Anti-Terrorism: Protecting the Military-Industrial Complex

The following is based on documents obtained by the National Association of Chiefs of Police' Private Security Committee:

Today's weak link in anti-terrorism -- especially protection from unauthorized access to classified material by terrorists or other US enemies -- is the private sector's corporations that develop weapons systems and other vital components of US national security. While most corporations employ security managers with impressive backgrounds in law enforcement, counterintelligence and cyber security, it is the programs themselves that succeed or fail in protecting classified information.

The Department of Defense is responsible for ensuring that US contractors safeguard classified information in their possession. DOD delegates this responsibility to its Defense Security Service, which oversees more than 11,000 contractor facilities that are cleared to access classified information.

Some US contractors have foreign connections that may require measures to be put into place to reduce the risk of foreign interests gaining unauthorized access to classified information. In response to a Senate report accompanying the National Defense Authorization Act for Fiscal Year 2004, the General Accounting Office looked into the extent to which DSS has assurance that its approach provides sufficient oversight of contractors under foreign ownership, control, or influence (FOCI).

DSS's oversight of contractors under FOCI depends on contractors self-reporting foreign business transactions such as foreign acquisitions. As part of its oversight responsibilities, DSS verifies the extent of the foreign relationship, works with the contractor to establish protective measures to insulate foreign interests, and monitors contractor compliance with these measures.

The GAO found that DSS cannot ensure that its approach to overseeing contractors under FOCI is sufficient to reduce the risk of foreign interests gaining unauthorized access to US classified information.

First, DSS does not systematically ask for, collect, or analyze information on foreign business transactions in a manner that helps it properly oversee contractors entrusted with US classified information. In addition, DSS does not collect and track the extent to which classified information is left in the hands of a contractor under FOCI before measures are taken to reduce the risk of unauthorized foreign access.

During the review, the GOA found instances in which contractors did not report foreign business transactions to DSS for several months. They also found a contractor under foreign ownership that appeared to operate for at least 6 months with access to US classified information before a protective measure was implemented to mitigate foreign ownership.

Second, DSS does not centrally collect and analyze information to assess its effectiveness and determine what corrective actions are needed to improve oversight of contractors under FOCI. For example, DSS does not know the connections of all contractors operating under protective measures, the degree to which contractors are complying overall with measures, or how its oversight could be strengthened by using information such as counterintelligence data to bolster its measures.

Third, DSS field staff face a number of challenges that significantly limit their ability to sufficiently oversee contractors under FOCI. Field staff claim they lack research tools and training to fully understand the significance of corporate structures, legal ownership, and complex financial relationships when foreign entities are involved. Staff turnover and inconsistencies over how guidance is to be implemented also detract from field staff's ability to effectively carry out FOCI responsibilities.

Sources: American Society for Industrial Security, General Accounting Office, US Department of Defense, National Security Institute, AmeriCop USA, National Association of Chiefs of Police