests—as well as other activities, including the Foreign Military Sales program, anti-tamper policies, the National Industrial Security Program, and the Committee on Foreign Investment in the United States. These activities are administered by multiple federal agencies, including the Departments of Defense, Commerce, Homeland Security, Justice, State, and the Treasury. We designated this area as high risk in 2007 because these programs, established decades ago, were ill-equipped to address the evolving 21st century challenge of balancing national security concerns and economic interests.
Since our 2017 High-Risk Report, ratings for all five criteria remain unchanged.
Additional leadership commitment is still needed to promote interagency collaboration across the portfolio of critical technology programs. Officials at both the multi-agency Committee on Foreign Investment in the United States and the Department of Defense’s National Industrial Security Program need to take action to clarify resource needs.
Additional efforts are also needed to implement recommendations we made in March 2012, May 2017, and August 2017 to develop and track metrics to monitor program performance for both export controls and other programs. Over the years since this area was added to the High-Risk List, we have made numerous recommendations related to this high-risk issue, 16 of which were made since the last high-risk update in February 2017. As of December 2018, 25 recommendations are open.
Since our 2017 High-Risk Report, ratings for all five criteria remain unchanged.
Leadership commitment: met. An interagency review to fundamentally reform the U.S. export control system—the Export Control Reform Initiative—was established in 2010, and it has demonstrated strong leadership commitment. Many of the actions under this initiative are complete, and leaders at key federal agencies continue to focus on remaining steps.
Capacity: partially met. The initial review of all 21 United States Munitions List categories is nearing completion and the transition to a single information technology system—USXPORTS—is complete. However, the absence of key stakeholders’ participation has slowed progress for other efforts. The 15 federal agencies that are part of the Export Enforcement Coordination Center (E2C2) continue to coordinate and exchange investigation-related information, but according to E2C2 officials, procedures for coordination between the investigative export control enforcement agencies and the intelligence community have not been finalized.
Action plan: met. While the Export Control Reform Initiative is no longer formally active, leaders at key federal agencies told us they continue to implement efforts under the initiative—with reforms to export control lists, enforcement, and information technology.
Monitoring: partially met. We made four recommendations in March 2012 that departments with responsibilities for export control enforcement take steps to more effectively monitor resources spent on export control enforcements activities, and develop and implement metrics for monitoring their effectiveness. Of the four recommendations, one remains open: for Homeland Security to establish procedures to facilitate data sharing between the enforcement agencies and the intelligence community to measure illicit transshipment activity. Homeland Security officials told us that the department has not yet formalized its planned intelligence analytical unit and, as a result, is unable to establish baseline and trend data analysis.
Demonstrated progress: partially met. Important steps have been completed for improving the efficiency and effectiveness of the export control process. For example, the export control licensing agencies have reviewed all of the 21 United States Munitions List categories to determine which items in those categories should remain under Department of State control or move to Department of Commerce control. According to State Department officials, the public comment period ended in July 2018 for categories I-III (firearms, artillery, and ammunition, respectively), and a final decision on transfer of these items is expected in 2019.
In March 2019, we expect to issue a report reviewing export controls of firearms. Progress in export enforcement has stalled, however, because the enforcement and intelligence communities have not yet formally coordinated, and the E2C2 does not yet have a designated Intelligence Community Liaison. This liaison was mandated by Executive Order 13558, which directed the establishment of the E2C2 and identified the participating departments and agencies. Specifically, the E2C2 has not yet implemented all seven of its standard operating procedures, including collaboration with the intelligence agencies. According to Homeland Security officials, currently the E2C2 is performing only de-confliction, a forum for sharing information among multiple export enforcement agencies and identifying and resolving conflicts between them.
Since our 2017 High-Risk Report, ratings for all five criteria remain unchanged. This segment was previously referred to as non-export controls.
Leadership commitment: partially met. Recent Congressional action may facilitate forward movement in this area. The John S. McCain National Defense Authorization Act for Fiscal Year 2019 included a requirement for the Department of Defense (DOD) to develop and annually update a critical technologies list, which has the potential to improve coordination among the critical technology programs. The act also made changes related to the Committee on Foreign Investment in the United States, an interagency group that reviews certain foreign acquisitions, mergers, or takeovers of U.S. businesses to determine their effects on U.S. national security.
Capacity: partially met. In February 2018, we reported on capacity concerns at the Committee on Foreign Investment in the United States, noting that from 2011 to 2016, the number of transactions reviewed by this committee grew by 55 percent, while the staff assigned to the reviews increased by 11 percent. In the John S. McCain National Defense Authorization Act for Fiscal Year 2019, Congress cited our findings and provided for actions such as assessing whether adequate resources are needed for the committee and its member agencies. Likewise, in May 2018, we reported that officials responsible for the National Industrial Security Program—which safeguards federal government classified information that current or prospective contractors may access—faced resource challenges, including an inability to manage staff workloads and complete necessary trainings. We recommended that they identify the resources needed by the program, among other things, and DOD concurred.
Action plan: partially met. In May 2018, we reported on Defense Security Service plans to transition to a new approach for the National Industrial Security Program. We cited challenges that the program is beginning to address. Similarly, we reported in May 2017 that DOD has issued policies and guidance that require planning for anti-tamper protections—which help preserve U.S. technological superiority from exploitation when weapon systems are lost on the battlefield or exported—early in the weapon system acquisition process.
Monitoring: partially met. In May 2017, we reported that DOD lacked metrics for tracking the effectiveness of changes to policies and procedures supporting anti-tamper protections. DOD concurred with our recommendation that it determine how to measure progress and develop corresponding metrics but has not yet done so. Similarly, in August 2017, we found that DOD had addressed most of our past recommendations on the Foreign Military Sales program, but had not collected relevant data necessary to measure program performance.
Demonstrated progress: partially met. We reported in 2015 that the portfolio of critical technology programs is fragmented and poorly coordinated across the government. Individual programs and departments have taken steps to improve coordination individually within their agency or program, but collective coordination across the critical technologies portfolio still needs improvement and overall direction.
The need for action remains in addressing Capacity, Monitoring, and Demonstrated Progress. The E2C2 is performing a critical role in coordinating export control enforcement activities, with participation across a wide breadth of federal agencies. However, according to Homeland Security officials, the E2C2 and the intelligence community’s lack of formal coordination limits E2C2’s effectiveness, stalling its efforts to develop standard operating procedures. Until this coordination occurs, the E2C2 is limited in its ability to realize its full potential to facilitate enhanced coordination and intelligence sharing.
Congressional Actions Needed
Key agencies have taken necessary steps to reconcile various definitions, regulations, and policies for export controls. If the agencies choose to proceed with consolidation activities initially planned under the 2010 Export Control Reform Initiative, Congressional action will be required. For example, because there are currently separate statutory bases for the Departments of State and Commerce to review and issue export licenses, legislation would be required to consolidate the current system into a single licensing agency.
The need for action remains both at the individual program level and the portfolio level. In February 2015, we made recommendations aimed at improving coordination among the programs that are designed to protect technologies critical to national security. While progress has been made, challenges remain in several key areas. In particular, following up on resource recommendations to the Committee on Foreign Investment in the United States and the National Industrial Security Program could lead to significant improvements in capacity. Similarly, following up on data collection and tracking recommendations for the anti-tamper program and the Foreign Military Sales program could better enable these programs to monitor their efforts.
GAO-18-494: Published: Jul 10, 2018. Publicly Released: Jul 10, 2018.
Foreign investment in U.S. companies can benefit the economy, but could pose risks to national security. The Committee on Foreign Investment in the United States (CFIUS) reviews certain foreign acquisitions and mergers and can mitigate risks or block transactions. DOD identified some investments as national security concerns because they may give foreign investors access to emerging technologies...
GAO-18-435: Published: Jun 13, 2018. Publicly Released: Jun 13, 2018.
DOD relies on a network of suppliers (the defense industrial base) to provide the materials and equipment it needs to develop weapon systems. DOD is required to maintain a data repository of industrial base suppliers to help provide insight about potential risks to the base, such as relying on foreign suppliers. However, DOD hasn't been able to create this repository, partly due to problems it ha...
GAO-18-407: Published: May 14, 2018. Publicly Released: May 14, 2018.
DOD's Defense Security Service determines government contractors' eligibility to access classified information and monitors over 12,000 contractor facilities. It is facing new challenges as adversaries try to steal national security information and technology at unprecedented rates. DSS is piloting a new approach that requires collaboration with stakeholders such as other federal agencies and con...
GAO-18-249: Published: Feb 14, 2018. Publicly Released: Mar 16, 2018.
Foreign investments in U.S. companies can benefit the economy, but could pose risks to national security. The Committee on Foreign Investment in the United States (CFIUS) reviews certain foreign acquisitions and mergers and can work with the parties involved to mitigate national security risks or block transactions. The committee reviewed over 50% more transactions in 2016 than in 2011. We recom...
GAO-17-703: Published: Aug 22, 2017. Publicly Released: Aug 22, 2017.
The Department of Defense administers the Foreign Military Sales program, which sells military equipment and services to foreign partners and allies to help them improve their national security—and by extension, U.S. national security. Congress has been concerned about how long foreign partners are waiting for the items and services they need. While DOD has improved its responsiveness, it cont...
GAO-15-288: Published: Feb 10, 2015. Publicly Released: Feb 10, 2015.
The agencies responsible for eight programs designed to protect critical technologies have implemented several initiatives since 2007, but face some implementation challenges. Agencies have made progress addressing previously identified weaknesses in response to changes in law, GAO recommendations, or agencies' own internal identification of them. For instance, the area of export controls has seen...